Russian law enforcement this week said two individuals were arrested for compromising accounts of loyalty program members from popular websites.

The unnamed cybercriminals allegedly compromised around 700,000 accounts from companies such as PayPal, Ulmart, Biglion, KupiKupon, Groupon, and others. They are also said to have put 2,000 of these accounts up for sale for $5 each.

“The detainees admitted on the spot that they had earned at least 500,000 rubles. However, the real amount of damage remains to be determined,” Group-IB, which aided with the investigation, says.

A recently addressed privacy bug on Nametests.com resulted in the data of over 120 million users who took personality quizzes on Facebook to be publicly exposed.

Patched as part of Facebook’s Data Abuse Bounty Program, the vulnerability resided in Nametests.com serving users’ data to any third-party that requested it, something that shouldn’t normally happen.

Facebook launched its Data Abuse Bounty Program in April, as part of its efforts to improve user privacy following the Cambridge Analytica scandal. The company also updated its terms on privacy and data sharing, but also admitted to tracking people over the Internet, even those who are not Facebook users.

Barcelona-based online survey and form building service Typeform announced a data breach today after an unknown attacker downloaded a backup file containing sensitive customer information.

The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.

The company said the incident happened after the attacker exploited a vulnerability, yet it did not reveal what vulnerability that was. Typeform did say they plugged the security hole.

Server flaw plugged in 30 minutes

While cryptocurrency has seen tremendous growth over the past year, sending cryptocoins still requires users to send the coins to long and hard to remember addresses. Due to this, when sending cryptocoins, many users will simply copy the address into memory from one application and paste it into another application that they are using to send the coins.

Attackers recognize that users are copying and pasting the addresses and have created malware to take advantage of this. This type of malware, called CryptoCurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses, and if one is detected, will swap it out with an address that they control. Unless a user double-checks the address after they paste it, the sent coins will go to an address under the attackers control instead the intended recipient.

This infection was spotted as part of the All-Radio 4.27 Portable malware package that was distributed this week.

A team of researchers from universities worldwide have devised a new set of DMA-based Rowhammer attacks against the latest Android OS, along with a lightweight defense to prevent such attacks on ARM-based devices.

Rowhammer is a vulnerability impacting dynamic random-access memory (DRAM) chips that can be abused to gain kernel privileges on Linux systems. Discovered in 2012 but documented only in 2014, the bug can also be exploited remotely using JavaScript or via graphics processing units (GPUs).

Last year, researchers from Graz University of Technology, the University of Pennsylvania (and University of Maryland), and University of Adelaide revealed a series of attack methods able to bypass existing defenses against Rowhammer.

In a research paper (PDF), they also propose GuardION, lightweight defenses that mitigate Rowhammer exploitation on ARM systems by isolating DMA buffers with DRAM-level guard rows.

https://vvdveen.com/publications/dimva2018.pdf

Hackers Are Threatening Companies To Leak Stolen User Data Online To Hurt Them Through GDPR Regulations – In Return They Are Demanding Ransom Money.

JASK nets $25M from Kleiner to build out autonomous security operations
https://techcrunch.com/2018/06/28/jask-nets-25m-from-kleiner/

Cyberthreats are on the rise everywhere. Companies are facing a barrage of attacks from hackers near and far, and their security operations centers are struggling to keep up.

That’s where JASK comes in. The startup offers an autonomous security operations platform to respond to this new security environment, and it’s a mission that is finding resonance among investors.

an in-depth profile of JASK earlier this year, the startup is attempting to completely rebuild the modern security operations center from the ground up. Rather than building manual playbooks, it wants to create a hybrid human-artificial intelligence system that can learn and adapt to new threats while offering more engaging feedback to security analysts. The hope is that the platform will massively reduce the burden of security so that human analysts can spend more of their time on challenging cases rather than routine ones

JASK and the future of autonomous cybersecurity
https://techcrunch.com/2018/03/24/jask-and-the-future-of-autonomous-cybersecurity/

Automated attacks have overwhelmed corporate security departments. This startup is helping to fight back

Thousands of Apps Leak Sensitive Data via Misconfigured Firebase Backends
https://www.bleepingcomputer.com/news/security/thousands-of-apps-leak-sensitive-data-via-misconfigured-firebase-backends/

Thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over 2,271 misconfigured Firebase databases, according to a report released this week by mobile security firm Appthority.

Firebase is a Backend-as-a-Service offering from Google that contains a vast collection of services that mobile developers can use in the creation of mobile and web-based apps.

The service is insanely popular with top Android devs, providing cloud messaging, push notifications, database, analytics, advertising, and a bunch more of other backends and APIs that they can easily plug into their projects and benefit from Google’s large-scale and high-performance systems within their apps.
Appthority scanned over 2.7 million mobile apps

With cyber-attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data and endpoint protection, as well as intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts believe the next wave of enterprise hacking will be carried out by exploiting Application Programming Interfaces (APIs).

In fact, cyber adversaries are already targeting APIs when planning their attacks. The data breach at Panera Bread is a good example. The bakery-café chain left an unauthenticated API endpoint exposed on its website, allowing anyone to view customer information such as username, email address, phone number, last four digits of the credit card, birthdate, etc. Ultimately, data belonging to more than 37 million customers was leaked over an eight-month period. This raises the question on how to minimize the growing cyber security risk associated with APIs without hampering the benefits they provide in terms of agile development and expanded functionality.

API usage in application development has become the new de facto standard, whereby developers take advantage of integrating functionality from third-party provided services rather than building all the capabilities they need from scratch. This allows for a more agile development process for new products and services.

Common attack methods being used to exploit APIs include:

● API Parameter Tampering – Hackers are often use this technique to either reverse engineer an API or gain further access to sensitive data.

● Session Cookie Tampering – These attacks attempt to exploit cookies in order to bypass security mechanisms or send false data to application servers.

● Man-in-the-Middle Attacks – By eavesdropping on an unencrypted connection between an API client and server, hackers can access sensitive data.

● Content Manipulation – By injecting malicious content (e.g., poisoning JSON Web tokens), exploits can be distributed and executed in the background.

● DDoS Attacks – Poorly written code can be used to consume computer resources by sending invalid input parameters, subsequently causing a disruption to the API-supported Web application.

Panerabread.com Leaks Millions of Customer Records
https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/