Round Up of Major Breaches and Scams
In an award-winning paper presented at the USENIX security conference this week, a team of academics from North Carolina State University presented a list of findings from operating a massive telephony honeypot for 11 months for the sole purpose of tracking, identifying, and analyzing the robocalling phenomenon in the US. NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls.
Salesforce and Oracle are to face a GDPR lawsuit in London and the Netherlands that could cost them up to €10bn in fines, a legally aggressive privacy campaign group has claimed to The Register. The suit, which alleges the ad-tech subsidiaries of the American giants are in breach of the EU’s General Data Protection Regulation, is to be formally commenced in the Netherlands today. A campaign group calling itself the Privacy Collective is capitalising on newly liberalised UK rules allowing class-action-style lawsuits to go ahead.
Running out of introductions for reporting on something that happens so often. Just yesterday it was reported that a medical software firm exposed 3.1 million patients’ data to the public. In the latest, it has been found that 350 million unique email addresses were sitting exposed on a misconfigured Amazon S3 bucket for public access without any security authentication.
More than 43,000 NHS staff have been hit by phishing emails over the past few months, as they battled to save patients infected with COVID-19, a Freedom of Information (FOI) request has revealed. Think tank Parliament Street asked NHS Digital for the data on spam and phishing emails from March to July 14. A spokesperson confirmed to Infosecurity that the figures related to user reports of malicious and scam messages in their inbox, so the real total could be far higher.
The hub was described as central to defending against deception and confusion in what promises to be an election roiled by the pandemic and efforts to dupe voters. The move comes amid a coordinated effort by Facebook, Google and other online platforms to curb the spread of disinformation and thwart efforts to manipulate voters. Google separately announced new features for its search engine to provide detailed information about how to register and vote, directing users to local election administrators.
Round Up of Major Malware and Ransomware Incidents
Citrix released an advisory on Thursday about troublesome Windows Defender definition updates that break Delivery Controllers and Cloud Connectors running Microsoft’s antivirus. The issue is due to Windows Defender misidentifying as malicious and quarantining the main and secondary Citrix broker services (BrokerService.exe and HighAvailabilityService.exe) responsible for tracking current user connections/sessions.
Also referred to as Hidden Cobra, Lazarus is a cyber-espionage threat actor that also engages in financially-motivated attacks, including campaigns on crypto-currency exchanges, the WannaCry outbreak in 2017, the Sony Pictures Entertainment incident, and the $81 million Bangladesh bank theft. The hacking group is known for the use of a variety of malware, including the recently detailed MATA framework and a significant number of Mac malware families. Over the past couple of years, the U.S. Cyber Command (USCYBERCOM) has shared various malware samples associated with the group.
Round Up of Major Vulnerabilities and Patches
Security researchers at Check Point have discovered the Amazon Alexa assistant can be hacked to make it hand over sensitive data including voice recordings due to flaws within the services subdomains. The researchers explained that these critical issues could occur because the services subdomains are prone to Cross-Origin Resource Sharing (CORS) misconfiguration and cross-site scripting (XSS) attacks.