Last Week In Blockchain and CyberSecurity News - July 9, 2019

Sensitive SMB Records and Customer Credit Card Details Leaked by Fieldwork Software Database

A database owned by Fieldwork Software, a platform marketed towards SMBs providing CRM tools and more, was recently found open to the public, exposing over 26 GB of data. The database includes “customer names, addresses, phone numbers, emails and communication sent between users and clients, instructions, and photos of work sites.” Other datasets include more sensitive information, including “the GPS locations of clients, IP addresses, billing details, signatures, and full credit card details.”  

Researchers also discovered they could abuse automatic login links to access the Fieldwork service portal, further showing that a dedicated cybercriminal could gain access into the platform’s backend system. Having such access would allow a hacker to lock the company “out of the account by making backend changes."  

Read more here

Crypto Mining Campaign Involves Golang Malware to Target Linux Servers

Experts at F5 Networks have discovered a new strain of Golang malware infecting several thousand machines. The analysis published by F5 states, “The malware campaign propagates using 7 different methods: 4 web application exploits (2 targeting ThinkPHP, 1 targeting Drupal, and 1 targeting Confluence), SSH credentials enumeration, Redis database passwords enumeration, and also trying to connect other machines using found SSH keys.”  

When the malware enters a system, it downloads a bash script from its host server. Then, it attempts to disable several security controls as well as install a Monero (XMR) miner. The XMR miner uses the cryptonight algorithm and submits hashes to several public pools. The malicious file has been downloaded over 12,000 times from Pastebin.  

Read more here

British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

Britain's Information Commissioner’s Office (ICO) charged British Airways with a record fine of £183 million over a security breach last year that affected half a million of its customers. Personal details and credit card numbers of more than 380,000 British Airways customers were stolen in a hack that lasted over two weeks.  

The ICO released a statement describing the “poor security arrangements” deployed by British Airways and how security misconfigurations allowed hackers to steal customer data. British Airways has 28 days to appeal this penalty.  

Get more information here

Libra Cryptocurrency Scams Already Active Ahead of 2020 Launch

Cybercriminals have wasted no time registering domain names that impersonate the legitimate websites for both Libra and the Calibra wallet. Around the announcement date, over 110 domains were registered with names similar to Facebook’s upcoming cryptocurrency and wallet. 

Some of the domains are rumored to be cybersquatting attempts, in which individuals purchase domains, hoping for Facebook to later buy them. However, researchers at Digital Shadows found “six domains that imitate the original Libra site, some of them being active and mimicking the real website almost to the dot.”   

Some cyber criminals have put in a decent amount of effort to trick victims such as canlibrawallet[.]com, “which is behind Cloudflare, has the same look as the official Libra.org, including a link to the legitimate whitepaper on the cryptocurrency and other URLs pointing to the official Libra website.”  

Other malicious websites offer VPS services or attempt to steal other users’ cryptocurrency. As always, it is critical to practice proper precautions when visiting websites to ensure you’re not being duped.  

Read more here

Monero Security Flaw Could’ve Seen XMR Stolen from Cryptocurrency Exchanges

Monero recently disclosed nine security vulnerabilities, two of which were classified as “critical.”  

One of the vulnerabilities could have allowed hackers to steal XMR from cryptocurrency exchanges. In their initial HackerOne report, researchers stated that “rogue Monero miners were hypothetically able to create ‘specifically-crafted’ blocks to force Monero wallets into accepting fake deposits for an XMR amount chosen by the attacker.”  
Other vulnerabilities included five DoS attack vectors, one of which was labeled as “critical” severity. Security researchers who discovered the critical bugs received a 45 XMR ($4,100) reward.   

Read more here