In the Watchtower Weekly InfoSec Roundup, we summarize the latest information security news, breaches, vulnerabilities & advancements. In this week's edition:
Regulators eye Twitter data breach.
23 Million user records exposed online.
Warshipping giving hackers corporate access.
Read these stories and other timely infosec news below.
Cyber Attacks & Breaches
Regulator eyes Twitter data breach alerts
(The Times UK) August 11th
The Irish Data Protection Commission has confirmed that it is assessing a data- breach notification from Twitter after its misuse of user data in Europe.Data breach: 23 million user records hacked and shared online
(Komando) August 7th
T-shirt seller CafePress has asked its customers to reset their passwords as part of an updated "password policy." But the email request came after it was reported that the data of 23.2 million people had been exposed following a system hack in February.State Farm Suffers Data Breach
(Security Magazine) August 8th
State Farm, the insurance provider in the US, has been compromised in a credential stuffing attack, according to a news report. The firm, acknowledged the cyberattack, filing a data breach notification with the California Attorney General.SEC Investigating Data Leak at First American Financial Corp.
(Krebs on Security) August 12th
The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records.Threesome app exposes user data, locations from London to the White House
(ZDNet) August 9th
This "privacy trainwreck" not only exposed the near real-time location of users, but also leaked dates of birth, sexual preferences, chat information, and private pictures, even if the user has enabled some form of privacy. Currently, 3Fun claims 1.5 million users worldwide.Data Breach Exposes Personal Info for 53,000 Illinois Students
(Center for Digital Education) August 7th
Nearly 53,000 students and 3,100 educators in Naperville were affected by the breach, which occurred at a company that handles the districts’ K-8 academic assessments. The company said there’s been no evidence of misuse.Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer
(The Hacker News) August 7th
Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have and will release the data of thousands of its customers if the company did not pay 300 Bitcoins.FDNY: EMS patient data possibly compromised
(Queens Chronicle) (Queens Chronicle)
The FDNY is in the process of notifying more than 10,000 patients who have been treated or transported by department EMS personnel that their personal information — including Social Security numbers in an estimated 3,000 cases — may have been potentially compromised when an employee’s external hard drive went missing.Suspected Data Breach May Have Affected 15,000 County Workers
(Techwire) August 6th
A suspected data breach may have compromised the personal information of as many as 15,298 current and former Kern County government employees and their dependents, a government spokeswoman said.2 Misconfigured Databases Breach Sensitive Data of Nearly 90K Patients
(Health IT Security) August 7th
A trove of patient information was breached during two separate security incidents; health vendor Medico and Amarin Pharma recently confirmed misconfigured databases put patient data at risk.
Vulnerabilities & Exploits
Unpatched KDE vulnerability disclosed on Twitter
(ZDNet) August 6th
A security researcher has published proof-of-concept (PoC) code for a vulnerability in the KDE software framework. Just viewing --not running-- a malicious .desktop or .directory file inside a file browser can run malicious code on a user's system.New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking
(The Hacker News) August 6th
A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction.Security bod uncovers 'severe' zero-day flaw in Steam's Windows client
(The Inquirer) August 8th
The vulnerability lies within the Steam Client Service and could enable any user to run arbitrary code with LocalSystem privileges by using only a few commands.SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
(The Hacker News) August 6th
A new variant of the Spectre (Variant 1) side-channel vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens, and encryption keys, that would otherwise be inaccessible.THIS TEEN HACKER FOUND BUGS IN SCHOOL SOFTWARE THAT EXPOSED MILLIONS OF RECORDS
(Wired) August 9th
18-year-old Bill Demirkapi poked around the web interfaces of two common pieces of software used at his school, and he found serious bugs that would allow a hacker to gain deep access to student data.ISRAELI CYBER EXPERTS IDENTIFY SERIOUS SECURITY FLAW IN DIGITAL CAMERAS
(The Jerusalem Post) August 12th
The latest models of digital cameras are increasingly vulnerable to ransomware and malware attacks through their USB and WiFi connectivity.Security bugs in popular Cisco switch brand allow hackers to take over devices
(ZDNet) August 6th
Cisco has patched three dangerous bugs in one of its most popular products, the Cisco Small Business 220 Series of smart switches. The three vulnerabilities are as bad as it gets: an authentication bypass, a remote code execution, and a command injection.Apple's iOS Contacts app claimed to be vulnerable to SQLite hack
(Apple Insider) August 10th
Security firm Check Point has demonstrated a vulnerability in the industry-standard SQLite database format which can be exploited. Searching the Contacts app under these circumstances can be enough to make the device run malicious code.
Risks & Warnings
New ‘warshipping’ technique gives hackers access to enterprise offices
(ZDNet) August 7th
The technique dubbed warshipping, is the result of the researchers' investigation into possible infiltration methods through package deliveries to the office mailroom -- or an individual victim's front door.Online daters targeted, FBI alert warns
(SC Magazine) August 6th
Once again, online daters are being warned of confidence/romance scams that draw them into a relationship and then convince them to provide their financial or other information or send money, according to an FBI alert.Flawed office printers are a silent but serious target for hackers
(Tech Crunch) August 9th
You probably don’t think too much about your humble office printer. But they’re a prime target for hackers, if any of the dozens of vulnerabilities found by security researchers are anything to go by.Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets
(DarkReading) August 7th
According to reports out this week from two security research teams, financially motivated cybercriminals are updating their ransomware playbooks in search of bigger payoffs from their victims.New Windows malware can also brute-force WordPress websites
(ZDNet) August 7th
What stands out about this new threat is that besides classic malware features, Clipsa also includes a somewhat strange feature that allows it to launch brute-force attacks against WordPress websites.Destructive malware attacks double as attackers pair ransomware with disk wipers
(SC Magazine) August 8th
IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018.
MegaCortex variant redesigned a self-executing, incorporates features of previous version
(SC Magazine) August 6th
A new variant of MegaCortex ransomware making its way across the U.S. and Europe has been recast as a self-executing menace that doesn’t require a password.