Welcome to the 26th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. We have been away for a few weeks and this edition will be longer than usual. This week’s volume compiled by Secjuice writers Sinwindie, Mike Peterson, Prasanna, Devesh Chande, Hartoyo Wahyu, Thunder-Son, and Miguel Calles.
Honda cyberattack halts plants in India, Brazil
Honda Motor Co plants in Brazil and India have halted operations as the Japanese automaker battles to recover from a cyberattack that affected several factories worldwide.
Nintendo confirms 300,000 accounts breached since April
The company recommends users change their passwords and enable two-factor authentication. Hackers had access to personal information including users’ birthdays and email addresses, but did not have access to credit card information.
Sleuths uncover a particularly brazen case of cyber-mischief
Companies suffer hacking attacks on a daily basis. The most recent known victim was Honda, which announced that its computers had been locked down by ransomware on June 9th. Stories about the firms suspected of doing the hacking, though, are rarer. Also on June 9th CitizenLab, part of the Munk School of Government at the University of Toronto, said that it had unearthed one of the biggest-known groups of such workaday, mercenary hackers, which it has dubbed “Dark Basin”.
GovTech Singapore Resolved 33 Security Weaknesses and Awarded Global Hacker Community Over $30,800 for Contributing to a More Secure and Resilient Smart Nation
HackerOne, the number one hacker-powered security platform, and Singapore’s Government Technology Agency (GovTech), supported by the Cyber Security Agency of Singapore (CSA) today announced the results of its third Government Bug Bounty Programme (GBBP), part of the Singapore Government’s ongoing initiative to build a secure and resilient Smart Nation, a government-wide initiative to improve the lives of citizens and increase business opportunities through the adoption of digital and smart technologies throughout Singapore.
The ‘new normal’ as cyber-spies navigate pandemic
The Covid crisis has reshaped the cyber-threat landscape around the globe.
There may not have been a significant increase in the volume of cyber-attacks, but countries have pursued new targets, pushed boundaries and taken advantage of their adversaries working from home, according to cyber-security experts.
Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal Data
Threat actors are distributing fake Android applications themed around official government COVID-19 contact tracing apps. Anomali Threat Research (ATR) identified multiple applications that contain malware, primarily Anubis and SpyNote, and other generic malware families. These apps, once installed on a device, are designed to download and install malware to monitor infected devices, and to steal banking credentials and personal data. The wider security community continues to monitor ongoing malicious activity themed around COVID-19. ATR believes that the fake apps are likely being distributed through other apps, third-party stores, and websites, among others. As of the publication of this research, the fake apps had not been identified as being present in the Google Play Store.
Facebook Helped the FBI Hack a Child Predator
Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls.
More than 13,500 Vivo phones running on same IMEI, Meerut police files case
A five-month-long investigation by the cybercrime cell unit of Meerut Police uncovered a security breach where more than 13,500 phones manufactured by Vivo were found to be running on the same International Mobile Equipment Identity (IMEI) number.
Maze Promotes Other Gang’s Stolen Data On Its Darknet Site
The Maze ransomware gang is hosting and promoting data stolen by other ransomware operators on its “Maze News” website, according to IBM researchers, who are concerned this could be a sign of growing collaboration among cybercrime groups.
US aerospace services provider breached by Maze Ransomware
The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company’s compromised devices in April 2020.
We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones.
New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD
Academics say they discovered 26 new vulnerabilities in the USB driver stack employed by operating systems such as Linux, macOs, Windows, and FreeBSD.
Fuckunicorn ransomware targets Italy in COVID-19 lures
A new ransomware dubbed FuckUnicorn has been targeting computers in Italy by tricking victims into downloading a fake contact tracing app, named Immuni, that promises to provide real-time updates for the COVID-19 outbreak.
Ransomware Gangs’ Ruthlessness Leads to Bigger Profits
Criminals continue to tap ransomware, backed by more advanced network penetration techniques, hitting larger targets and leaking data in an attempt to maximize their illicit paydays.
Qatar: Contact tracing app security flaw exposed sensitive personal details of more than one million
Serious security vulnerabilities in Qatar’s mandatory contact tracing app, uncovered by Amnesty International, must act as a wake-up call for governments rolling-out COVID-19 apps to ensure privacy safeguards are central to the technology.
Thai Database Leaks 8.3 Billion Internet Records
I recently discovered an exposed ElasticSearch database when browsing BinaryEdge and Shodan. This database appears to be controlled by a subsidiary of a major Thailand-based mobile network operator named Advanced Info Service (AIS). According to Wikipedia, AIS is “Thailand’s largest GSM mobile phone operator with 39.87 million customers” as of 2016. The database was likely controlled by AIS subsidiary Advanced Wireless Network (AWN). It contained a combination of DNS query logs and NetFlow logs for what appears to be AWN customers. Using this data it is quite simple to paint a picture of what a person does on the Internet. I made multiple attempts to contact AIS to get the database secured without success. At that point I contacted Zack Whittaker – a journalist from TechCrunch – for assistance. We were still unable to make contact with AIS. I then contacted the Thailand National CERT team (ThaiCERT). ThaiCERT was able to make contact with AIS, and we were successful in getting the database secured.
70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs
A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
Thousands of enterprise systems infected by new Blue Mockingbird malware gang
Thousands of enterprise systems are believed to have been infected with a cryptocurrency-mining malware operated by a group tracked under the codename of Blue Mockingbird.
Hackers Serve Up Stolen Credentials from Home Chef
Roughly 8 million users of meal-delivery company Home Chef found themselves served a side of compromised data along with their food. The personal information, which includes email address, encrypted password, last four credit card digits, gender, age, and subscription information, was offered for sale on the Dark Web for approximately $2,500.
NSO Group Impersonates Facebook Security Team to Spread Spyware — Report
According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in.
Upcoming Events, Webcasts, Conferences, etc.
LASCON 20/20 – Call for Papers and Training
When: Now thru June 30, 2020
You Can Write an Infosec Book!
The Best Virtual Cybersecurity Conferences And Events In 2020
The best online cybersecurity events taking place in 2020 are the educational ones in my opinion. With the collapse of physical events and conferences, we’ve seen an absolute surge towards hosting online events; but from what we’ve seen the events that generate the highest attendance are the ones with actionable skills you can actually use in your cyber niche.
SANS@MIC – The 14 Absolute Truths of Security
OWASP Virtual AppSec Days Summer of Security
Open Source Digital Forensics Conference