Silobreaker Daily Cyber Digest – 3 January 2019
Master decryption key released for FilesLocker ransomware
- MalwareHunterTeam discovered the master RSA decryption key for FilesLocker ransomware on Pastebin. The key can be used to decrypt files affected by FilesLocker versions 1 and 2.
Netflix phishing scam steals credentials and personal information
- The US Federal Trade Commission issued a warning against an email phishing campaign that impersonates Netflix to steal users’ credentials and personal information.
- Emails purporting to be from Netflix and claiming a user’s account has been suspended due to ‘trouble with current billing information’ lure victims into clicking malicious links or opening attachments. The links redirect victims to a fake login page that asks them to input their login details, ultimately stealing the credentials which have been submitted.
- In other cases, the link or message will download malware onto the victim’s computer to harvest personal information.
New hacking campaign streaming YouTube video to promote PewDiePie
- A hacker dubbed TheHackerGiraffe is reportedly targeting Chromecast adapters, Smart TVs, and Google Home with a video promoting PewDiePie’s YouTube channel.
- TheHackerGiraffe used Chromecast attack code in order to connect to devices and play the video.
- The hacker informed BleepingComputer that they were able to access 100,000 vulnerable devices using Shodan. The attacks were possible due to Chromecast devices using Universal Plug and Play, which causes Internet routers to forward public Internet ports to the private devices.
Leaks and Breaches
DataResolution.net tackles Christmas Eve ransomware attack
- Cloud hosting provider Dataresolution.net is struggling to bring its systems back online following a ransomware attack on Christmas Eve. The company was attacked with Ryuk ransomware, the same strain that targeted US newspapers over the weekend.
- The attackers reportedly broke in through a compromised login account on Christmas Eve. The attack gave the perpetrators control over Data Resolution’s data center domain, briefly locking the company out of its systems.
- Data Resolution LLC offers software hosting, business community systems, cloud computing and data center services for 30,000 businesses worldwide. There is currently no indication that any data has been stolen.
Abine Blur reports user data exposure
- A file containing information pertaining to Blur users who registered accounts before January 6th, 2018, was potentially exposed. The information included users’ email addresses, names, password hints, encrypted passwords and IP addresses.
7 million affected in Town of Salem video game data breach
- The breach was discovered by cyber security researcher ‘Dehashed’ after he received an anonymous email that indicated access had been gained to the game’s database.
- Compromised data includes usernames, passwords, IP addresses, some payment card information, and more. BlankMediaGames has put out a patch to block access and recommends all users to change their passwords.
Chinese train ticketing platforms suffer data breach
- 5 million people were allegedly affected by the theft of personal information from multiple unnamed Chinese train ticketing platforms. Media reports suggest that this includes 12306, the official online booking platform of China Railway, and that names, ID numbers and passwords were stolen, which were later found for sale on the dark web.
- China Railway responded to the accusation, stating that no user information has been hacked from them, but warned passengers to avoid unauthorized third-party platforms. A 25-year-old suspect has since been arrested by Chinese police in relation to the crime.
Multiple privilege escalation vulnerabilities found in CleanMyMac X
- Cisco Talos researchers discovered 13 flaws in MacPaw’s CleanMyMac X that could allow an attacker with local access to the victim’s machine to modify the file system as root. Their blog post provides a summary of all 13 vulnerabilities, including a link to a patch released by MacPaw.
Vulnerability patched in Chrome for Android
- Originally reported in 2015, the bug was an information disclosure issue in Chrome that revealed information about the hardware model, firmware version and security patch level of the device it was running on. A CVE has not been issued, as Google has not identified it as a vulnerability. It was finally patched in Chrome 70, released in October 2018.
Google reCAPTCHA bypassed by automated system
- UnCaptcha2, developed by researchers at the University of Maryland, is capable of bypassing Google reCAPTCHA by solving the audio challenges presented, boasting an accuracy of 91%.
- The source code has been released as a proof of concept, but the researchers have stated that it will not be updated once Google improves their service, and that the code has to navigate to specific parts of the user’s screen.
- Google has not yet responded to the release of unCaptcha2.
Researchers create fake wax hand to bypass vein sensor technology
- Vein authentication works by comparing a user’s placement of veins under their skin to a copy record. The method is used currently by the German signals intelligence agency (BND) at their new headquarters in Berlin.
- Researchers Jan Krissler and Julian Albrecht photographed their vein patterns using a converted SLR camera with the infrared filter removed. The images were used to make wax models of their hands, after which the researchers were able to dupe the scanning system.
European Union voices security concerns about Chinese 5G equipment
- An anonymous diplomat told the Financial Times that the EU is looking to address national security concerns over exposure to Chinese technology. The diplomat said that Brussels would potentially play a more prominent role in vetting companies in the future, in order to provide a more coordinated response across the region.
The Silobreaker Team
Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.