Table of Contents
Baby's First Data Breach: App Exposes Baby Photos, Videos
Exposed data includes email addresses, detailed device data and often, links to photos and videos, all of which get stored on servers hosted by Singapore-based Alibaba Cloud. For some of the babies whose data is exposed, this is quite possibly their first data breach exposure. The data exposure alert comes despite Peekaboo Moments describing itself as a "secured space," and promising to safeguard the data and information it stores. Peekaboo Moments allows users to track a baby's movements, as well as record a diary and growth milestones. The Peekaboo Moments app is free.
BEC Scammers Use Aging Report Phishing to Find New Targets
A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. The attackers also made use of name deception and free email accounts designed to mimic the firm's CFO to further strengthen their hoax.
Scammers Dupe Texas School District Out of $2.3M
A Texas school district, based outside of Austin, Tex., has lost $2.3 million after falling victim to an email scam. The wide-scale phishing scam reportedly started in early November and continued through December, before it was discovered by the Texas school district. The Manor Independent School District encompasses 8,000 students from elementary to high school. After the target's email account is compromised, attackers add a forwarding or redirect rule on the account that passes copies of all incoming emails to another account controlled by the attackers.
Nemty Ransomware to Start Leaking Non-Paying Victim's Data
The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. If a victim does not pay the ransom, then the stolen data will be leaked little-by-little until payment has been made or it has all been released.
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. According to a recent analysis of the Ryuk Ransomware by Head of SentinelLabs Vitali Kremez, when the malware is executed it will spawn subprocesses with the argument '8 LAN'. Checking for private networkIf the ARP entry is part of any of those networks, Ryuk will send a Wake-on-Lan (WoL) packet to the device's MAC address to have it power up. This WoL request comes in the form of a 'magic packet' containing 'FF FF FF FF FF FF FF FF'. Ryuk sending a WoL packetIf the WoL request was successful, Ryuk will then attempt to mount the remote device's C$ administrative share.
Grindr and OkCupid Spread Personal Details, Study Says
Popular dating services like Grindr, OkCupid and Tinder are spreading user information like dating choices and precise location to advertising and marketing companies in ways that may violate privacy laws, according to a new report that examined some of the world's most downloaded Android apps.
Cisco addressed a high-severity bug in Webex that could allow Remote Code Execution
Tech giant Cisco has recently addressed two high-severity vulnerabilities affecting its Webex and IOS XE Software products. Cisco Systems has released security fixes for two high-severity vulnerabilities in its products, including a remote code execution flaw in the Webex video conferencing platform. The Webex flaw resides in the web-based management interface of Cisco Webex Video Mesh, a feature that enables on-premises infrastructure for video conferencing. Cisco also addressed a high-severity flaw in the web user interface of Cisco IOS and Cisco IOS XE Software that runs on Cisco routers and switches. The issue affects Cisco devices that are running vulnerable releases of Cisco IOS or Cisco IOS XE Software earlier than 16.1.1 with the HTTP Server feature enabled.
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Consequently, all versions of Windows are likely affected (including Windows XP, which is no longer being supported with patches from Microsoft). The company also said it does "not release production-ready updates ahead of regular Update Tuesday schedule.
UK Govt Warns Not To Access Online Banking on Windows 7
The UK's National Cyber Security Centre (NCSC) is warning people of using online banking or accessing sensitive accounts from devices running Windows 7 from Tuesday 14, January, when Microsoft ends support for the operating system.
Emotet Malware Restarts Spam Attacks After Holiday Break
After almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns. Emotet expert Joseph Roosen told BleepingComputer that on December 21st, 2019, Emotet stopped sending spam campaigns even though their command and control servers continued to run and issue updates. Current Emotet campaigns being seen today include regular emails and reply-chain attacks pretending to be proof-of-delivery documents, reports, agreements, and statements.
Russian hackers targeted Burisma amid impeachment inquiry, cybersecurity firm says
Russian military hackers tried to steal emails from the Ukrainian energy firm where Hunter Biden, the son of the Democratic presidential contender Joe Biden, had a seat on the board, a US cybersecurity firm said. The California-based Area 1 Security identified the hacking of Burisma and linked it to Russia's Main Directorate of Military Intelligence, or GRU. Breaching Burisma could yield communications from, to or about Hunter Biden, who served as a director between 2014 and 2019. Burisma and its subsidiaries shared the same email server, Area 1 said, meaning a breach at any of the companies could expose them all.
City of Las Vegas said it successfully avoided devastating cyber-attack
City of Las Vegas detected and detered a major cyberattack. Security breach took place on January 7, but the city said it detected the intrusion in time to prevent any damage. Officials from the city of Las Vegas said they narrowly avoided a major security incident that took place on Tuesday, January 7. According to a statement published by the city on Wednesday, the compromise took place on Tuesday, at 4:30 am, in the morning. In a subsequent statement published on Twitter on Wednesday, the city confirmed it "resumed full operations with all data systems functioning as normal." All in all, Las Vegas officials can count themselves lucky, especially if this was an attempt to infect the city's network with ransomware.