Table of Contents

  1. Crime
    1. Frankfurt city is offline
    2. Zynga game developer breached
    3. Gießen University still recovers from the attack
    4. Member of 'The Dark Overlord' hacking group extradited to the US
    5. Honda Exposes 26,000 Records of North American Customers
    6. Siemens Contractor Jailed for Sabotage With Logic Bombs
    7. FBI Warns of Risks Behind Using Free WiFi While Traveling
    8. Multiple german hospitals complained they don't get enough financing for IT security
  2. Malware
    1. Attackers Posing as German Authorities Distribute Emotet Malware
    2. Canadian Insurance Firm Hit By Maze Ransomware, Denies Data Theft
    3. ScreenConnect MSP Software Used to Install Zeppelin Ransomware
  3. Vulnerabilities
    1. ARM64 CPUs speculatively execute instructions after ERET
    2. Deutsche Bahn Ticket Vending Machine Windows XP - Local Kiosk Privilege Escalation Vulnerability
    3. Lousy IoT Security
  4. Privacy
    1. Twelve Million Phones, One Dataset, Zero Privacy
    2. How tracking pixels work
    3. Facebook fails to convince lawmakers it needs to track your location at all times

Crime

Frankfurt city is offline

Frankfurt city services are offline after an employee has opened a malicious email. Fire brigade and libraries are affected too. Emotet is blamed for the attack.

Zynga game developer breached

In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data comes from a hacker known to publish data leaks online.

Gießen University still recovers from the attack

The university has decided to recover the old fashioned way, by handing credentials on paper to 38k students and employees, and has decided to use Desinfec't to restore the damaged systems. The university pressed charges for a suspected cyber attack.

Member of 'The Dark Overlord' hacking group extradited to the US

A British man was extradited to the US this week to face charges of hacking and extorting US companies while part of an infamous hacking group known as The Dark Overlord (TDO). The man pleaded not guilty. The Dark Overlord group has been responsible for tens of attacks since early 2016, a lot of them receiving broad media coverage. In many other cases, the group also made fun of victims by forcing them to sign legal contracts. These contracts included terms of the extortion demand, and the hackers' and the victim's responsibilities.

Honda Exposes 26,000 Records of North American Customers

Automotive giant Honda exposed roughly 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers after misconfiguring an Elasticsearch cluster on October 21, 2019. The database records included the customers' full names, email addresses, phone numbers, mailing address, vehicle make and model, vehicle VINs, agreement ID, and various service information on their Honda vehicles. Worth mentioning is that this is not the first time such a thing happened to Honda.

Siemens Contractor Jailed for Sabotage With Logic Bombs

Former Siemens contract employee David Tinley was sentenced to six months in prison after pleading guilty for sabotaging his employer over a span of roughly two years using logic bombs planted in company spreadsheets. The end goal of his efforts was to cause Siemens to ask for his services at the firm's Monroeville, PA location to repair the malfunctioning software. Tinley planted logic bombs designed to trigger automatically after a set time and randomly crash a series of spreadsheets he designed to automatically calculate customer order cost estimates.

FBI Warns of Risks Behind Using Free WiFi While Traveling

The U.S. Federal Bureau of Investigation recommends travelers to avoid connecting their phone, tablet, or computer to free wireless hotspots while traveling during the holiday season.

Multiple german hospitals complained they don't get enough financing for IT security

In response to the ransomware epidemic, an open letter on the Klinikum Wolfburg website was posted, where multiple hospitals have complained they don't get enough finances to invest in IT security.

Malware

Attackers Posing as German Authorities Distribute Emotet Malware

An active malspam campaign is distributing Emotet banking Trojan payloads via emails camouflaged to look like messages delivered by several German federal authorities warns the BSI, Germany's federal cybersecurity agency.

Canadian Insurance Firm Hit By Maze Ransomware, Denies Data Theft

An insurance and financial services company based out of Manitoba, Canada is the latest victim of the Maze Ransomware with allegedly 245 computers encrypted during a cyberattack in October, totalling to about 63 terabytes of data. The ransom amount was $1.1 million, and Andrew Agencies was originally in communication with the attackers, but have since stopped responding. The company has chosen not to pay the ransom, and they claim there is no evidence that any sensitive personal information or data was stolen, which Maze operators deny, claiming they have gotten about 1.5GB of information about insurance customers.

ScreenConnect MSP Software Used to Install Zeppelin Ransomware

Threat actors are utilizing the ScreenConnect (now called ConnectWise Control) MSP remote management software to compromise a network, steal data, and install the Zeppelin Ransomware on compromised computers.

Vulnerabilities

ARM64 CPUs speculatively execute instructions after ERET

OpenBSD has criticized ARM for downplaying a vulnerability they have quietly fixed a year ago without informing anyone, and now it was rediscovered again and OpenBSD has released the patch.

Deutsche Bahn Ticket Vending Machine Windows XP - Local Kiosk Privilege Escalation Vulnerability

A kiosk mode escalation vulnerability has been discovered in the official deutsche bahn ticket vending machine series for windows (they still run on XP). The security vulnerability allows local attackers to bypass the kiosk mode to compromise the local file system and applications. The vulnerability has been patched.

Lousy IoT Security

DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible, exposing sensitive data, and even allowing arbitrary code execution over android ADB.

Privacy

Twelve Million Phones, One Dataset, Zero Privacy

The Times Privacy Project obtained and investigated location data from a tracking company whose software is included in many mobile apps. It is probably the most sensitive data to ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.

How tracking pixels work

Julia Evans has analyzed how facebook uses the 1x1 gif tracking pixel to track the websites you visit and show you relevant ads.

Facebook fails to convince lawmakers it needs to track your location at all times

Facebook told two senators why it tracks users’ locations even when their tracking services are turned off. The lawmakers now say Facebook should give users more control over their data.