Table of Contents

  1. Crime
    1. Industrial Cyber-Espionage Campaign Targets Hundreds of Companies
    2. Ransomware Hit Over 1,000 U.S. Schools in 2019
    3. Lazarus Hackers Target Linux, Windows With New Dacls Malware
    4. LifeLabs Data Breach Exposes Personal Info of 15 Million Customers
    5. Epilepsy Foundation Bombarded with Seizure-Triggering Twitter Posts
    6. Chinese Rancor APT Refreshes Malware Kit for Espionage Attacks
    7. Nuclear Bot Author Arrested in Sextortion Case
    8. Credit Card Data Exposed Online Is Tested Within 2 Hours
    9. University Issues Passwords by Hand to 38,000 Students and Staff After Cyber Attack
  2. Privacy
    1. 23andMe to share customer gene data with GlaxoSmithKline for $300M
  3. Vulnerabilities
    1. We Tested Ring’s Security. It’s Awful
    2. Bug Sent WhatsApp Into Crash Loop, Caused Chat History Loss
  4. Malware
    1. Hackers 'looking to weaponize Facebook Ad Manager' via trojan in PDF reader
  5. Facebook
    1. Facebook's Tor Site Down for Over a Week Due to Expired TLS Cert
  6. Politics
    1. Russian interview with Carles Puigdemont airs on hacked Spanish TV
    2. Vladimir Putin 'still uses obsolete Windows XP' despite hacking risk
    3. Iranian Attacks on Industrial Control Systems

Crime

Industrial Cyber-Espionage Campaign Targets Hundreds of Companies

Dubbed Gangnam Industrial Style, the campaign compromised at least 200 systems. Almost 60% of the victims are in South Korea, including steel, pipes, and valves, manufacturers, an engineering company, and a chemical plant construction company. The attack was distributed via spear phishing emails.

Ransomware Hit Over 1,000 U.S. Schools in 2019

Since January, 1,039 schools across the U.S. have been potentially hit by a targeted ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim. Emsisoft has released a report urging governments and organizations to respond to the ransomware epidemic and improve their attitude towards security.

Lazarus Hackers Target Linux, Windows With New Dacls Malware

A new Remote Access Trojan (RAT) malware dubbed Dacls and connected to the Lazarus Group has been spotted by researchers while being used to target both Windows and Linux devices. The group is associated with North Korea, and is known for the Sony Films breach during late 2014, and the 2017 global WannaCry ransomware epidemic. While they have been known to target Windows and MacOS systems, this is the first time they are connected to malware targeting Linux devices. Researchers discovered both Windows and Linux Dacls malware samples together with an exploit payload for Atlassian Confluence Server vulnerable to CVE-2019-3396 RCE bug.

LifeLabs Data Breach Exposes Personal Info of 15 Million Customers

Canadian clinical laboratory services provider LifeLabs has announced a data breach that exposed the personal information for up to 15 million Canadians after an unauthorized user gained access to their systems. Lifelab paid an undisclosed sum to retrieve the data. The personal information stolen from the lab test provider could include a customer’s name, address, e-mail, login, passwords, date of birth and health card number, all of which were on the computer systems the hackers accessed.

Epilepsy Foundation Bombarded with Seizure-Triggering Twitter Posts

The GIF set off a highly unusual court battle that is expected to equip those in similar circumstances with a new tool for battling threatening trolls and cyberbullies. On Monday, the man who sent Eichenwald the moving image, John Rayne Rivello, was set to appear in a Dallas County district court. A last-minute rescheduling delayed the proceeding until Jan. 31, but Rivello is still expected to plead guilty to aggravated assault. And he may be the first of many.

Chinese Rancor APT Refreshes Malware Kit for Espionage Attacks

A Chinese-linked hacking group deployed a new malware strain dubbed Dudell as part of attacks targeting Cambodian government organizations between December 2018 and January 2019. This malware dowwnloader was delivered in the form of a decoy Microsoft Excel document designed to run malicious macros on the target's computer.

