wannacry ransomware

ClickSSL Monthly InfoSec Snipper May 29, 2017

This entry is part 152 of 154 in the series Weekly Infosec Snipper

Yahoo’s ImageMagick Library Found Leaking Users’ Email Content

Yahoo’s ImageMagick library is found leaking users’ email content. Since then, Yahoo has stopped ImageMagick library. The researcher has showed two ways out of first is Yahoobleed1 in which either exploits the vulnerability in ImageMagick library by sending email with malicious image file to Yahoo email address. Once the file gets open, the server memory leaks to the user. The second trick is Yahoobleed 2 that could work based on exploiting vulnerability.

WannaCry Ransomware Spreads Havoc Across The Globe

WannaCry ransomware has made everyone worried in May 2017, this ransomware searches and encrypts around 176 types of files and its supplements. After getting control over files, it asks for $300 in bitcoins. The amount will be doubled within just 3 days and if the amount is not paid in 7 days then the files will be deleted. Symantec has not found any malicious code that can delete files. However, decryption of files is not possible but if you have backup of those files then you can restore them. Symantec is working hard on this ransomware and investigation to find possibility to recover encrypted files.

Symantec SSL Certificate

Symantec Blocked 1,038K Attacks Per Day, Says Its Intelligence Report

Symantec is ready with its latest intelligence report that shows rising web attacks per day. Symantec has blocked around 1,038K attacks in April month and it is a highest level since January 2016. Even exploit toolkit activity was also increased by 29.5% that is up from 13.6% than previous month. The number of new malware also increased to 81 million in April, which recorded at 77.5 million in March 2017.

Hackers Gained Access Of Users Data In DaFont Website Hack

DaFont website was hacked and it is believed that around 700K users’ data is at stack as the data included email addresses, passwords in plain text. It is advisable to change password if anyone is using account on this website. The hacked data also contained conversations of users on the forum, and data collected from corporate accounts like Google, Microsoft, and Apple. The database was found on Troy Hunt’s Have I Been Pwned site.

Zomato Suffered Data Breach

Restaurant guide Zomato has been suffered from a data breach, which exposed records of 17 million users and out of that, 6.6 million records are on sale on dark market. However, the company has portfolio of 120 million users and there were only around 14% database exposed. The records contained email addresses and hashed passwords. Users are safe who use Google and Facebook to log into Zomato platform and 60% of users who use this feature.

Edmodo Lost Control Of 77M Records in Data Breach

Edmodo suffered from data breach and the details of students are for sale on dark web. Edmodo being an education platform used by teachers and parents and there are around 78 million members on this platform. The data for sale included 77 million records that mean everyone almost affected with this data breach. The breach included email addresses, usernames, hashed passwords. The passwords are hashed with bcrypt algorithm and string of random characters.

Bell Canada Witnessed Data Breach

Bell Canada witnessed a massive data breach; hackers penetrated system and were able to steal 1.9 million email addresses and 1700 customers’ names and phone numbers. However, the company did not disclose details about how hackers infiltrated the system and where they stored the information. There was no financial data was accessed and passwords and other sensitive data was safe. The company admits that they will never ask for credit card and personal information via email.

Researcher Found Way To Get Login Details Via Chrome And SCF Files

Security researcher from Serbian found a way to steal login details via Chrome and SCF files. Researcher took two methods – one from Stuxnet operation and other was from Blackhat security conference held in 2015 year. He combined these two techniques and focused on SCF files that support Windows Explorer commands. It is like LNK files that recover an icon file. This type of attack are limited to local area network and in this attack, the researcher created an SCF file, loads its image from URL and once computer loads icon from server, the server asks and receives login credentials for authentication.

Historical Data Leak of 560 Million Passwords Revealed by Mackeeper

Mackeeper disclosed a big data leak for all time as the database contains 560 million passwords. The breach dubbed as “mother of all leaks” and after checking with “Have I Been Pwned” there was 243 million unique emails in the database. However, the data leak was not new but it was collected from various sources like LinkedIn, Dropbox, MySpace, Neopets, RiverCityMedia, and Tumblr. It is advisable to change password that should be easy to remember but hard to hack.

