SyTech
Hackers breached SyTech, a contractor for the FSB, Russia’s national intelligence service. They stole information about internal projects the company was working on for the FSB, including one attempting to deanonymize Tor traffic. To read more: https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/
A bug bounty hunter discovered a critical security vulnerability that could enable a remote attacker to reset the password for any Instagram account. To read more and watch the proof-of-concept attack: https://thehackernews.com/2019/07/hack-instagram-accounts.html
AI-based antivirus
Researchers were able to fool Cylance’s AI-based antivirus tool into believing that WannaCry and other malware was benign. To read more: https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware
Intel
Two new flaws were found in Intel solid-state drives (SSDs). One of the flaws, a high-severity vulnerability, is in the processor diagnostic tool. The second flaw, a medium-severity vulnerability, was found in older SSD firmware versions. To read more: https://www.tomshardware.com/news/intel-security-vulnerabilities-processor-diagnostic-tool-ssd,39845.html
WhatsApp and Telegram
Symantec found an exploit that could expose WhatsApp and Telegram media files to malicious actors. The flaw, called Media File Jacking, occurs in the lapse between the time when media files that are received through the apps are written to a disk and the time when they are loaded to the chat interface. To read more: https://venturebeat.com/2019/07/15/symantec-reveals-whatsapp-and-telegram-exploit-that-gives-hackers-access-to-your-personal-media/
Zhumu and RingCentral
A security vulnerability that was recently reported in Zoom for MacOS also impacts two other video-conferencing apps. Like Zoom, both Zhumu, a Chinese version of Zoom, and RingCentral, which is used by more than 350,000 businesses, install a hidden local web server that can automatically add users to a video call without permission. To read more: https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html
Bulgaria’s National Revenue Agency
The personal and financial details of a majority of the people of Bulgaria were stolen when hackers broke into 110 databases belonging to the country’s National Revenue Agency. The leak affects 5m people. To read more: https://www.computing.co.uk/ctg/news/3079036/bulgarians-personal-and-financial-data-leaked-by-hackers-in-attack-on-tax-agency
TrickBot
The creators of TrickBot malware added a new module that helped them access a database of 250m email addresses. The hackers harvested millions of addresses linked to US government agencies and employees, affecting the Departments of Justice and Homeland Security, the State Department, and many others. To read more: https://www.scmagazine.com/home/security-news/trickbot-adds-new-spam-module-harvests-250m-email-addresses/
DoppelPaymer
Researchers discovered a new ransomware strain, which they named DoppelPaymer as it shares most of its code with BitPaymer, another version of the malware. The decryption keys are priced between 2 and 100 Bitcoin, and so far three victims of the ransomware have been confirmed. To read more: https://www.bleepingcomputer.com/news/security/new-doppelpaymer-ransomware-emerges-from-bitpaymers-code/
Sprint
Sprint announced that hackers broke into customer accounts via its website. Personal information was affected, including customer names, phone numbers, device types and subscriber IDs. To read more: https://www.zdnet.com/article/sprint-says-hackers-breached-customer-accounts-via-samsung-website/
GandCrab ransomware
The FBI released the master decryption keys for multiple versions of Gandcrab ransomware. The developers behind the ransomware declared that they were shutting down after amassing $2bn in ransom payments. To read more: https://www.bleepingcomputer.com/news/security/fbi-releases-master-decryption-keys-for-gandcrab-ransomware/
REvil ransomware
The hackers behind the GandCrab ransomware recently announced that they were shutting down operations. Evidence suggests, however, that instead of retiring they may now be offering a more advanced ransomware program known as REvil. To read more: https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/
LenovoEMC
Researchers identified a high-severity vulnerability in LenovoEMC storage hardware and legacy storage appliances, after discovering 36TB of leaked data. The data included financial information and payment-card numbers. To read more: https://threatpost.com/lenovoemc-storage-leak-financial-data/146494/
EvilGnome
Security researchers found a piece of Linux spyware that no major antivirus product currently detects. The malware takes desktop screenshots, steals files and captures audio recordings. To read more: https://thehackernews.com/2019/07/linux-gnome-spyware.html
Aavgo
Hotel bookings and guest information were exposed when Aavgo, a company offering hotel management software, left a server unsecured online for three weeks. Several large hotel chains use Aavgo’s technology. To read more: https://techcrunch.com/2019/07/16/aavgo-exposed-hotel-bookings/
Android accelerometer
A new attack manipulates Android’s built-in accelerometer to capture loudspeaker data. The attack is triggered when a victim takes a call on speaker mode, which causes the malicious app to record speech reverberations that the attackers can later use to reconstruct spoken language. To read more: https://thehackernews.com/2019/07/android-side-channel-attacks.html
Slack
In March 2015, hackers who gained access to Slack’s infrastructure planted code on the company’s site that captured passwords entered by users. Slack, which provides cloud-based collaboration services, recently received a batch of compromised user credentials from its bug-bounty program, and found that the credentials came primarily from accounts affected by the 2015 incident. To read more: https://www.zdnet.com/article/slack-resets-passwords-for-1-of-its-users-because-of-2015-hack/
FaceApp
The FaceApp application, which enables users to edit a person’s face to make them appear older or younger, has gone viral. Its security, however, may be shaky. To read more: https://techcrunch.com/2019/07/16/ai-photo-editor-faceapp-goes-viral-again-on-ios-raises-questions-about-photo-library-access-and-clo/
Bluetooth exploit
A new Bluetooth vulnerability can be used to spy on users despite protections that are in place on Windows 10, iOS and MacOS machines. Many Bluetooth devices will use MAC addresses to prevent long-term tracking, but it is possible to get around the randomization of these addresses to monitor a specific device. https://www.zdnet.com/article/bluetooth-vulnerability-can-be-exploited-to-track-and-id-iphone-smartwatch-microsoft-tablet-users/
Kazakhstan
The Kazakhstan government is requesting that all local internet-service providers demand that customers install government-issued root certificates on their devices. The certificates would enable the government to monitor and intercept HTTPS traffic, helping them censor content and spy on residents. To read more: https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html
iNSYNQ
The cloud hosting firm iNSYNQ is working to recover from a ransomware attack that shut down its operations, leaving customers unable to access data for days. The company, based in Washington state, provides QuickBooks accounting software and services. To read more: https://krebsonsecurity.com/2019/07/quickbooks-cloud-hosting-firm-insynq-hit-in-ransomware-attack/
LaPorte County
Officials in LaPorte County, Indiana, paid a $132,000 ransom to hackers who took over county computers. The payment was made after FBI experts were unable to unlock the county’s data. To read more: http://www.therepublic.com/2019/07/19/in-cyber-extortion-indiana-county/
Metropolitan Police Service
London’s Metropolitan Police Service was hit by hackers who posted strange messages on its website. The messages were sent from the force’s verified Twitter account due to a breach at a third-party system, MyNewsDesk. To read more: https://www.thenational.ae/world/british-police-social-media-accounts-hit-by-cyber-attack-1.888321
Sign up below and receive these reports and more, directly in your inbox.