Table of Contents

  1. Politics
    1. Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad
  2. Leaks
    1. HappyHotel, popular search engine for love hotels in Japan discloses data breach
  3. Crime
    1. Fake Windows 10 Desktop Used in New Police Browser Lock Scam
    2. InfoTrax Gets Slap on The Wrist After Being Breached 20+ Times
    3. FBI Investigating How Town Defrauded of $1 Million
    4. IT Executive Steals $6 Million, Busted by Word Doc Metadata
  4. Malware
    1. Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March
    2. Tracking down DeathRansom author
  5. Surveillance
    1. ToTok Returned to Google Play Despite ‘Spy Tool’ Claims

Politics

Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the information with the cybersecurity community as a primer for assisting in the protection of US Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Federal Deposit Library Program's server was one of the first defaced websites, and it's been running an Joomla version unpatched since 2012. A working exploit has been long been public.

Leaks

HappyHotel, popular search engine for love hotels in Japan discloses data breach

HappyHotel, a Japanese search engine used to find and book rooms in “love hotels,” announced to have suffered a security breach in December. HappyHotelis a popular Japanese search engine for “love hotels,” it is used by married couples and unfaithful spouses, it allows users to book rooms in love hotels in Japan. Almex, the company that operates HappyHotel, published a data breach notice on the website.

Crime

Fake Windows 10 Desktop Used in New Police Browser Lock Scam

Scammers have taken an old browser scam and invigorated it using a clever and new tactic that takes advantage of your web browser's full-screen mode to show a fake Windows 10 desktop stating your computer is locked. This type of scam is called a police browser locker, which pretends to be law enforcement locking your browser because due to illegal activity. These scams then state that if you pay a fine via a credit card, it will unlock your computer so you can use it again.

InfoTrax Gets Slap on The Wrist After Being Breached 20+ Times

The Federal Trade Commission (FTC) finalized a settlement with a Utah-based tech company that got hacked and had the personal info of over a million clients stolen following a series of more than 20 undetected network intrusions. InfoTrax Systems, a provider of back-end operations systems and online distributor of MLM software for the Direct Sales industry, only detected the security breach after "it was alerted that its servers had reached maximum capacity." InfoTrax was only able to detect the hacker because the archive of stolen data he collected grew so large that one of the servers' hard disks ran out of space.

FBI Investigating How Town Defrauded of $1 Million

The FBI and local police are investigating how scammers posing as a contractor for a local bridge project tricked officials in a small Colorado town into electronically transferring over $1 million to a fraudulent account. This appears to be a clear case of a specific type of business email compromise attack,

IT Executive Steals $6 Million, Busted by Word Doc Metadata

A former corporate executive of a global internet company swindled roughly $6 million between August 2015 and May 2019 using a shell company named Interactive Systems. Besides all invoices being addressed to Kabbaj, the special agent assigned to the investigation also discovered that four invoices were also submitted in Word document format with the metadata identifying Kabbaj as the author.

Malware

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security experts at Trend Micro discovered that at least three malicious apps were available in the official Google Play store since March 2019, The researchers pointed out that the apps are working together to compromise devices and collect user information, and one of them uses the android binder CVE-2019-2215 exploits.

Tracking down DeathRansom author

FortiGuard Labs recently discovered an ongoing DeathRansom malicious campaign. Evidence found on Russian underground forums and in their forensic investigations points to a significant connection between ongoing DeathRansom and various infostealing malware campaigns, all likely directed by one Russian-speaking individual living in Italy.

Surveillance

ToTok Returned to Google Play Despite ‘Spy Tool’ Claims

Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due to claims that it was being used for government espionage. ToTok, a social app that was released in 2019 and has been downloaded by millions, gained rapid popularity in the United Arab Emirates (UAE) where other messaging platforms like WhatsApp and Skype are partially restricted. But despite the app’s popularity, it was quickly take down from Google Play and the Apple App Store after a report from the New York Times in December claimed that the app is actually being used by the government of the United Arab Emirates as a spy tool used to track users’ conversations and location. The cofounders have been since trying hard to restore the reputation of the company, and claims that the rumours are completely false.