Cyber Security Headlines – May 24, 2022

Cyberattack divorces Zola users from registries 

The wedding registry site confirmed that a cyberattack over the weekend impacted many user accounts. Users on Reddit claimed that wedding and honeymoon funds were either drained, or that registered credit cards were used to make high-priced purchases. Many also reported email addresses changed to prevent them from accessing accounts. Zola said this appears to be a credential stuffing attack, using purloined credentials from other breaches to access the accounts directly. Zola said it reset all passwords and “all attempted fraudulent cash fund transfer attempts were blocked.”

(The Record)

A look at the RansomHouse data-extortion operation

In an age of near ubiquitous double-extortion ransomware schemes, it’s easy to forget that regular old data-extortion can still be a major issue without any encryption. A new darknet operation known as RansomHouse seems focused on this, breaching into networks to steal data and publish ransom notes on its leak site. The group appears to have launched in December 2021, not only publishing snippets of stolen data to prove intent, but also linking to media posts for those actively extorted to highlight the publicity the attack receives. If no ransom is paid, the group either sells the data to other threat actors or publishes it on their Tor site. The group maintains that it does not utilize ransomware itself.

(Bleeping Computer)

Now we have to worry about pre-hijacking attacks

A security researcher from Microsoft’s Security Response Center and an independent researcher found that 46% of 75 popular online services were vulnerable to so-called pre-hijacking attacks. This sees an attacker registering with a victim’s actual email, then waits for them to actually create an account on the service, often achieved through phishing. Depending on the service, some would perform a classic-federated merge, which would merge the two accounts without informing the new user, letting the attacker have access. Other sites allow for an unexpired session attack using an automated script to keep a session active until a victim creates an account and resets their password. The attackers could bypass email ownership validation by creating the account initially with an email they own, then changing it to a victim’s address. The researchers said these attacks seem to be possible with sites that attempt to reduce user friction at signup.  

(Bleeping Computer)

Russia-linked recon hacks hit Europe

The security firm Sekoia reports that the Russian-state sponsored hacking group Turla recently targeted the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College in a series of campaigns. The group is believed to have strong links to Russia’s FSB intelligence service. The purpose of the attacks appears to be reconnaissance, aimed at obtaining IP addresses that could be used in subsequent attacks as well as information on software running on networked machines. 

(Bleeping Computer)

Thanks to today’s episode sponsor, Optiv

Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of “Zero Trust Security: An Enterprise Guide” shares the following takeaways:
– The key elements of Zero Trust
– How to visualize your Zero Trust journey and place it in the proper context
– Integrated technologies to drive adaptive processes and a mature security model
Learn more at www.optiv.com/zerotrust.

Broadcom in talks to acquire VMware

Reuter’s sources say Broadcom is in talks to acquire VMware, although a deal is not imminent. Just before the news broke about the talks, VMware had a market cap of $40 billion. Broadcom is well known as a chipmaker, but why go after enterprise stalwart VMware? This would be Broadcom’s third acquisition to expand into the enterprise and security market, after acquiring the B2B software company CA Technologies for $18.9 billion in 2018 and Symantec’s enterprise security business for $10.7 billion in 2019.

(Reuters)

Meta will share ad targeting data with researchers

Meta plans to share targeting data on individual ads with pre-vetted researchers through its Facebook Open Research and Transparency project. The company has been reticent to share granular ad targeting data before in the past, arguing it could be reverse engineered to infer characteristics of individual users. Researchers from NYU that created a browser extension to look at this data from users that opted-in were suspended from Meta apps in the past. The company will also offer more information on political ads in its Ad Library, showing aggregate data about the number of ads a page has run targeting a given demographic, including ad spend. Ad Library data is open to all users.

(Protocol)

Clearview AI hit by regulators in UK

The U.K.’s Information Commissioner’s Office fined Clearview AI $9.4 million for violating its data protection laws and ordered the facial recognition company to delete all data from UK residents. The company is also barred from collecting UK resident data going forward. The regulator found Clearview did not collect data in a “fair and transparent” way, collected it without a lawful reason, and didn’t meet UK data protection standards for biometric data. In recent months, privacy watchdogs in Australia, France and Italy have also ordered Clearview to delete data on residents

(Protocol)

And now your “Should Have Patched Tuesday” update

Cisco patched a zero-day in its IOS XR router software that allowed authenticated attackers to access REdis instances in Docker containers, impacting only 8000 Series routers. Microsoft patched its patch that caused domain controller authentication issues, which had caused CISA to recommend not installing the initial patch last week. Mozilla patched a Firefox remote code execution vulnerability disclosed at the Pwn2Own hacking contest. 

(Naked Security [1] [2], Bleeping Computer)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.