Last Week In Blockchain and Cybersecurity News – January 28, 2020

250 Million Microsoft Customer Support Records Exposed Online

Microsoft customers who have requested technical support within the past 14 years may have had their queries and personally identifiable information compromised due to a misconfigured server. Last week, Microsoft admitted that Customer Service and Support (CSS) records containing logs of conversations between customers and staff members were available online for anyone to download.

Microsoft has stated that the personally identifiable information in the database was not in a standard format, so it’s unlikely an outside party could expose it. However, Bob Diachenko, the cybersecurity researcher who discovered the unprotected database, stated it contains partially sensitive data, including:

  • Email addresses,

  • IP addresses,

  • Locations,

  • Descriptions of CSS claims and cases,

  • Microsoft support agent emails,

  • Case numbers, resolutions, and remarks,

  • And internal notes marked as “confidential.”

 Those impacted by the leaked database will be notified in the upcoming weeks.

Read more here

Trend Micro Antivirus Zero-Day Used in Mitsubishi Electric Hack

In a recent press release, Mitsubishi Electric states that it fell victim to a hack last year. According to the company’s statement, hackers were able to gain access to its internal network and steal 200 MB of files on June 28, 2019. The stolen documents seem to be primarily related to data surrounding employees, including:

  • Data on employment applications for 1,987 people

  • The results of a 2012 employee survey that was filled in by 4,566 people from the company’s head office

  • Information on 1,569 Mitsubishi Electric workers who retired between 2007 and 2019

  • Files with corporate confidential technical materials, sales materials, and others

However, the Japanese media dug deeper into the hack and have discovered that the initial foothold into the company was a vulnerability in one of the antivirus products it uses. According to a source close to ZDNet, the hackers exploited CVE-2019-18187, a directory traversal and arbitrary file upload vulnerability in Trend Micro OfficeScan antivirus.

In October 2019, Trend Micro sent out  a security advisory stating that “affected versions of OfficeScan could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).” Japanese media has stated that Tick, a Chinese state-sponsored group, was responsible for the hack.

Read more here

New Ryuk Info Stealer Targets Government and Military Secrets

A modified version of Ryuk ransomware is stealing sensitive data such as financial statements, banking information, and more from military and government entities. MalwareHunterTeam discovered the new variant, which contains an additional module that scans for files with targeted keywords. Previously, Ryuk would only scan Word and Excel documents within a targeted computer.

BleepingComputer

BleepingComputer

According to BleepingComputer, the full list of targeted extensions includes:

  • .cpp

  • .h

  • .xls

  • .xlsx

  • .doc

  • .docx

  • .pdf

  • wallet.dat

  • .jpg

If the scanning module discovers one of the above extensions, it then checks the contents of the file to see if it contains any of the keywords listed below.

image.jpeg
image.jpeg
image.jpeg

Keywords such as ‘clandestine, investigation, federal, 10-1, checking, balance, and password’ convey the new approach Ryuk attackers are taking to discover sensitive documents.

As always, keeping your computer anti-virus software up-to-date and practicing proper security hygiene will help you decrease the likeliness of infection.

Get more information here

Shlayer Malware Was the Most Common Threat to MacOS Devices in 2019

Kaspersky Lab has revealed that the Shlayer malware was the most common macOS threat throughout 2019. Last February, the malware targeted MacOS versions 10.10.5-10.14.3 by posing as an Adobe Flash update. The variant deployed numerous levels of obfuscation and also provided legitimate Apple developer ID in many of its initial DMGs.

Unlike other MacOS malware, Shlayer variants are written in python and their operation algorithms differ from other threats.

image.jpeg

The United States leads in the number of infection attempts (31%), followed by Germany (14%), France (10%), and the UK (10%).

Read more here

Cisco WebEx Flaw Lets Unauthenticated Users Join Private Online Meetings

A high severity vulnerability in Cisco’s popular WebEx application allows strangers to connect to a password-protected meeting without any authentication. The attacker only needs the meeting ID and a WebEx app on either iOS or Android to gain access.

According to Cisco’s advisory last Friday, “The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications.” To explain further, “An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser.”

The flaw affects Cisco’s WebEx Meetings Suite versions earlier than 39.11.5 and Cisco WebEx Meetings Online sites earlier than 40.1.3. The vulnerability (CVE-2020-3142) has a CVSS score of 7.5 out of 10 and was discovered internally.

Read more here

Leave a Reply

Your email address will not be published. Required fields are marked *