Facebook Has Been Fined With French Authority

French authority has fined 150K Euro for the violation of privacy as Facebook was found in collecting user data that is later used for advertising purpose. Facebook collected data from browsing activities of internet users from third party websites without users’ knowledge. However, Facebook disagreed with the CNIL and told that they are open to work on these issues with CNIL (authority collect fine). CNIL has also given deadline to stop tracking non-users’ web activity.

WordPress Joined Hands With HackerOne For Bug Bounty Program

WordPress has started Bug Bounty program by joining HackerOne platform – where security researchers took part and submit reported vulnerabilities. Now, WordPress will have more time to find security holes in its system. With joining hands with HackerOne, WordPress also brought bug bounties that will reward researchers for revealing issues. This bug bounties and program will cover projects like WordPress, BuddyPress, bbPress, GlotPress and WP-CLI. SQL injections, Remote Code Executions, and Cross Site Scripting will also be covered in this program.

DocuSign Faced Data Breach

DocuSign – a company holding eSignature business faced data breach that revealed customers’ email addresses and these emails were also used in phishing campaign. Last week, the company seen increase in activity of phishing emails sent to customers. The emails tricked users into opening email attachment and it downloads malicious software. Only email address were accessed so the rest details like physical addresses, passwords, social security numbers and credit card data remained safe.

WhatsApp Added Encryption To iCloud For iPhone Users

WhatsApp has added layer of security to iCloud that will increase users’ security against hackers. Until now, iPhone users had backup in plain text on their iCloud platform. However, iCloud platform has encryption but with Apple’s decryption key, one can decrypt it. From now, when users will back up their chat via WhatsApp to iCloud, the files will remain encrypted. It is not clear that the encryption is enabled for Android or not.

Google Has Tighten Its OAuth System

After phishing attack on Gmail, Google has decided to tight its OAuth system that allows linking to third party apps with Google accounts. People last week received fake Google docs coming from known sender. Upon clicking on link, it took users to Google Docs, which was actually a fake tool asking for account permission. Google considered this problem within an hour but many users had clicked the link. The app used Google’s own OAuth implementation and request to access Gmail accounts.

Debenhams Suffered Data Breach

Debenhams had data breach that exposed personal data of 26,000 people. Actually, third party Ecomnova handled the site so customers of other services were not affected. Ecomnova also handled Debenhams’s websites designed for wines, hampers and personalized gifts, which all suspended. The data included payment details, name and addresses and company has informed to customers about this breach. The company will issue new payment cards to affected cards.

DDoS Costs Organizations Average $2.5M

DDoS attacks are becoming annoying for organizations and individuals; it costs $2.5M on average to organizations. Neustar disclosed a report in which it said that half of attacks were reported more than 10GB per second while 15% of attacks reached at 50Gbps that is almost double figure than last year. Out of 1,010 organizations, 849 organizations were faced DDoS attack. Due to availability on dark web, DDoS attacks are prevalent and targeting almost companies.

Hipchat Was Hacked And Hackers Accessed Account Records

Hipchat – a chat service is hacked, hackers gained private conversation and customer account information. Hackers successfully accessed company’s server and cloud-hosted chat service and got account records. The records included names, email addresses, hashed passwords, chat logs and message exchanges. Hipchat sent instructions to customers about resetting of new passwords. If any customer did not receive email that means he/she is not affected. Hackers exploited vulnerability in third party library used by the company.

Android Users Are Getting 8400 New Malware Every Day, Says G-Data

G-Data revealed that Android users faced 8400 new malware every day. Cybercriminals found 750K new Android malware in first quarter of 2017. New Android malware sample ratio reached to 3.5 million compared to 3.25 million samples recorded last year. The threat level for Android users remained high this year. The problem with Android is not all devices get update instantly as well third party app does not adjust new OS for old version (more than one year).

Series Navigation<< ClickSSL Monthly InfoSec Snipper April 24, 2017ClickSSL Monthly InfoSec Snipper June 26, 2017 >>