Nuclear Bot Author Arrested in Sextortion Case

Last summer, a wave of sextortion emails began flooding inboxes around the world. The spammers behind this scheme claimed they’d hacked your computer and recorded videos of you watching porn, and promised to release the embarrassing footage to all your contacts unless a bitcoin demand was paid. Now, French authorities say they’ve charged two men they believe are responsible for masterminding this scam. One of them is a 21-year-old hacker interviewed by KrebsOnSecurity in 2017 who openly admitted to authoring a banking trojan called “Nuclear Bot.”

Credit Card Data Exposed Online Is Tested Within 2 Hours

Be it fake or real, payment card data does not survive untouched for long on the web, a recent experiment showed. The bad guys are testing everything they find on the internet, just to make sure they don't miss an opportunity to cash in. From the moment it landed on several paste sites, it took two hours for data from a Visa card to be used for a micro-transaction, just to check it's validity.

University Issues Passwords by Hand to 38,000 Students and Staff After Cyber Attack

A German university is going 'old school' and issuing new passwords for the email accounts of all 38,000 of its students and staff … by hand, leading to the unusual sight of people queuing 'around the block' on the university campus. The Justus Liebig University (JLU) in the northern Germany town of Gießen was forced to take the measures after what the university has referred to as a 'suspected cyber attack' by unknown malware.

Privacy

23andMe to share customer gene data with GlaxoSmithKline for $300M

Home-DNA-test provider 23andMe will provide the genetic information of its 5 million customers to pharmaceutical giant GlaxoSmithKline (GSK) for a reported $300 million investment, alarming privacy advocates and bioethicists.

Vulnerabilities

We Tested Ring’s Security. It’s Awful

Motherboard has tested a Ring camera security, and found out that it doesn't implement even the basic security checks, making it easy for attacker to target them. They have no bruteforce protection in place, 2FA is not enforced, and users can freely register with compromised credentials. Purchasing devices that constantly monitor, track and record us for convenience or a sense of safety is laying the foundation for an oppressive future.

Bug Sent WhatsApp Into Crash Loop, Caused Chat History Loss

Security researchers found a bug in WhatsApp that could be used to crash the messaging app in a loop on the phone of every member of a group. This research builds on previous efforts to break WhatsApp's secure message delivery. The bug was discovered in August 2019, and it's fixed in current versions of WhatsApp. The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop. Moreover, the user will not be able to return to the group and all the data that was written and shared in the group is now gone for good. The group cannot be restored after the crash has happened and will have to be deleted in order to stop the crash.

Malware

Hackers 'looking to weaponize Facebook Ad Manager' via trojan in PDF reader

A trojan distributed over facebook ads has been detected in the wild. The data at risk includes everything from email addresses, session cookies and access tokens to account ids, credit card details, Paypal emails, ad balances and spending limits for Facebook ad campaigns. After being harvested, the data is then transmitted back to the hackers' control server. Amazon cookies are also stolen, but no further information is extracted from amazon accounts.

Facebook

Facebook's Tor Site Down for Over a Week Due to Expired TLS Cert

Facebook has announced that its Tor gateway will be down for one to two weeks due to an expired TLS certificate. This is a bit strange as it normally should not take two weeks to renew a certificate.

Politics

Russian interview with Carles Puigdemont airs on hacked Spanish TV

Spain’s public broadcaster has inadvertently carried an interview with the exiled Catalan separatist leader Carles Puigdemont after hackers hijacked its online news channel and substituted its content for that of Russia’s state-backed RT network.

Vladimir Putin 'still uses obsolete Windows XP' despite hacking risk

Putin, 67,appears to have the obsolete Microsoft Windows XP operating system installed on computers in his office at the Kremlin and at his official Novo-Ogaryovo residence near Moscow, according to images released by his press service.

Iranian Attacks on Industrial Control Systems

At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company's threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group carry out so-called password-spraying attacks over the past year that try just a few common passwords across user accounts at tens of thousands of organizations. That's generally considered a crude and indiscriminate form of hacking. But over the last two months, Microsoft says APT33 has significantly narrowed its password spraying to around 2,000 organizations per month, while increasing the number of accounts targeted at each of those organizations almost tenfold on average.