Security Archives

Smart Home Cameras, Baby Monitors Affected by Software Bug

Andrew Orr · August 17, 2021

A flaw in the ThroughTek “Kalay” network affects millions of IoT devices including smart baby monitors, DVRs, smart cameras, and other products.

this latest vulnerability allows attackers to communicate with devices remotely. As a result, further attacks could include actions that would allow an adversary to remotely control affected devices and could potentially lead to remote code execution.

Due to how the Kalay protocol is integrated by original equipment manufacturers (“OEMs”) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by the discovered vulnerability.

Link

GitHub No Longer Accepts Passwords, Use Security Keys Instead

Andrew Orr · August 16, 2021

GitHub will no longer accept passwords when authenticating Git operations and will require the use of strong authentication factors. Yubico also posted about the announcement here, and its 2FA hardware keys are an acceptable solution for GitHub users.

In December, we announced that beginning August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations and will require the use of strong authentication factors, such as a personal access token, SSH keys (for developers), or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on GitHub.com. With the August 13 sunset date behind us, we no longer accept password authentication for Git operations.

News

Thousands of Wikipedia Pages Vandalized With Swastikas

Andrew Orr · August 16, 2021

On Monday morning thousands of Wikipedia pages were vandalized with swastikas. The vandalism was reversed and admins are fixing the issue.

News

Pearson Settles With SEC, Pays $1 Million Fine Over Data Breach

Andrew Orr · August 16, 2021

The U.S. Securities and Exchange Commission announced a settlement with Pearson, a company that provides software to schools, which will pay US$1 million.

Link

(Update) T-Mobile Customer Data for Sale Affecting Over 100 Million People

Andrew Orr · August 16, 2021

A person in an online forum is offering data for sale that they claim comes from T-Mobile servers. The carrier says it is investigating the accuracy of this alleged breach.

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

Update: T-Mobile has issued a statement confirming the breach.

News

Facebook Adds End-To-End Encryption to Messenger Calls, Instagram DMs

Andrew Orr · August 13, 2021

Facebook has begun rolling out end-to-end encryption for Messenger calls and Instagram DMs, bringing greater security and privacy to users.

News

Researchers Propose New Way to Limit Location Tracking With ‘Pretty Good Phone Privacy’

Andrew Orr · August 12, 2021

Researchers have proposed a way to limit smartphone tracking from carriers. It’s called Pretty Good Phone Privacy.

Link

Top 10 Services That Hackers Target the Most

Andrew Orr · August 11, 2021

Software system provider Intact collected data and analyzed it to see which brands hackers are searching for as their next potential hacking targets.

We analysed search intent by digging out the number of searches for terms including ‘how to hack [xyz]’. Although career cybercriminals are likely to use more nefarious means to research and test their hacking processes, Google search data provides an insight into global intent and changing trends.

News

Apple Reaches Settlement With Corellium, Dropping its Lawsuit

Andrew Orr · August 11, 2021

Apple and security firm Corellium have reached a settlement and Apple has dropped its lawsuit. The terms of the settlement are confidential.

Link

DeFi Platform ‘Poly Network’ Hacked, $600 Million in Crypto Stolen

Andrew Orr · August 11, 2021

Poly Network is a cross-chain decentralized finance platform and operates on the Binance Smart Chain, Ethereum and Polygon blockchains. It suffered a hack recently in which approximately US$600 million in crypto was stolen.

About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. The transaction was rejected. Meanwhile, close to $100 million has been moved out of the Binance Smart Chain address in the past 30 minutes and deposited into liquidity pool Ellipsis Finance.

Link

Firefox 91 Update Lets You Fully Erase Your Browser History

Andrew Orr · August 11, 2021

Mozilla’s latest update to Firefox, version 91, offers enhanced cookie clearing when a user deletes their browser history.

When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website’s “cookie jar”. This “Enhanced Cookie Clearing” makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around.

Link

‘Non-Standalone’ 5G Exposes Phones to Stingray Police Surveillance

Andrew Orr · August 10, 2021

5G that uses “non-standalone architecture” is rife with security issues and doesn’t protect people from Stingray police surveillance.

