Categories
Breach Cyber Security DDoS Ransomware Vulnerability

845GB of dating apps’ sensitive data exposed, CIA hacking tools compromised, and more

Major cybersecurity events on 17th June 2020 (Evening Post): MaxLinear discloses data breach after ransomware attack. T-Mobile outage due to a configuration error. Security vulnerability in Trump campaign app exposes Twitter application keys and secrets. Avon recovers after cybersecurity incident.

Round Up of Major Breaches and Scams

Chipmaker MaxLinear reports data breach after Maze Ransomware attack

U.S. system-on-chip (SOC) maker company MaxLinear disclosed that some of its computing systems were encrypted by Maze Ransomware operators last month, after an initial breach that took place around April 15. MaxLinear is a New York Stock Exchange-traded company and a provider of RF, analog, and mixed-signal integrated circuits.

845GB of sensitive explicit data on niche dating apps users exposed online

VpnMentor’s security research team headed by Noam Rotem and Ran Locar has discovered an unprotected database online containing sensitive data of members of at least 9 datings and hook up apps. The exposed data comprises of sexually explicit images, private conversations, audio recordings, and other types of sensitive data.

CIA’s ‘Lax’ Security Led to 2017 Compromise of Its Hacking Tools

An internal CIA report found that the majority of the agency’s top-secret hacking tools were improperly secured, including the use of shared administrator passwords and a lack of proper control over removable media. The report, released today by Sen. Ron Wyden (D-Ore.), found that it wasn’t until the tools were posted on WikiLeaks in 2017 that the agency learned of its data breach.

Wiggle Investigates Cyber-Attack

Online sports retailer Wiggle is investigating a suspected cyber-attack after receiving a series of complaints from customers. Concerns were raised after customers received emails confirming orders for items from Wiggle that they had not placed. The suspicious orders were set to be delivered to addresses that the confused customers did not recognize.

Round Up of Major Malware and Ransomware Incidents

Avon recovering after mysterious cyber-security incident

Cosmetics giant Avon is recovering from a mysterious cyber-security incident that took place last week, on June 8, sources have told ZDNet. The company has filed documents with the US Securities Exchange Commission disclosing the incident on June 9, a day after the company first discovered issues with some of its IT infrastructure.

DraftKings discloses SBTech ransomware attack in SEC filing

In a Form S-1 filed with the SEC today, DraftKings disclosed that SBTech, who they merged with in April, was hit by a ransomware attack at the end of March 2020. In April 2020, online fantasy sports leader DraftKings, online gambling technology provider SBTech, and Diamond Eagle Acquisition Corp (DEAC) finalized a three-way merger to operate under the name DraftKings Inc.

Round Up of Major Vulnerabilities and Patches

CoinMiner exploits Apple APSDaemon vulnerability to evade detection

Malware distributors are abusing a DLL hijacking vulnerability in Apple’s Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software. A common method of generating revenue on warez and crack sites, adult sites, video sharing sites, and file-sharing sites is to open low-quality web pages when a visitor attempts to view or download content.

Adobe Patches 18 Critical Flaws in Out-Of-Band Update

Adobe patched 18 critical vulnerabilities Tuesday impacting key products Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. The out-of-band fixes address vulnerabilities allowing an attacker to execute arbitrary code, if bugs are exploited. In its security bulletin Adobe said it was not aware of any exploits in the wild for any of the bugs.

Vulnerability in Trump campaign app revealed keys and secrets

A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered.

T-Mobile outage caused by configuration error, not a DDoS attack

Rumors began circulating on Twitter yesterday that the U.S. was under a massive DDoS attack. It turned out to be an outage on T-Mobile caused by a configuration error. It started with a tweet by an ‘Anonymous’ Twitter account that showed a “DDoS attack” map indicating that the USA was under a massive  DDoS attack allegedly from China.