Cyber Security Headlines – August 27, 2021

21-year-old claims responsibility for massive T-Mobile hack

John Binns, a 21-year-old Virginia native who now lives with his mother in Turkey, claims to be the driving force behind the T-Mobile hack which exposed the sensitive data of more than 50 million people. Binns told the Wall Street Journal that he conducted the attack from his home, where he gained access to a data center near East Wenatchee, Washington after which it took about one week to gain access to the servers containing the personal data. Binns stated, “I was panicking because I had access to something big. Their security is awful.” Binns revealed that he carried out the attack because he was angry about being tortured and spied on by US law enforcement agencies as part of cybercrime investigations against him. Binns would not confirm if the stolen data has been sold or if anyone paid him to carry out the attack.

(ZDNet)

Microsoft and Google to invest billions to bolster US cybersecurity

During the White House cybersecurity summit with business leaders on Wednesday, President Biden and his cabinet discussed how to better protect US businesses and interests against increasing cyberattacks. Commitments made by attending organizations include working with NIST on open-source software security standards to better protect against supply chain attacks. Additionally, Apple will push for mass adoption of multi-factor authentication, vulnerability remediation, event logging, and security training, while Google committed to investing $10 billion over the next five years to expand security initiatives such as zero-trust programs. Microsoft committed to investing $20 billion over the same period to increase its security solutions including initiatives to improve governmental security protections. Amazon will make their internal security awareness training available to the public for free and offer no-cost MFA devices to AWS customers. Cyber insurers pledged to improve the security posture of policyholders and several organizations committed to security awareness training initiatives, some of which specifically focus on historically excluded groups in technology.

(Bleeping Computer)

Ragnarok ransomware releases master decryptor after shutdown

The Ragnarok ransomware gang, who have been in operation since January 2020, appears to have called it quits Thursday, abruptly replacing all victims on their leak site with a master decryption key and brief instructions for using it. The gang left no explanation for shutting down, and its leak site listed 12 recent victims from various countries including France, U.S., Hong Kong, Spain, and Italy, up until early on Thursday. Ransomware expert Michael Gillespie confirmed the legitimacy of the decryptor by successfully decrypting a random Ragnarok file. A universal decryptor for Ragnarok ransomware is currently in the works and will soon be released by Emsisoft, a company famed for assisting ransomware victims with data decryption.

(Bleeping Computer)

FBI software issue allowed unauthorized access to private data

A new court filing in New York City revealed that unauthorized FBI employees were able to access private data through data analytics software called Palantir. A Manhattan federal court case against accused hacker Virgil Griffith revealed that data recovered from his Facebook and Twitter accounts, was accessed on Palantir between May 2020 and August 2021 by at least four FBI employees who work outside New York and were not investigating the case. The agents were able to view the material because it was entered in Palantir through default settings which permitted access to personnel not working directly on the case. A Palantir spokesperson stated that the error was caused by the FBI, and not by a glitch in their software. An attorney for Griffith, Brian Klein, said, “We are very troubled by what happened. We are looking into the legal remedies.”

(New York Post)

Thanks to our episode sponsor, Privacy.com

Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you’re shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you’re never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make!

Atlassian warns of critical Confluence flaw

Atlassian has warned users of a Critical Webwork OGNL injection vulnerability in its Confluence Server, tagged as CVE-2021-26084, that would allow an authenticated user, and in some cases unauthenticated users, to execute arbitrary code. The bug, which was discovered through Atlassian’s public bug bounty program, scores 9.8 out of 10 on the Common Vulnerability Scoring System. Atlassian has released fixes for versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0, but the company’s advisory suggests upgrading to the latter version, which was just released last week. Atlassian indicates that a full upgrade is not possible for all users, who may need to step up to the clean double-point versions before upgrading to version 7.13. Cloud-hosted Confluence is not impacted by the bug.

(The Register)

Chinese developers expose data belonging to Android gamers

A report issued by the cybersecurity team at vpnMentor, identified Chinese game developer EskyFun as the owner of a 134GB server that exposed information belonging to an estimated 1 million Android gamers. On Thursday, the team said that users of Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok, were affected. Over 365 million records containing a wealth of data including detailed device info, purchase transaction data and account passwords stored in plaintext due to what vpnMentor refers to as EskyFun’s “aggressive and deeply troubling tracking, analytics, and permissions settings.” vpnMentor discovered the unsecured server on July 5, and after making several unanswered notifications to EskyFun, contacted Hong Kong CERT and the server has been secured as of July 28.

(ZDNet)

WhatsApp, Facebook, and Twitter fined for not storing user data inside Russia

According to an announcement by Russia’s telecoms regulator on Thursday, a Moscow court has fined WhatsApp, Facebook, and Twitter $54,000, $202,000, and $228,000 respectively for not storing the data of Russian users inside Russia’s borders. The fines are based on Russia’s data-localization law which took effect in 2015. The Facebook and Twitter fines are larger because they both received fines last year while this is the first fine for WhatsApp. Facebook paid the prior-year fine, while Twitter did not. Russia began enforcing the law in 2016, which led to a show-of-force ban on LinkedIn.

(The Record)

Verizon has successfully deployed a VPN that could withstand quantum attacks

Verizon is trialing what it describes as a “quantum-safe” virtual private network (VPN) between one of the company’s labs in London, UK and a US-based center in Ashburn, Virginia. According to Verizon, the trial used encryption keys that were generated using post-quantum cryptography methods and demonstrates that it is possible to replace current security processes with quantum-proof protocols. While NIST has been leading an initiative to develop similar algorithms, Verizon has significant amounts of VPN infrastructure and the company sells VPN products, which is why the team is keen to employ post-quantum cryptography sooner.

(ZDNet)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.