Last Week In Blockchain and CyberSecurity News - September 24, 2019

Google Removes Two Chrome Ad Blocker Extensions Caught 'Cookie Stuffing'

Last week, Google removed two malicious extensions which were impersonating popular ad blockers. According to Andrey Meshkov’s research, the two Chrome extensions acted as fully functional ad blockers but secretly performed cookie stuffing attacks on its users. 

Cookie stuffing is when a website or browser extension adds additional information to a user’s cookie. It’s an affiliate marketing practice that pushes a third-party cookie from an unrelated website onto the victim without their knowledge.  

In this case, the malicious extensions AdBlock by AdBlock, inc and uBlock by Charlie lee would modify cookie files from unsuspecting victims and “add a parameter that would ensure the extension authors would earn a commission from any payments” users made on targeted sites. Teamviewer.com, Microsoft.com, Aliexpress.com, and others were on the affiliate list.  

The malicious activity on the browser extensions would initiate 55 hours after installation and would terminate its operations if the victim opened Chrome’s developer tools. In total, the extensions had over 1.6 million downloads – Adblock with over 800,000 and uBlock with over 850,000.  

Read more here

400 Million Medical Radiological Images Exposed on the Internet

A recent analysis of medical image storage systems from Greenbone Networks reveals that almost 600 servers from 52 countries have no security measures in place to stop unauthorized users from accessing their information. The issue derives from how the Picture Archiving and Communication System (PACS) systems are configured to connect to the public internet. PACS are used to retrieve and store information sent by X-RAY, CT, and MRI machines.  

Greenbone Networks used public device discovery engines to identify 590 PACS servers that were accessible online and exposed around 24.3 million patient records. 

Accessible personal and medical details included: 

  • First name and surname 

  • Date of birth 

  • Date of examination 

  • Scope of the investigation 

  • Type of imaging procedure 

  • Attending physician 

  • Institute/clinic 

  • Number of generated images  

In total, 399.5 million images were accessible throughout open PACS servers around the world. Greenbone’s report also reveals that the systems are vulnerable to more than 10,000 security issues, 20 percent of the systems have a high severity score, and 500 systems have a 10 out of 10 CVSS score. 

Read more here

Critical Flaws Affect Jira Service Desk and Jira Service Desk Data Center

Atlassian has released multiple security updates, disclosing numerous critical vulnerabilities in the Jira Service Desk Data Center and Jira Service Desk. The flaws can lead to information disclosure and server-side template injection which may allow remote code execution.  

The first flaw, CVE-2019-14994, is exploitable by anyone who has access to the vulnerable portal, including customers of the product. A successful exploit of this vulnerability allows an attacker to “view all issues within all Jira projects contained in the vulnerable installation, including Service Desk projects, Jira Core projects, and Jira Software projects.” 

Many installations are already exposed online, and as the IT ticketing application is used in healthcare, government, and education organizations, it’s critical to update the application as soon as possible. The second flaw, CVE-2019-15001, affects version 7.0.10 of the Jira Server and Jira Data Center.  

You can find the security advisory here.   

Get more information here

Attackers Breach Click2Gov Payment Portals in 8 Cities, Compromising Over 20,000 Payment Card Records

Researchers at Gemini Advisory are following a wave of Click2Gov breaches impacting eight cities throughout five states.  

Over 20,000 payment card records have been stolen and are currently available for sale on the dark web. In the past year, researchers have observed attackers breach Click2Gov portals belonging to dozens of cities throughout the US and Canada, resulting in the compromise of over 300,000 payment card records.  

Those cities include: 

  • Deerfield Beach, Palm Bay, Milton, and Coral Springs, Florida; 

  • Bakersfield, California;  

  • Pocatello, Idaho; 

  • Broken Arrow, Oklahoma; 

  • And Ames, Iowa. 

The company that owns the Click2Gov payment portal, CentralSquare Technologies, has launched a forensic investigation into the incident and will be working with its clients to fix the issue.  

Read more here

EtherDelta Cryptocurrency Exchange Hackers Indicted

U.S. authorities have indicted two suspects responsible for the EtherDelta hack from December 2017. Elliot Gunton and Anthony Tyler Nashatka are accused of changing the site’s DNS settings and redirecting traffic to a malicious website where they stole customer credentials and funds.  

According to court documents presented to ZDNet, the two malicious attackers acquired EtherDelta CEO Zachary Coburn’s personal information from the dark web using bitcoin. With that information, they were then able to hijack EtherDelta’s Cloudflare and DreamHost accounts.   

Gunton also added a call forwarding number to Coburn’s mobile account and modified the DNS settings in the company’s G Suite portal to intercept and hide individual emails. The court documents do not provide any information on how much Gunton and Nashatka made; however, they do reveal that one victim lost more than $800,000. Both criminals currently face five counts each, with a maximum sentence of 20 years and a fine of up to $250,000.  

Read more here