AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/30/2019

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites. The threat is not theoretical.

 

Researchers Disclose Another SIM Card Attack Possibly Impacting Millions

Ginno has also identified a second SIM card attack method, one that involves the Wireless Internet Browser (WIB), which SmartTrust created for SIM toolkit based browsing. This attack has been dubbed WIBattack. Similar to the S@T Browser, WIB can be controlled remotely with Over the Air (OTA) SMS messages, which are typically used by mobile operators to provision or change core network settings on a device. Similar to the S@T Browser attack, a malicious actor could abuse WIB to conduct various activities on a mobile device using specially crafted SMS messages.

 

Study Proves The FCC’s Core Justification For Killing Net Neutrality Was False

“Under the heavy-handed regulations adopted by the prior Commission in 2015, network investment declined for two straight years, the first time that had happened outside of a recession in the broadband era,” Pai told Congress last year at an oversight hearing. But a new study from George Washington University indicates that Pai’s claims were patently false. The study took a closer look at the earnings reports and SEC filings of 8,577 unique telecom companies from Q1 2009 through Q3 2018 to conclude that the passage and repeal of the rules had no meaningful impact on broadband investment.

 

Hacker conference report details persistent vulnerabilities to US voting systems

U.S. voting systems remain vulnerable to cyberattacks three years after documented efforts to penetrate election machines, according to a report released Thursday. The report is based on the findings of the white-hat hacker DEF CON Voting Village, an annual gathering of hackers that uses election machines to find vulnerabilities that could allow someone to interfere with the voting process.

 

New York Attorney General Files Security Breach Lawsuit Against Dunkin’ Donuts

The New York attorney general says Dunkin’ Donuts violated state law by not notifying almost 20,000 customers, including more than 2,000 in New York, about cyberattacks on their accounts in 2015 and inadequately warning more than 300,000 customers in 2018 about another attack. Attorney General Letitia James announced a lawsuit Thursday against Dunkin’ Brands, Inc. The suit says the company knew in 2015 that a series of attacks had been made on customers’ online accounts. But it says the company didn’t inform the customers or fully investigate.

 

Hearing aid manufacturer hit by cyber attack slashes profits by $95 million

Demant, the manufacturer of Oticon hearing aids, has said that it expects losses of up to 650 million kroner (approximately $95 million) following a cyber attack earlier this month. The company’s servers suffered what it described as a “critical incident” on September 3, disrupting the production and distribution of its products. Details remain sketchy, but the fact that the company shut down IT systems across multiple sites and business units around the world – and that they claim this helped contained the problem – suggest that the firm’s systems were infected by malware, potentially ransomware.

 

GAO report warns of cybersecurity risks to US electric grid

The report outlined those risks and urged action to fix them. These risks include criminals, terrorists and nations who are increasingly able to assault the grid, growing inherent vulnerabilities in the network itself as it moves to Internet of Things devices and reliance on the global positioning system, and the fact that, as proven by disruptions to foreign electric grid operations through cyberattacks, cyberattacks could lead to widespread power outages in the United States and current assessments cannot accurately predict current and projected risks.

 

Health Industry Cybersecurity Matrix Launched

America’s Healthcare and Public Health Sector Coordinating Council (HSCC) has launched an information-sharing resource aimed at improving the cybersecurity of the healthcare sector. The new Health Industry Cybersecurity Matrix of Information Sharing Organizations (HIC-MISO) helps users stay on top of the latest security threats by providing them with a convenient list of cybersecurity information-sharing organizations across the United States.  Featured in the new matrix are details of more than 25 cybersecurity information-sharing organizations and their services, including nine resources geared specifically toward the healthcare industry and the security of medical devices. 

 

Masad Spyware Uses Telegram Bots for Command-and-Control

A freshly discovered commercial spyware dubbed the “Masad Clipper and Stealer” is using Telegram bots as its command-and-control (C2) hub. Masad harvests information from Windows and Android users and also comes with a full cadre of other malicious capabilities, including the ability to steal cryptocurrency from victims’ wallets. According to an analysis from Juniper Threat Labs on Friday, one of the most interesting things about Masad (which the researchers think is descended from the known “Qulab Stealer” malware) is that it sends the data it collects from victims to a Telegram bot that acts as its C2 server — that’s a twist in the world of C2 mechanisms, according to researchers.

 

Tech M&As led by foreign companies increase in Brazil

The number of mergers and acquisitions (M&As) involving international technology companies in Brazil has increased in the first half of 2019, according to consulting firm KPMG. According to the new stats on activity in the first six months of the year, 61 M&A transactions took place in the tech sector in the Latin country. Of that total, 39 transactions were led by domestic firms, while 18 transactions were conducted by foreign companies acquiring shares in Brazilian businesses, according to the consultancy. Additionally, in the first half of 2019, there were 4 transactions conducted by Brazilian companies acquiring foreign businesses.

 

Hacker Steals Over 218 Million Zynga ‘Words with Friends’ Gamers Data

A Pakistani hacker who previously made headlines earlier this year for selling almost a billion user records stolen from nearly 45 popular online services has now claimed to have hacked the popular mobile social game company Zynga Inc. With a current market capitalization of over $5 billion, Zynga is one of the world’s most successful social game developers with a collection of hit online games—including FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World—with over a billion players worldwide.

Related Posts