533 million Facebook users have personal data leaked online
The exposed data which was published on a hacking forum on Saturday affects Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. The data includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses. A Facebook spokesperson told Business Insider that the data was scraped due to a vulnerability that the company patched in 2019. The leak was first discovered in January at which point the data was being offered for a price. Now, the entire dataset is made freely available to anyone with rudimentary data skills.
Sierra Wireless resumes production after ransomware attack
The Canadian multinational IoT solutions provider was attacked on March 20 with a hit to its internal network and corporate website. The company has stated that customer-facing products and services were not impacted since the internal IT systems are separated. As such the company does not expect there to be any product security patches, or firmware or software updates required. Sierra Wireless manufactures wireless modems, routers, and gateways sold directly to OEMs for IoT devices and smartphones.
Malware attack is preventing car inspections in eight US states
The attack, which occurred last Tuesday, March 30 on emissions testing company Applus Technologies, disconnected its IT systems, preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. Applus Technologies cannot provide a time frame for when they will restore service as State governments require them to go through a rigorous mitigation and testing process, which may have a cascade effect with DMV inspections, which may further lead to citations for lapsed inspections.
Ransomware 2.0 is here
The availability of ransomware-as-a-service is allowing more cybercriminals to become involved in the business, which now includes double extortion, which, according to analysis from F-Secure, has increased drastically in 2020. This has led to an increase in ransomware families, including Ragnar Locker, Doppelpaymer, Clop, Conti, and ChaCha. Key finding in the report include attackers are using Excel formulas, which cannot be blocked, to hide malicious code, Outlook, FaceBook and Office 365 were the most popular brands spoofed in phishing emails, three-quarters of domains used to host phishing pages were web hosting services, and email accounted for over half of all malware infection attempts in 2020, making it the most common method of spreading malware in ransomware attacks.
Thanks to our episode sponsor, Sotero
Charming Kitten is phishing for medical professionals
Cybersecurity company Proofpoint reports that an Iran-linked threat actor, TA453 (also known as Charming Kitten or Phosphorous), is running a phishing campaign against “senior medical professionals who specialize in genetic, neurology, and oncology research in the United States and Israel.” The operation, dubbed “BadBlood,” used spearphishing emails with URLs that led to spoofed Microsoft 365 and OneDrive login pages. Proofpoint cannot conclusively determine the motivation of these actors – it may be that a subset of TA453 operators have an intelligence requirement to collect specific medical information related to research in these fields. Alternatively, this campaign may demonstrate an interest in the patient information of the targeted medical personnel or aim to use the recipients’ accounts in further phishing campaigns.”
A new month, a new Microsoft outage
Microsoft stumbled back online Thursday after an hours-long outage in the middle of the U.S. west coast working afternoon. Besides its homepage, Microsoft’s Xbox and Office services went down, log-in pages didn’t load, and the company’s status pages were also knocked offline by the outage.Microsoft’s cloud service Azure also fell offline, causing outages to any sites and services that rely on it. Microsoft confirmed it was a networking issue related related to DNS. Microsoft spokesperson confirmed at 7pm PT of the same day that it had “mitigated the issue.”
APTs actively exploiting Fortinet VPN security holes
Following up on a story we brought to you in November of last year, The FBI and CISA are warning that advanced persistent threat (APT) nation-state actors are now actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. Cyberattackers are scanning devices on ports 4443, 8443 and 10443, looking for unpatched Fortinet security implementations, ideally to gain access to multiple government, commercial and technology services networks.”
GitHub investigating crypto mining abuses
GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company’s servers for illicit crypto-mining operations. The attacks, which have been going on since the fall of 2020 abused a feature called GitHub Actions, which allows users to automatically execute tasks and workflows once a certain event happens inside one of their GitHub repositories. The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository in order to merge the code back into the original, without needing approval of the original project owner.