Tutanota is an end-to-end encrypted email service and its desktop clients exit beta after two-and-a-half years.
Security
Security Friday: Data Leaks and Drilling – TMO Daily Observations 2021-06-18
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates, including a way to obliterate that iPhone data once and for all.
New Malware Infects Software Pirates and Blocks The Pirate Bay
Andrew Brandt reports on a new malware campaign that isn’t like your typical malware. This one blocks people from accessing many popular pirating websites.
We weren’t able to discern a provenance for this malware, but its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload.
Looks like this is aimed more towards Windows users. The malware takes the form of .EXE executables, and may display a message saying the victim is missing an important .DLL file.
The Story of BonziBuddy and its Company’s Demise
In the third episode of Kernel Panic, Mashable tells the story of one of the first virtual assistants known as BonziBuddy.
Behind the facade of that friendly gorilla, Bonzi Software, the company responsible for BonziBuddy, was collecting private information and contacts from the unsuspecting internet users who downloaded it — and bombarding them with ads and pop-ups that Bonzi would profit from.
Harry Potter and the Curse of Bonzi. If you ever downloaded this purple ape and noticed strange things start to happen, let us know in the comments. Maybe your browser was full of ads, or maybe he whispered into your ear at night, encouraging you to commit securities fraud.
Data Leak Exposes Customer Records With CVS Health
CVS Health recently leaked approximately one billion user records that include email addresses, user IDs, and metadata. The information was discovered in a non-password protected database.
CVS Health acted fast and professionally to secure the data and a member of their Information Security Team contacted me the following day and confirmed my findings and that the data was indeed theirs. I was informed that this was a contractor or vendor who managed this dataset on behalf of CVS Health, but it was confidential as to who the vendor was.
Why You Should Drill a Hole Into Your iPhone or iPad
Over the weekend, Nikita Mazurov for The Intercept reminds us that a good way to wipe our iDevices is to drill a hole through it.
If you can’t access your device, the most careful approach to wiping it is to destroy the flash memory chip that houses your data. This way you don’t have to lose sleep if you didn’t use a strong passcode, or worry about a forensics vendor being able to recover any of your personal information.
Beware of Malicious PDFs When Using Web Search
The team behind the SolarMarker malware have been loading it into PDFs and using web search to trick people into downloading them.
Gaming Company ‘EA’ Suffers Data Breach of Game Code
Electronic Arts is the latest company to have information stolen in a data breach. It includes the source code for FIFA 21, the Frostbite engine, and proprietary frameworks and SDKs.
We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy.
Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.
Hackers Stole McDonald’s Customer Information in Data Breach
On Friday, McDonald’s revealed it was the victim of a recent data breach, in which some customer information was stolen.
JBS USA Pays $11 Million in Ransom After Cyberattack
On Thursday, meat supplier JBS said it paid US$11 million after ransomware attack stopped its operations.
In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.
I wonder if the FBI will recover this ransom as well, like the Colonial Pipeline money.
iCloud Keychain Gets Time Based One Time Passwords
In one of Apple’s videos dedicated to developers, the company revealed a new feature that wasn’t mentioned in the WWDC 2021 keynote.
Fujifilm Fights Ransomware Attack and Works to Restore Servers
Fujifilm was hit by a ransomware attack last week but refuses to pay the ransom. Instead, it’s working to restore its servers with backups.
On 4 June it confirmed a ransomware attack was affecting a “specific network” in Japan and that it shut down “all networks and server systems” while it investigated the “extent and scale” of the attack.
Fujifilm said it would not comment on the amount demanded by the ransomware gang. The company has started bringing its network, servers, and computers in Japan “back into operation” and is aiming to be fully up and running “this week”. It has also restarted some product deliveries, which were particularly hard hit by the cyberattack.
WWDC: Developer State of the Union Recap – TMO Daily Observations 2021-06-08
Dave Hamilton and Andrew Orr join host Kelly Guimont to discuss the WWDC Developer State of the Union, including some possible improvements.
'RockYou2021' is the Biggest Password Leak Ever (So Far)
Someone posted a 100GB text file to a hacking forum recently. It contains 8.4 billion entries of passwords from data leaks and breaches.
Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over. For that reason, users are recommended to immediately check if their passwords were included in the leak.
“Two times over” sounds like it’s a combination of old and new passwords alike. It’s also good to point out that no usernames or email addresses were included, so an attacker wouldn’t be able to do much with this password list.
$2.3 Million Bitcoin Seized from Colonial Pipeline Hackers
The U.S. Department of Justice seized about US$2.3 million in bitcoin ransom paid to the hackers behind the attack on Colonial Pipeline.
An affidavit filed on Monday said the FBI was in possession of a private key to unlock a bitcoin wallet that had received most of the funds. It was unclear how the FBI gained access to the key.
“unclear how the FBI gained access.” From other sources it sounds like the FBI used a subpoena and gained control over the rented cloud server the hackers were using. Private key sitting on the server, it seems.
WWDC 2021: Here are the Companies That Said "Oh S&@#!"
During Apple’s WWDC 2021 event on Monday, Andrew couldn’t help but notice the new ways in which the company is competing with rival services.
Justice Department Creates Cybersecurity Task Force
The U.S. Department of Justice has created a task force to coordinate and track federal cases that involve ransomware and other attacks.
How to Get Around macOS Security Using App Installers
Tenable Research found security issues related to macOS app installers, and they can be used to bypass default Mac security protections. So far, Apple hasn’t fixed it (emphasis mine).
Frustrated by the prevalence of these issues, we decided to write them up and make separate reports to both Apple and Microsoft. We wrote to Apple to recommend implementing a fix similar to what they did for CVE-2020–9817 and explained the additional LPE mechanism discovered.
We wrote to Microsoft to recommend a fix for the flaw in their installer. Both companies have rejected these submissions and suggestions.
Elcomsoft Cracks Latest Version of Encryption Tool ‘Veracrypt’
Elcomsoft, a company that sells forensics software, announced on Thursday that it has successfully cracked the latest version of Veracrypt.
You Have One Week to Opt Out of Amazon’s ‘Sidewalk’ Network Service
Amazon Sidewalk is the company’s network mesh service that shares your internet bandwidth with Amazon devices. You must opt out by June 8 if you don’t want this because the setting is turned on by default.
The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection.
By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system.
Postal Workers Targeted With Phishing Campaign
Postal workers returning to the office after COVID-19 restrictions may find themselves targeted by a new phishing campaign.
The email-based campaign, observed by Cofense, is targeting employees with emails purporting to come from their CIO welcoming them back into offices.
The email looks legitimate enough, sporting the company’s official logo in the header, as well as being signed spoofing the CIO. The bulk of the message outlines the new precautions and changes to business operations the company is taking relative to the pandemic.
Meat Supplier JBS Hit With Cyber Attack, Data Not Affected
JBS SA shut down its computer networks for its operations in Australia and North America due to a cyberattack.
Backup servers were not affected, and the company is actively working to restore systems as soon as possible, according to a statement from JBS USA Monday. The processor said it’s not aware of any customer, supplier or employee data being compromised or misused.
macOS Big Sur 11.4 Patched a Ton of Security Flaws
Apple released new version of its operating systems and shared the security content for macOS Big Sur 11.4.
‘Have I Been Pwned’ Open Sourced, Partners With FBI
The popular service Have I Been Pwned has made its code open source, and it’s also partnering with the FBI. The agency will send compromised passwords discovered during investigations.
Why is the FBI getting involved? Because Bryan A. Vorndran, the FBI’s Assistant Director, Cyber Division, said, “We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime.”