Borgaonkar and fellow researcher Altaf Shaik, a senior research scientist at TU Berlin, found that major carriers in Norway and Germany are still putting out 5G in non-standalone mode, which means that those connections are still susceptible to stingrays. The two presented at the Black Hat security conference in Las Vegas last week.

Podcast

Security Friday: Leaks, Phishing and Updates – TMO Daily Observations 2021-08-06

Kelly Guimont · August 6, 2021 · Add Comment

Andrew Orr joins host Kelly Guimont for Security Friday news and updates, including This Week in Data Leaks, and an update to a previous tip.

VIew all episodes

News

US Forms Joint Cyber Defense Collaborative to Fight Ransomware

Andrew Orr · August 5, 2021

CISA is forming an initiative called the Joint Cyber Defense Collaborative along with certain private sector companies such as Google and Microsoft.

Podcast

Thursdays with Bob: Keyboard and Security Updates – TMO Daily Observations 2021-08-05

Kelly Guimont · August 5, 2021 · Add Comment

Dr Mac joins Kelly to give an update on the ergonomic keyboard search, and plead the case for security updates.

VIew all episodes

Link

Backup Tool ‘iMazing’ Updated to Detect Pegasus Spyware

Andrew Orr · August 5, 2021

The team behind iMazing has updated their tool to detect NSO Group’s Pegasus spyware. You don’t have to buy an iMazing license to scan for it.

It would therefore be possible to relatively quickly re-implement MVT’s methodology in our toolkit, and integrate a user-friendly ‘wizard’ in iMazing’s user interface. And because iMazing can already perform iOS backups and decrypt backup files, the tool we envisaged had the potential to dramatically reduce the technical barrier of entry whilst enhancing performance and promoting backup encryption.

Link

Malware Dubbed ‘Raccoon Stealer’ Targets Crypto Wallets

Andrew Orr · August 4, 2021

Researchers at Sophos have been tracking a piece of malware called Raccoon Stealer. A recent update means it can target cryptocurrency wallets.

Raccoon can collect passwords, cookies, and the “autofill” text for websites, including credit card data and other personal identifying information that may be stored by the browser. Thanks to a recent “clipper” update, Raccoon Stealer also now targets cryptocurrency wallets, and can retrieve or drop files on infected systems.

News

Raffle House Data Leak Exposes Personal Data of ‘Hundreds of Thousands’

Andrew Orr · August 2, 2021

Discovered on June 7, 2021, Raffle House suffered a data leak that leaked the personal data of hundreds of thousands of users.

News

Microsoft Warns Office 365 Users of New Phishing Campaign

Andrew Orr · August 2, 2021

Microsoft’s Security Intelligence team issued a warning to be on the lookout for an active phishing campaign targeting Office 365 users.

Link

Hackers Leak FIFA 21 Source Code After Extortion Attempt

Andrew Orr · August 2, 2021

After a failed extortion attempt, hackers have leaked a 751GB cache of data stolen from Electronic Arts. The files include the source code for FIFA 21.

While initially, the hackers hoped to earn a big payday from the EA hack, they failed to find any buyers on the underground market, as the stolen data was mostly source code that lacked any value for other cybercrime groups, most of which are interested in user personal or financial data primarily.

After failing to find a buyer, the hackers tried to extort EA, asking the company to pay an undisclosed sum and avoid having the data leaked online.

Podcast

Security Friday: Prototypes, VPNs, and Social Engineering – TMO Daily Observations 2021-07-30

Kelly Guimont · July 31, 2021 · Add Comment

Andrew Orr joins host Kelly Guimont to discuss Security Friday news and dig into social engineering hacks, with tips on how to avoid them.

VIew all episodes

Link

Hackers Increasingly Using Discord to Spread Malware

Andrew Orr · July 28, 2021

Researchers found that hackers are turning to Discord to spread malware, such as password-hijacking and Discord chat bot APIs.

But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users.