Table of Contents

  1. Leaks
    1. Planet Calypso - 62,261 breached accounts
    2. BtoBet - 444,241 breached accounts
  2. Ransomware
    1. Sodinokibi Ransomware Publishes Stolen Data for the First Time
  3. Privacy
    1. How to be anonymous in the age of surveillance
  4. Exploit development
    1. PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw released online
    2. OpenBSD won't update Firefox, advises users to switch to ESR
  5. Malware
    1. Android Trojan Kills Google Play Protect, Spews Fake App Reviews
  6. IoT
    1. Spectrum Kills Home Security Business, Refuses Refunds for Owners of Now-Worthless Equipment

Leaks

Planet Calypso - 62,261 breached accounts

In approximately July 2019, the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.

BtoBet - 444,241 breached accounts

In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated betting platform provider BtoBet as being the common source of the data. Impacted data included user records and extensive information on gambling histories.

Ransomware

Sodinokibi Ransomware Publishes Stolen Data for the First Time

For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time. By trying to hide these attacks, and the theft of employee, company, and customer data, companies are not only risking fines and lawsuits but are also putting personal data at risk. This practice of using stolen data as leverage is not going to go away and is only going to get worse. Albany International Airport's staff also announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.

Privacy

How to be anonymous in the age of surveillance

Special sunglasses, license-plate dresses, Juggalo face paint: How to be anonymous in the age of surveillance. The frames of these sunglasses, from Chicago-based eyewear line Reflectacles, are made of a material that reflects the infrared light found in surveillance cameras and represents a fringe movement of privacy advocates experimenting with clothes, ornate makeup and accessories as a defense against some surveillance technologies.

Exploit development

PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw released online

Experts announced the availability online of proof-of-concept exploit code for CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway servers. While security researchers were warning of ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers affected by the CVE-2019-19781 vulnerability, many experts are announcingthe availability online of proof-of-concept exploit code. In December Citrix disclosed the critical CVE-2019-19781 vulnerability and explained that it could be exploited by attackers to access company networks. The CVE-2019-19781 vulnerability was discovered by Mikhail Klyuchnikov from Positive Technologies. "Positive Technologies experts determined that at least 80,000 companies in 158 countries are potentially at risk."The vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.

OpenBSD won't update Firefox, advises users to switch to ESR

Due to Firefox being too complicated to package (thanks to cbindgen and rust dependencies) on the stable branch (as this would require testing all rust consumers), the 6.6-stable branch won't receive updates for www/mozilla-firefox, so it will remain vulnerable to MFSA2020-03 and vulnerabilities that may appear after. On the other hand, firefox-esr is still updated so I recommend switching to firefox-esr if you are running 6.6-stable. If you run OpenBSD 6.5, you should upgrade to OpenBSD 6.6 to get the benefit from packages updates. OpenBSD-current users are not affected, www/mozilla-firefox update is already committed and will be available soon on the mirrors.

Malware

Android Trojan Kills Google Play Protect, Spews Fake App Reviews

An Android malware strain camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more. The attackers will utilize the Trojan to boost other malicious apps' ratings on the Play Store, post fake reviews on any apps' entries, install other apps from the Play Store or third-party app stores under the cover of an "invisible" window. The malware also disables the Google Play Protect mobile threat protection service, Google's built-in Android malware protection, so that it can go about its business undisturbed.

IoT

Spectrum Kills Home Security Business, Refuses Refunds for Owners of Now-Worthless Equipment

On February 5, Spectrum will no longer support customers who've purchased its Spectrum Home Security equipment. None of the devices---the cameras, motion sensors, smart thermostats, and in-home touchscreens---can be paired with other existing services. Nevertheless, Spectrum customers were only notified that the service would be ended last month. The Ring deal includes a free alarm security kit, but will require Spectrum customers to purchase a year of professional monitoring at a cost of $340. AdvertisementThe offers notwithstanding, many Spectrum Home Security users will soon find themselves out hundreds of dollars.