Data for 700 million LinkedIn users posted for sale
On the heels of the loss of 500 million records in April, a new posting with 700 million LinkedIn records has appeared on the popular hacker forum RaidForums, according to researchers. from Privacy Sharks. An ad posted June 22, claims that the records are included in the cache, and included a sample of 1 million records as proof. According to LinkedIn, no breach of its networks has occurred this time, either, so the scraping of public profiles is a likely source. Though no financial information was released, the data is prime raw material for identity theft, spam, brute force attacks and social engineering.
House lawmakers introduce American Cybersecurity Literacy Act to mitigate cyber risks
A bipartisan group of representatives introduced legislation that mandates the National Telecommunications and Information Administration (NTIA) to set up a cyber literacy campaign to bring awareness on online security and prevention of potential cyberattacks. The awareness programs include basic security lessons on how to detect phishing emails, the importance of strong passwords, using multi-factor authentication, and risks associated with the public internet.
UK foreign secretary’s private mobile number has been online for at least 11 years
This fact is raising questions for security services just weeks after the British Prime Minister Boris Johnson’s number was also revealed to be accessible to anyone. Dominic Raab’s number was discovered by a Google search leading to a web page that also contained other personal details about him. The former UK national security adviser Peter Ricketts said the breach regarding Raab’s number showed more attention must be paid to online security. Senior officials had reportedly advised the Prime Minister to change his phone number due to concerns but he is said to have refused.
Google now requires app developers to verify their address and use 2FA
Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details. In addition, it is also mandating users of Google Play Console to sign in using Google’s 2-Step Verification to prevent account takeover attacks. The requirement will roll out later this year.
Thanks to our episode sponsor,
Microsoft’s Halo dev site breached using dependency hijacking
Dependency confusion, which we have reported on previously with regard to Gitub, represents an inherent weakness in open-source repository managers in which projects that use a private, internally created dependency and be fooled into using a false one with the same name. In this case a researcher found an internal dependency being used by an open-source project, and after publishing a public dependency by the same name, he began receiving messages from Microsoft’s Halo game development servers. Although this issue was resolved by Microsoft and was not malicious, it represents a growing challenge for users of open source repositories.
New ransomware highlights widespread adoption of Golang language by cyberattackers
A new ransomware strain that utilizes Golang – a statically typed, compiled open source programming language – highlights its increased adoption by threat actors. According to CrowdStrike, a sample of a new ransomware variant, as of yet unnamed, borrows features from HelloKitty, DeathRansom and FiveHands. “This method of using a memory-only dropper prevents security solutions from detecting the final payload without the unique key used to execute the packer,” CrowdStrike says. In addition all necessary libraries are statically linked and included in the compiler binary, and the function name recovery is difficult.
Western Digital removed code that would have prevented the wiping of petabytes of My Book data
Following up on a story we brought you on Monday, it appears week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but also a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows. Reading the vulnerable code itself, shows that a Western Digital developer actively removed sections that required a valid user password before allowing factory resets to proceed.
PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug
In what looks to have been an accident, an in-depth technical write-up and a fully working PoC exploit were shared on GitHub yesterday. Focusing on a vulnerability in the Windows Print Spooler service that can allow a total compromise of Windows systems. Initially this bug was categorized as a low-importance vulnerability, but Microsoft last week updated its description to classify it as a remote code execution issue that could be remotely exploited to allow attackers to take full control of unpatched Windows systems. The GitHub repo was been taken offline after a few hours, but not before it was cloned by several other users.