Category: News

First Aid Beauty, P&G’s online beauty store, Hacked

It seemed that hackers were successful in stealing customer payment information by planting an e-skimmer on prestige skin-care brand First Aid Beauty’s website. This popular beauty line was recently acquired by Procter & Gamble (P&G) reportedly at $250 million.

It is again the notorious Magecart software skimmer who is responsible for this attack on P&G’s e-commerce site. It specifically targets victims from the United States using the Windows OS. The malicious code went undetected for several months.

Procter & Gamble has already issued their statement via BleepingComputer which says: “Consumer trust is fundamental to us, and we take data privacy very seriously. As soon as we learned about the compromise of the First Aid Beauty site, we moved quickly to take the site down and minimize the impact to our consumers. We are currently investigating the source of the malware and working to identify and notify those consumers who might have been impacted to ensure we provide them the necessary support.

TransUnion Credential Stuffing Attack: Credit Information Exposed

Credential Stuffing, a cyberattack where login details are stolen through a data breach, was on topic in the news recently. An unauthorized person used this attack to successfully gain access to a TransUnion Canada web portal where it was able to pull consumer credit files when doing a credit search. This includes a consumer’s Social Insurance Number (SIN), birthdate, current and past addresses.

The credit bureau has already reached out to their affected consumers whose information was exposed in this credential stuffing attack through postal mail.

“Simjacker” Could Silently Affect 1 Billion Mobile Devices Worldwide

Cybersecurity researchers from Dublin-based firm AdaptiveMobile Security have recently uncovered a new and previously undetected vulnerability and associated exploits, called Simjacker. What Simjacker does is track phones by simply sending an SMS. Based on the report, these specially crafted texts “instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands”. Once compromised, important information like geographical locations can be obtained and it may also force the phone to make calls or send text messages. 

How Simjacker works from https://simjacker.com

Simjacker is reportedly being exploited by groups as surveillance to spy and track targeted individuals. It is estimated that about a billion mobile devices worldwide will be vulnerable to this attack.

Actress Bella Thorne Defies Hacker, Tweets Her Personal Photos

The 21-year-old actress and singer is not giving in to a hacker’s threat that it will release her nude photos. Bella Thorne posted them herself, via her official Twitter account, together with the screenshots of text messages the hacker sent to her. In the said post, Thorne tweeted, “For the last 24 hours, I have been threatened with my own nudes I feel gross, I feel watched, I feel someone has taken something from me that I only wanted one special person to see”. The hacker was apparently demanding money in exchange not to post Thorne’s personal photos.

“I’m putting this out because it’s MY DECISION NOW YOU DON’T GET TO TAKE YET ANOTHER THING AWAY FROM ME. I can sleep better knowing I took my power back. U can’t control my life u never will.”

“Here’s the photos he’s been threatening me with”, the tweet continued.

Thorne’s fans fully expressed their support against this extortion. The former Disney star was in New York over the weekend promoting her book The Life Of A Wannabe Mogul: Mental Disarray when the harassment happened.

No Pre-Installed Facebook App on New Huawei Phones

New Huawei phones will no longer be pre-installed with the Facebook app along with its subsidiaries Instagram and WhatsApp. This applies to devices that hasn’t left the factory yet. Facebook’s decision is the latest blow to the Chinese telecom giant after facing a ban in the United States, due to national security concerns, for its purchase of American parts such as microchips and software. For software, Google has revoked licenses for Huawei to install its software. This includes Gmail and Google’s application marketplace, the Google Play app store. It will only run until August.

The Facebook, WhatsApp and Instagram restriction is only for pre-installs. Huawei users can still download the social media apps, and will continue to receive updates, from the Play store and use them normally while it’s still available for download. With the current ban, future models can no longer access the Google Playstore.

Title-Insurance Company May Have Exposed Hundreds of Millions Financial Records

Fortune 500 real estate title-insurance giant and Santa Ana, California-based First American Financial Corporation’s website may have leaked 885 million records online. These digitized records are documents related to mortgage deals of home/property buyers and sellers dating way back from 2013. They can be accessed on the web by anyone without any authentication in place. Such personal personal information include emails and home addresses, bank account details, mortgage and tax records, Social Security numbers, and drivers license image.

When they learned of the flaw that exposed hundreds of millions of financial records, the company shut down external access to the application and has already fixed the said vulnerability in its website as of Friday afternoon.

“We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed”, First American said through an emailed statement.

Ransomware Hits Local Authorities in Texas & Maryland

Two local US government servers were recently hit by ransomware attacks. They were from Potter County, Texas and Baltimore City Hall, Maryland. Baltimore City Hall shut down most of its servers out of precaution while in Potter County, the entire network was shut down which forced its employees to perform their tasks manually.

