Category: Threat Brief

Singapore Airlines data breach affects 285 accounts, exposes travel details

Singapore Airlines (SIA) says a software glitch was the cause of a data breach that affected 285 members of its frequent flyer programme, compromising various personal information including passport and flight details.

The “software bug” surfaced after changes were made to the Singapore carrier’s website on January 4 and enabled some of its Krisflyer members to view information belonging to other travellers, SIA told ZDNet in an email.

Read more about the Singapore Airlines data breach on ZDNet.

Few organizations have the resources required for optimal cybersecurity and digital risk reduction

OODA’s CISO as a Service offering puts our seasoned team of experts on your side.

Our leadership has spent years working across multiple sectors of the economy and in government agencies helping organizations protect what matters most. We know the threat, know best practices and know the importance of keeping your security program focused on enabling your business objectives. Our CISO as a Service offering is the ideal choice for firms who have grown to the point where a more robust security program is required. We can provide the executive leadership to get your program off the ground and can assist you in your search for a full-time CISO.

For more information see: OODA LLC

Nation’s Cybersecurity Strategy Should Be Easy To Understand

At CTOvision, Bob Gourley of OODA writes that the 2017 Cybersecurity Strategy Should Be:

  1. The Department of Justice, working with the DHS, will support every federal, state and local law enforcement organization in the U.S. in enhancing anti-cyber crime activities. This includes providing local law enforcement organizations with information they need for informing all citizens and businesses in their jurisdictions on the nature of the cyber threat and prudent mitigation strategies. This approach is the only scalable way to give our citizens and businesses the protective information they need.
  2. The Federal Government will become the exemplar of optimal cyber defense, proving even large organizations can mitigate threats and enhance technology support to mission outcomes while reducing IT spend. We will do this through leadership, with every leader in the executive branch, including the chief executive, taking responsibility for outcomes. In doing this we will leverage the lessons learned from decades of cybersecurity reviews. We know what must be done and will do it.
  3. The executive branch will accelerate the exchange of best practices and lessons learned and will take continuous action to assist industry, academia, non-profits and all free nations in their responsibilities to defend themselves in cost-effective ways. The U.S. government will encourage all to understand best practices and avoid negligent behaviors in cyber security, and will work with the legislative branch to improve the legal regime governing responsible behavior and norms as required.

For more see: The Report The Cybersecurity Commission Should Have Sent To the President and President Elect

Hackers dump data of hundreds of German politicians on Twitter

A group of hackers has published the personal details of hundreds of German politicians, but also German artists and local YouTube celebrities.

The data was uploaded online and later promoted via Twitter, starting a few days before the Christmas holiday. The source of the data appears to be the victims’ smartphones. Details about how the data was stolen and exfiltrated from infected phones remain unclear, at the time of writing. According to German news outlets [123], the leaked data contains names, home addresses, phone numbers, email addresses, photo IDs, personal photos, and personal chat histories.

Read more about the disturbing data leak on ZDNet.

Hackers demand ransom from Dublin’s tram system, after Luas website defaced

The website of Luas, the tram system operating in Ireland’s capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.

Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland, and would be published on the internet unless a ransom demand of one Bitcoin (approximately 3,300 Euros or US $3,800) was paid. In the message, the hackers claim that they previously contacted the tram operator about security vulnerabilities and were aggrieved that they received no response.

Read more about the attack on the Luas website on Tripwire.

A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access

A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant or unnecessary files and deleting them. No fewer than a dozen flaws plague 4.0 and earlier versions of the software, all of them in the package’s “helper protocol.”

The helper functions of the software run as root functions and the flaws arise from the fact that they can be accessed by applications without validation – thus giving those applications root access.

Read more about the critical flaws in CleanMyMac X software on Threatpost.

New Android malware hit more than 100,000 users in 196 countries

Researchers have spotted a new Android malware hidden behind six different Android applications that were available for download in Google Play. The six apps include Flappy Birr Dog, Flappy Bird, FlashLight, Win7Launcher, Win7imulator, and HZPermis Pro Arabe. Out of these six apps, five have been removed from Google Play since February 2018.

However, these applications have been downloaded at least 100,000 times by users across 196 countries with the majority of victims residing in India.

Read more about the massive Android malware campaign on Cyware.

New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit

A new version of the NRSMiner is actively spreading in the southern region of Asia. The majority of detections (54%) have been found in Vietnam, followed by Iran (16%) and Malaysia (12%). The new version either updates existing NRSMiner infections, or spreads to new systems using the EternalBlue exploit.

EternalBlue is one of the NSA exploits stolen by the Shadow Brokers and leaked to the public. It was patched by Microsoft in March 2017, leaked by Shadow Brokers in April 2017, and used by WannaCry in May 2017. That EternalBlue is still being used to spread malware nearly two years after it was patched by Microsoft points to a massive failure in patching.

Read more about the new NRSMiner attacks on SecurityWeek.

‘Town of Salem’ game suffers data breach exposing 7.6 million user details

A hacker has stolen the personal details of 7.6 million users of browser-based game the “Town of Salem,” BlankMediaGames (BMG) has admitted in a blog post. The hack came to light after a mysterious person sent a copy of the stolen data to DeHashed, a commercial data breach indexing service.

DeHashed says it spent all the Christmas and New Year holiday trying to contact BMG and alert the game maker of the hack and its still-compromised server. The hacked servers were finally secured and “multiple backdoors removed” this week. The compromised information appears to include, usernames, email addresses, encrypted passwords, IP addresses and more.

Read more about the Town of Salem data breach on ZDNet.

Adobe Acrobat and Reader Security Updates Released for Critical Bugs

Adobe released security bulletin APSB19-02 that describes two security updates for critical vulnerabilities in Adobe Acrobat and Reader. In these updates only two vulnerabilities were fixed, but they are classified as Critical because they allow privilege escalation and arbitrary code execution.

The first vulnerability was assigned ID CVE-2018-16011 and is a use after free bug that could allow arbitrary code execution. The second vulnerability was assigned CVE-2018-19725 and allows attackers to execute code at a higher privilege level.

Read more about the critical Adobe vulnerabilities on BleepingComputer.