Cyber Security Roundup for August 2019

Twitter boss, Jack Doresy, had his Twitter account was hacked at the end of August, with hackers using his account to send a stream of offensive messages to his 4.2 million followers. It appears Jack was using his mobile phone to provide multi-factor authentication access to his Twitter account, a good solid security practice to adopt, however, it appears his Twitter account password and his mobile phone SMS service were both compromised, the latter probably due to either sim card swap fraud social engineering by the hacker, or by an insider at his mobile network service provider.

A database holding over a million fingerprints and personal data was exposed on the net by Suprema, a biometric security company. Researchers at VPNMentor didn't disclose how they were able to find and access the 'Biostar 2' database, nor how long the data was accessible online. Biostar 2 is used by 5,700 organisations, including governments, banks and the UK Metropolitan Police. In a similar fashion, an independent researcher found a 40Gb Honda Motor Company database exposed online.

TfL took their Oyster system offline to 'protect customers' after a credential stuffing attack led to the compromise of 1,200 Oyster customer accounts. A TfL spokesman said 'We will contact those customers who we have identified as being affected and we encourage all customers not to use the same password for multiple sites.' I was also directly made aware that restaurant chain TGI Friday was also hit were a credential stuffing attack(s) after it urgently warned its UK customers on the importance of using strong unique passwords for its reward scheme.

It was another bumper 'Patch Tuesday', with Microsoft releasing security updates for 93 security vulnerabilities, including 31 which are 'critical' rated in Windows, Server 2019, IE, Office, SharePoint and Chakra Core. 

Amongst the Microsoft patch release were patches for two serious 'bluekeep' or 'WannaCry' wormable vulnerabilities in Windows Remote Desktop Services, CVE-2019-1181 and CVE-2019-1182.  A Microsoft Security Response Center (MSRC) blog post said Microsoft had found the vulnerabilities as part of a project to make Remote Desktop Services more secure, and stated 'future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.” The fixes for these are available for download in the Microsoft Security Update Guide.

A United Nations report concluded North Korea funded its weapons programme to the tune of $2 billion from profits from cyber attacks. 'Democratic People’s Republic of Korea cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programmes, with total proceeds to date estimated at up to two billion US dollars,' the UN report said. The report referred at least 35 instances of North Korean-sponsored cryptomining activity or attacks on financial companies and cryptocurrency exchanges. The attacks spanned a total of 17 countries and were designed to generate funds the would be hard to trace and elude regulatory oversight.

NEWS

• Cybersecurity Firm Imperva Discloses Breach
• Eurofins Scientific Cyber-attack leads to a backlog of 20,000 UK Forensic Samples
• Serious Cyber Attack could trigger full NATO response, says Jens Stoltenberg 
• TfL takes the Oyster system offline after Customer Accounts accessed
• TGI Fridays frantically warn customers to urgently change app passwords
• French ‘Cybercops' dismantle Pirate Computer Network
• Twitter boss Jack Dorsey’s account hacked sending out a stream of offensive messages
• BioStar 2 Database Leaked One Million Fingerprints and Facial Recognition Data 
• Capital One accused 'breached 30 other organisations’
• A Researcher uses GDPR’s Right of Access to steal others’ personal information
• 700,000 Choice Hotels Customer Records Compromised 
• Honda Motors Company databases leaked 40GB of employee data 
• North Korea took $2 billion in Cyberattacks to fund weapons program according to a U.N. report
• Pearson Data Breach Impacts thousands of University Accounts
• Google finds 'indiscriminate iPhone attack lasting years'

VULNERABILITIES AND SECURITY UPDATES

• Microsoft Patches 93 Vulnerabilities, including 31 Critical for Windows, Server2019, IE, Office, SharePoint & ChakraCore
• BlueKeep-like RCE flaws in RDP among 93 Vulnerabilities Patched by Microsoft 
• Adobe Releases Fixes at least 76 ‘important’ Vulnerabilities in Acrobat and Acrobat Reader
• Intel Rolls Out Security Updates for Seven Products lines, three rated as High
• Critical Patches released for Adobe Photoshop
• Cisco issues multiple product updates, fixes critical flaws in small business switches 

HUAWEI NEWS AND THREAT INTELLIGENCE

• U.S. renews temporary license allowing companies to sell to Huawei, adds 45 to blacklist
• Huawei confident UK will resist 'politically motivated' pressure from US over 5G 

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• MegaCortex variant redesigned a self-executing, incorporates features of the previous version
• Record Future Research: Hacktivism activity and chatter has markedly dropped since 2016
• Exabeam Survey: Red/Blue team exercises show defensive Shortfalls
• Risk-Based Security 2019 MidYear QuickView Data Breach Report: 4 Billion Records Exposed
• Cloud Atlas Threat Group Updates Weaponry with Polymorphic Malware
• New Saefko Trojan focuses on Stealing Credit Card details and Crypto wallets
• LokiBot Malware now hides its source code in Image Files