Table of Contents

  1. Vulnerabilities
    1. Tik or Tok? Is TikTok secure enough?
    2. SHA-1 chosen prefix collision
    3. Microsoft Windows VCF Card / Mailto Link Denial Of Service
  2. Leaks
    1. The Difficulty of Disclosure, Surebet247 and the Streisand Effect
    2. Medical Info of Roughly 50K Exposed in Minnesota Hospital Breach
  3. Ransomware
    1. Travelex 'being held to ransom' by hackers said to be demanding $3m
    2. SNAKE Ransomware is targeting business networks
  4. Google
    1. Google's new policy gives developers more time to address security flaws
    2. Google Fixes Critical Android RCE Flaw
  5. Phishing
    1. Microsoft Phishing Scam Exploits Iran Cyberattack Scare
  6. Apple
    1. Unable to unlock gunman’s iPhones, the FBI (once again) asks for Apple’s help
  7. Crime
    1. MageCart gang compromised popular Focus Camera website

Vulnerabilities

Tik or Tok? Is TikTok secure enough?

Researchers from CheckPoint security have analyzed and identified multiple vulnerabilities in the TikTok app, including sensitive data exposure, XSS attacks, and manipulating user account (adding, deleting videos, or changing the privacy settings).

SHA-1 chosen prefix collision

One more significant milestone was met in cracking SHA-1, and now it's possible to create a SHA-1 collision with a chosen prefix. As a side result, this shows that it now costs less than 100k USD to break cryptography with a security level of 64 bits (i.e. to compute 264 operations of symmetric cryptography).

Microsoft Windows VCF Card / Mailto Link Denial Of Service

Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code. This can be done by crafting the Mailto link to point to Windows "logoff.exe". The corrupt VCF card can then kill all users applications and also log the target off their computer, if the VCF card is opened in using Windows Contacts and the link is clicked.

Leaks

The Difficulty of Disclosure, Surebet247 and the Streisand Effect

Troy Hunt has published an article about his experience with disclosing breaches and how the company reacted, by choosing to actively ignore security experts and trying to take a legal action against them.

Medical Info of Roughly 50K Exposed in Minnesota Hospital Breach

Personal and medical information of 49,351 patients of Minnesota-based Alomere Health might have been exposed following the compromise of two employees’ email accounts. Alomere Health is a general medical and surgical hospital in Alexandria, MN, with 127 beds. It is accredited by the Healthcare Facilities Accreditation Program (HFAP), has a Level III trauma center and has twice been named as one of the Top 100 Hospitals by Thomson Reuters. Exposed data include names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information. Attackers also accessed Social Security numbers and driver’s license numbers for some patients.

Ransomware

Travelex 'being held to ransom' by hackers said to be demanding $3m

The company first discovered the virus on New Year’s Eve, Travelex said in its statement. According to the company, there’s no indication personal or customer data had been compromised in the incident. “The company’s network of branches continues to provide foreign exchange services manually,” the statement said. The ransomware involved is particularly insidious, which Travelex has confirmed in a new statement to be Sodinokibi (it is also known as REvil). Sodinokibi almost acts like a software-as-a-service that allows criminals to customize it for their specific uses, according to an analysis by McAfee. The ransomware encrypted Travelex’s entire network, and the attackers gave Travelex a seven-day deadline to pay up. It is worth mentioning that the company was alerted of the critical Pulse Secure vulnerability used to spread the malware, but they did not react.

SNAKE Ransomware is targeting business networks

The SNAKE is a new ransomware that is threatening enterprises worldwide along with most popular ransomware families such as Ryuk, Maze, Sodinokibi, LockerGoga, BitPaymer, DoppelPaymer, MegaCortex, LockerGoga. The scary trend sees criminal organizations targeting enterprises, instead of single users, using the above malware to maximize their profits.

Google

Google's new policy gives developers more time to address security flaws

Google's Project Zero disclosure program is supposed to encourage releases of security fixes in a timely fashion, but things haven't gone according to plan. Premature disclosures, half-hearted fixes and other issues have been a little too common. The company might address some of those problems in 2020, though. It recently revised its policies in a bid to encourage both more "thorough" security patches and wider adoption of those patches. Most notably, Google will wait 90 days to disclose a flaw even if it's fixed well ahead of that deadline. If developers act quickly, they'll have more time to both distribute patches and make sure that fixes address the root cause of a flaw.

Google Fixes Critical Android RCE Flaw

Google’s first security update of 2020 addressed seven high and critical severity Android flaws. Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Compared to last year’s monthly tally, the number of CVEs patched this month were relatively few. “The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” according to Google in the bulletin.

Phishing

Microsoft Phishing Scam Exploits Iran Cyberattack Scare

An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials. With the rising escalations between the United States and Iran, the U.S. government has been issuing warnings about possible cyberattacks by Iran and potential attacks on critical U.S. infrastructure. To take advantage of this increased tension, an attacker has created a phishing scam that pretends to be from 'Microsoft MSA' and has an email subject of 'Email users hit by Iran cyber attack' warning that Microsoft's servers were hit by a cyberattack from Iran.

Apple

Unable to unlock gunman’s iPhones, the FBI (once again) asks for Apple’s help

In a move that may signal another high-stakes clash over encryption, the FBI is asking Apple for help decrypting two iPhones believed to have belonged to Mohammed Saeed Alshamrani, the man suspected of carrying out a shooting attack that killed three people last month at the Naval Air Station in Pensacola, Florida.

Crime

MageCart gang compromised popular Focus Camera website

A new MageCart attack made the headlines, this time the gang compromised the website of popular Focus Camera. The hack took place last year, the hacker planted a software skimmer on the website to steal payment card data of users that purchased the products on the portal. To hide the malicious traffic, the attackers registered "zdsassets.com," a domain that resembles ZenDesk's legitimate "zdassets.com."