Baltimore City Hall initial statement says “critical services, such as police, firefighters, etc., operate normally; however, the computer network of the city is infected by a variant of ransomware. We do not have evidence that a data breach has been presented, but we will continue to take precautions; more information will be revealed shortly”.

It was later disclosed that Baltimore City’s computers were encrypted by the RobbinHood ransomware.

In Potter County, their computers are already about to complete its recovery process. However, following the attack, with the entire network on off limits, all 550 employees were forced to use paper and pencils temporarily.

“This is what we’re using now. Paper and pencil, we’re going old fashion around here. Seriously, that’s what we’re having to do,” said Potter County Sheriff Brian Thomas at the time.

It is unknown whether both of these attacks are linked to recent attacks on the computer infrastructure of some local governments in the U.S.

Facebook: Clickjacking Bug Not Considered a Security Issue

A Polish security researcher, who goes by the Twitter name ‘Lasq’, has recently discovered an exploitable bug in Facebook’s mobile app and submitted through Facebook’s Bug Bounty platform the details of a spam campaign on the social media site. 

Lasq noticed the bug when some of his Facebook friends began publishing a malicious link to a website with funny pictures. But before seeing the site’s content, users had to declare first that they are at least 16 years old. After confirming their age, these users were redirected to a website with funny photos, a French-comic themed spam campaign, plus loads of ads.

By allowing consent, mislead users are also letting the link to be posted on their respective walls which then obviously exposes the link to more users, who will likely repeat the same process.

This is known as a clickjacking scam. It attempts to trick users into clicking on malicious links (something different from what the user perceives) hidden within legitimate-looking videos, images, and articles. This particular one works by loading a webpage into an invisible iFrame on a decoy site, and only works on mobile.

The method used by the spammer targets Facebook users in France using Android mobile. It doesn’t appear to work on the web version. The bug gives access to the Share button allowing the perpetrator to publish a link in the victim’s Timeline section without consent.

The issue still exists until today. Facebook, however, dismissed the report and didn’t address the problem since it doesn’t have any “serious security consequences” and that it does not change the state of the account of the affected user. It rejected Lasq’s report 12 hours after its submission.

2018 Voter Records from 19 States for Sale on Hacking Forum

An estimated 35 million voters information from 19 states went up for sale on a dark web hacking forum. This was uncovered last Monday, October 15, by researchers from Anomali Labs and leading cybercrime intelligence provider, Intel 471. The discovery came just four weeks before the scheduled November 2018 US midterm elections. The data being sold contain full names, physical addresses, phone numbers, and voting history.

 

The hacked voter records came from the following states:

  • Georgia
  • Idaho
  • Iowa
  • Kansas
  • Kentucky
  • Louisiana
  • Minnesota
  • Mississippi
  • Montana
  • New Mexico
  • Oregon
  • South Carolina
  • South Dakota
  • Tennessee
  • Texas
  • Utah
  • West Virginia
  • Wisconsin
  • Wyoming

 

Out of the mentioned 19 states, 3 states alone comprise 23 million records – Texas (14 million), Wisconsin (6 million), and Louisiana (3 million). They were offered for prices between $1,300 and $12,500. For the remaining 16 states, no record counts were provided but their price ranges from $150 to as high as $4,000.

 

From Anomali Labs:

“Of note, the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.

To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including US voters’ personally identifiable information and voting history. With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft.”

 

DHS Warns Imminent Cybersecurity Threats to Agriculture Industry

U.S. Department of Homeland Security (DHS) said in a report titled “Threats to Precision Agriculture” that there is an imminent risk and cybersecurity threats relating to the technology used by the agricultural industry. Simply known as precision agriculture, this technology relies on IoT or what is known as the Internet of Things. It aims to improve agricultural and livestock management through GPS, remote sensors and communication systems supporting them. Its adoption has significantly widened thus also increasing the potential security risks associated to it.

 

Based on the report, threat scenarios like malware infection, phishing, and incorrect usage of external drives like USBs could compromise automated systems with the deployment of precision agriculture. If any of these happen, it can lead to data loss, equipment destruction, loss of resources, and reputational damage. It can also put confidential data at risk for theft.

 

Best practices were also discussed in the said report which could mitigate the threats.

“Adoption of information security standards for precision agriculture is important for the future success of precision agriculture, along with industry efforts for equipment interoperability and data use / privacy. Vetted best practices, borne from hard experience learned in other sectors which have proceeded agriculture in the digital revolution, offer a proven path for data security.”