IT Security Newsletter

IT Security Newsletter - 12/2/2019

Written by Cadre | Mon, Dec 2, 2019

Insecure Database Exposes Millions of Private SMS Messages

Tens of millions of SMS messages have been found on an unprotected database, putting the private data of hundreds of millions of people in the United States at risk for theft or exposure and leaving a communications company open for potential intrusion, security researchers discovered. Noam Rotem and Ran Locar from the research team of vpnMentor found the database, which they said belongs to TrueDialog, a U.S.-based communications company, according to a blog post.

Russia’s Sandworm hacking group heralds new era of cyber warfare

Speakers at this year’s CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently.

Hacker’s paradise: Louisiana’s ransomware disaster far from over

Louisiana has brought some of its services back as it recovers from a targeted ransomware attack using the Ryuk malware on November 18. The state's Office of Motor Vehicles re-opened offices on Monday in a limited fashion. But OMV and other agencies affected—including the state's Department of Health and Department of Public Safety—are facing a number of potential hurdles to restoring all services, according to people familiar with Louisiana's IT operations.

Dexphot Malware Hijacked 80K+ Devices to Mine Cryptocurrency

Microsoft is warning of malware, Dexphot, that has infected more than 80,000 machines, sucking up their CPU power in order to mine cryptocurrency. Researchers first discovered Dexphot in October 2018 and saw its activity peak during July. They said that the malware has a complex attack chain and also uses various methods to outwit detection efforts, including an obfuscated script designed to check for antivirus products, and regularly-scheduled malware updates.

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords. This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials that were saved in Google Chrome's password manager.

2019 experienced massive spate of crypto crimes, $4.4 billion to date

With only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of cryptocurrency exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds Travel Rule included in the updated Financial Action Task Force (FATF) guidance, according to CipherTrace.

5 scams to watch out for this shopping season

According to Adobe, consumers in the US are predicted to spend a staggering US$143.7 billion this shopping holiday season. Unsurprisingly, smartphones are expected to account for a significant part of the purchases made. Shopping platforms will be dropping prices and offering deals aiming to unseat the competition. Far too often, what looks too good to be true will, in fact, be a scam designed to separate you from your hard-earned cash.

Hacking robotic vehicles is easier than you might think

Robotic vehicles like Amazon delivery drones or Mars rovers can be hacked more easily than people may think, a research from the University of British Columbia suggests. The researchers designed three types of stealth attack on robotic vehicles that caused the machines to crash, miss their targets or complete their missions much later than scheduled. The attacks required little to no human intervention to succeed on both real and simulated drones and rovers.

Smartwatch exposes locations and other data on thousands of children

Researchers at the AV-Test Institute have uncovered gaping privacy and security holes in the SMA-WATCH-M2 smartwatch that is designed to keep children safe and their parents feeling secure about their offspring. The security lapses were so severe that the researchers were able to piece together a snapshot of the life and daily habits of a randomly selected 10-year-old child named Anna from Germany. Among other data, the Chinese-made device exposed the girl’s age, place of residence, where she spends most of her day, and the routes she takes.

Master Go player retires citing AI supremacy

AI just won another battle in the war for supremacy against humans. Master Go player Lee Se-dol has handed in his stones after deciding that there’s just no way to beat a machine when playing the ancient Chinese board game. The ninth dan South Korean player reportedly submitted his retirement letter to the Korea Baduk Association (KBA), which governs the professional Go community there.