Table of Contents

  1. Malware
    1. The Mac Malware of 2019
    2. The popular US restaurant chain Landry’s announced that it was the victim of a cyber-attack, malware has infected its point of sale (POS) systems.
  2. Ransomware
    1. Oddly specific 'cyber attack' hits Alaskan airline RavnAir and one plane type
    2. Maze Ransomware Sued for Publishing Victim's Stolen Data
    3. Ransomware Attackers Offer Holiday Discounts and Greetings
  3. Apple
    1. Apple Is Bullying a Security Company with a Dangerous DMCA Lawsuit
  4. Vulnerabilities
    1. D-Link DIR-859 - Unauthenticated RCE (CVE-2019–17621)
  5. Exploit development
    1. Exploiting Wi-Fi Stack on Tesla Model S
  6. Leaks
    1. Universarium - 564,962 breached accounts
    2. Poloniex Forces Password Reset After Data Leak Found Online
  7. Privacy
    1. Google shutting down Xiaomi access to Assistant following Nest Hub picking up strangers' camera feeds
  8. Surveillance
    1. TikTok claims zero takedown requests from China in first transparency report

Malware

The Mac Malware of 2019

Patrick Wardle wrote a blog post with technical analysis of the new Mac Malware that appeared during 2019.

The popular US restaurant chain Landry’s announced that it was the victim of a cyber-attack, malware has infected its point of sale (POS) systems.

The popular US restaurant chain Landry’s disclosed a security incident, its point of sale (POS) systems have been infected with malware specifically developed to steal customers’ payment card information (i.e. credit card numbers, expiration dates, verification codes and, in some cases, cardholder names). Landry’s owns and operates more than 600 restaurants, bar, hotels, and casinos with over 60 popular brands, including Landry’s Seafood, Saltgrass Steak House, Chart House, Bubba Gump Shrimp Co., Claim Jumper, McCormick & Schmick’s, Morton’s The Steakhouse, Mastro’s Restaurant, Rainforest Cafe, Del Frisco’s Grill, and many more.

Ransomware

Oddly specific 'cyber attack' hits Alaskan airline RavnAir and one plane type

RavnAir Group declared on 21 December that it had "experienced a malicious cyber attack on our company's IT network" the day before, causing it to cancel all of its flights operated with Dash 8s on its RavnAir Alaska airline.

Maze Ransomware Sued for Publishing Victim's Stolen Data

The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid. The company suing Maze is Southwire, a leading wire and cable manufacturer from Carrollton, Georgia, who was attacked in December 2019. As part of this attack, the ransomware allegedly stole 120GB of data and encrypted 878 devices.

Ransomware Attackers Offer Holiday Discounts and Greetings

To celebrate the holidays, ransomware operators are providing discounts or season's greetings to entice victims into paying a ransom demand. As ransomware operators look at their organizations as a business, it is not surprising to see them offering discounts or season's greetings to their victims. Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a "Merry Christmas and Happy Holidays".

Apple

Apple Is Bullying a Security Company with a Dangerous DMCA Lawsuit

Apple has unleashed their legal juggernaut on an innovative iOS security company, and if they win their lawsuit, the damage will reverberate beyond the security community and into the world of repair and maintenance. Corellium’s software creates virtual iPhones in a web browser, so that app developers and security researchers can tinker without needing a physical device. It’s nerdy stuff that most people will never need, but it’s genuinely useful. So useful, in fact, that Apple tried to buy the company. When the founders refused, Apple decided to sue them into oblivion.

Vulnerabilities

D-Link DIR-859 - Unauthenticated RCE (CVE-2019–17621)

Security researchers Miguel Méndez Zúñiga and Pablo Pollanco from Telefónica Chile recently published Proof-of-concept (PoC) exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. The vendor has since released the fixes.

Exploit development

Exploiting Wi-Fi Stack on Tesla Model S

In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. The research involves many in-vehicle components. It demonstrated how to hack into these components, including CID, IC, GATEWAY, and APE. The vulnerabilities utilized exists in the kernel, browser, MCU firmware, UDS protocol, and OTA updating services.

Leaks

Universarium - 564,962 breached accounts

In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks. The data was provided to HIBP by dehashed.com.

Poloniex Forces Password Reset After Data Leak Found Online

Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. The measure was necessary to prevent spear-phishing attacks against the users aimed at stealing credentials or at delivering malware designed to steal their funds.

Privacy

Google shutting down Xiaomi access to Assistant following Nest Hub picking up strangers' camera feeds

So-called "smart" security cameras have had some pretty dumb security problems recently, but a recent report regarding a Xiaomi camera linked to a Google account is especially disturbing. One Xiaomi Mijia camera owner is getting still images from other random peoples' homes when trying to stream content from his camera to a Google Nest Hub. The images include stills of people sleeping and even an infant in a cradle. In the meantime, Google has entirely disabled Xiaomi integration for Google Home and the Assistant while it works out the issue with Xiaomi.

Surveillance

TikTok claims zero takedown requests from China in first transparency report

TikTok released its first transparency report, showing which countries have submitted requests for content removal as well as access to user data. China is notably absent from the report—the video sharing app, owned by Chinese tech giant ByteDance, claims it did not receive a single takedown request from Communist Party of China in the first half of 2019.