Last Week In Blockchain and CyberSecurity News - April 9, 2019
Hackers Are Targeting D-Link Home Routers
A cybercrime group has been targeting home routers (mostly D-Link models) to change DNS server settings and hijack traffic meant for legitimate sites to malicious ones. Researchers identified three waves of attacks which took place between December 2018 and March 2019. In the blog, researchers stated exploit attempts originated from hosts on the network of Google Cloud Platform (AS15169). The attackers abused well-known exploits in router firmware to hack into devices and change the router’s DNS configuration. As many aren’t notified of these changes, the attacks can go on without the user even knowing.
Targeted Routers include:
ARG-W4 ADSL routers
DSLink 260E routers
Google cloud has suspended the fraudulent accounts found by the researchers and is working through "established protocols" to identify any new ones that emerge. It is essential to have up to date software and hardware to protect oneself against attacks like DNS hijacking.
540 Million Facebook Records Leaked by Public Amazon S3 Buckets
Over 540 million records of Facebook users were exposed by publicly available Amazon S3 buckets used by two third-party apps. The bucket used by Cultura Colectiva stored 146 gigabytes of files containing information related to Facebook users. Information included account names, comments, likes, user ID’s, and more. The misconfigured Amazon S3 bucket gave anyone download permissions. Another database pertained information to the “At the Pool” app which had 22,000 records that included users' passwords in plain text. As the company who owned the app ceased operations five years ago, it raises the question of how many other misconfigured databases exist.
Read more here
Dozens of Credit Card Info Skimming Scripts Infect Thousands of Sites
Get more information here
Cryptocurrency Wallet Possibly Vulnerable on Samsung Galaxy S10 As the Fingerprint Sensor Is Fooled by A 3D Printed Fingerprint
In a video, the user ‘darkshark’ conducts a step-by-step approach on how to bypass Samsung Galaxy S10’s biometric authentication system. Unlike other smartphone fingerprint sensors, the Galaxy S10 utilizes ultrasonic technology to read the physical contours of a person's fingertip. Samsung states this produces a more secure authentication system than its rivals. However, as indicated above darkshark was able to bypass Samsung’s fingerprint model efficiently in under 20 minutes. This bypass brings up many questions and concerns as a malicious actor can take an unsuspecting victim’s fingerprint without them knowing and unlock their phone. As Samsung has a cryptocurrency wallet, it may be at risk by this bypass as well. If the victim’s phone has any information regarding the password, or the wallet utilizes biometrics, a malicious actor can use this tactic to their advantage and steal coins.
Read more here
LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files
A spam campaign has been using a new technique to avoid detection and spread the info-stealing LokiBot trojan. Researchers have observed spam messages that include a malicious zipx attachment hidden inside a .PNG file slip past some email security systems. LokiBot is a trojan designed to steal information from compromised accounts/devices secretly. By obfuscating the malicious code using the file signature of a .PNG, it is usually identified as a .PNG image, even though it is a .zipx extension. The code that holds the LokiBot trojan is appended to the end of the .PNG file signature. To successfully infect a victim, a user must click on the message attachment, decompress the .zipx file successfully, and then click the .exe file. While those who are somewhat tech savvy may not fall for tricks like this, many unsuspecting users will. It is always important to take security precautions to decrease the likelihood of infection.
Read more here