Breach Brute-force Bug Data leak Hacking Scam Snooping Vulnerability

Data of 17M CouchSurfing users leaked, Meow attack deletes 4000 unsecured databases, and more

Major cybersecurity events on 24th July 2020 (Morning Post): 29 fraudulent apps, part of the cyber-scheme Chartreuse Blur, detected and exposed, after 3.5 million downloads. ASUS home router bugs expose consumers to snooping attacks. IVG vulnerability allows attackers to brute-force into systems.

Round Up of Major Breaches and Scams

17 million CouchSurfing users’ data for sale on data sharing forum

CloudSEK has discovered a data leak that contains sensitive information of 16.99 million users of CouchSurfing is a global homestay and social networking service through which members avail and provide lodging, organize events, and socialize. CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 16.99 million unique CouchSurfing users.

Fraudulent Photo App Operation Detected on Google Store

Researchers have exposed a malicious cyber-operation involving fraudulent photo-editing apps, none of which were found to function as advertised. New research published today by White Ops’ Satori threat intelligence team revealed 29 fraudulent apps to be part of a nefarious cyber-scheme that they have named Chartreuse Blur. The apps, which have already been downloaded 3.5 million times from the Google Play Store, cause out-of-context (OOC) ads to run rampant on a compromised device.

Hackers Try to Steal Transfer Fees, Cripple Football Stadiums

The UK’s sporting organizations have been told to urgently improve cybersecurity after a new GCHQ report revealed that 70% have experienced a breach or incident in the past year, more than double the business average. The National Cyber Security Center (NCSC) study also claimed that 30% of these organizations have experienced over five incidents in the past year. In a sector said to contribute £37bn to the UK economy, it’s no surprise that most threats are financially motivated.

Round Up of Major Malware and Ransomware Incidents

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

Hundreds of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that destroys data without any explanation. The activity started recently by hitting Elasticsearch and MongoDB instances without leaving any explanation, or even a ransom note. Attacks then expanded to other database types and to file systems open on the web.

Round Up of Major Vulnerabilities and Patches

Twilio Security Incident Shows Danger of Misconfigured S3 Buckets

Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers. Twilio, the cloud communications platform-as-a-service (CPaaS) giant, has confirmed a security incident in which attackers accessed a misconfigured Amazon AWS S3 bucket and modified the TaskRouter JavaScript SDK. The SDK path had been publicly readable and writable since 2015.

ASUS Home Router Bugs Open Consumers to Snooping Attacks

The two flaws allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router. A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices – and eavesdrop on all of the traffic and data that flows through them. The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router’s firmware update functionality. Originally uncovered by Trustwave, ASUS has issued patches for the bugs.

IBM Verify Gateway vulnerability allowed remote attackers to brute-force their way in

IBM has patched a vulnerability in Verify Gateway (IVG) that allows attackers to brute-force their way into systems remotely. IVG is software designed to protect enterprise systems through multi-factor authentication features and pre-built credential provider services. IVG supports a range of operating systems and platforms including Windows, RedHat, Centos, Ubuntu, Debian, AIX, and SuSE.

App for Chinese DJI drones could give hackers full control of users’ phones, researchers say

The Android application used to operate drones manufactured by DJI contains a number of features that could allow attackers to target users with malicious applications or gain full control of users’ phones, according to recent research by France-based Synacktiv and U.S.-based GRIMM. Researchers found that the DJI GO 4 application can force updates on users without routing them through the Google Play Store.