Threat Reports

Silobreaker Daily Cyber Digest – 3 January 2019


Master decryption key released for FilesLocker ransomware

  • MalwareHunterTeam discovered the master RSA decryption key for FilesLocker ransomware on Pastebin. The key can be used to decrypt files affected by FilesLocker versions 1 and 2.



Ongoing Campaigns

Netflix phishing scam steals credentials and personal information

  • The US Federal Trade Commission issued a warning against an email phishing campaign that impersonates Netflix to steal users’ credentials and personal information.
  • Emails purporting to be from Netflix and claiming a user’s account has been suspended due to ‘trouble with current billing information’ lure victims into clicking malicious links or opening attachments. The links redirect victims to a fake login page that asks them to input their login details, ultimately stealing the credentials which have been submitted.
  • In other cases, the link or message will download malware onto the victim’s computer to harvest personal information.



New hacking campaign streaming YouTube video to promote PewDiePie

  • A hacker dubbed TheHackerGiraffe is reportedly targeting Chromecast adapters, Smart TVs, and Google Home with a video promoting PewDiePie’s YouTube channel.
  • TheHackerGiraffe used Chromecast attack code in order to connect to devices and play the video.
  • The hacker informed BleepingComputer that they were able to access 100,000 vulnerable devices using Shodan. The attacks were possible due to Chromecast devices using Universal Plug and Play, which causes Internet routers to forward public Internet ports to the private devices.



Leaks and Breaches tackles Christmas Eve ransomware attack  

  • Cloud hosting provider is struggling to bring its systems back online following a ransomware attack on Christmas Eve. The company was attacked with Ryuk ransomware, the same strain that targeted US newspapers over the weekend.
  • The attackers reportedly broke in through a compromised login account on Christmas Eve. The attack gave the perpetrators control over Data Resolution’s data center domain, briefly locking the company out of its systems.
  • Data Resolution LLC offers software hosting, business community systems, cloud computing and data center services for 30,000 businesses worldwide. There is currently no indication that any data has been stolen.



Abine Blur reports user data exposure

  • A file containing information pertaining to Blur users who registered accounts before January 6th, 2018, was potentially exposed. The information included users’ email addresses, names, password hints, encrypted passwords and IP addresses.



7 million affected in Town of Salem video game data breach

  • The breach was discovered by cyber security researcher ‘Dehashed’ after he received an anonymous email that indicated access had been gained to the game’s database.
  • Compromised data includes usernames, passwords, IP addresses, some payment card information, and more. BlankMediaGames has put out a patch to block access and recommends all users to change their passwords.



Chinese train ticketing platforms suffer data breach

  • 5 million people were allegedly affected by the theft of personal information from multiple unnamed Chinese train ticketing platforms. Media reports suggest that this includes 12306, the official online booking platform of China Railway, and that names, ID numbers and passwords were stolen, which were later found for sale on the dark web.
  • China Railway responded to the accusation, stating that no user information has been hacked from them, but warned passengers to avoid unauthorized third-party platforms. A 25-year-old suspect has since been arrested by Chinese police in relation to the crime.




Multiple privilege escalation vulnerabilities found in CleanMyMac X

  • Cisco Talos researchers discovered 13 flaws in MacPaw’s CleanMyMac X that could allow an attacker with local access to the victim’s machine to modify the file system as root. Their blog post provides a summary of all 13 vulnerabilities, including a link to a patch released by MacPaw.



Vulnerability patched in Chrome for Android

  • Originally reported in 2015, the bug was an information disclosure issue in Chrome that revealed information about the hardware model, firmware version and security patch level of the device it was running on. A CVE has not been issued, as Google has not identified it as a vulnerability. It was finally patched in Chrome 70, released in October 2018.



Google reCAPTCHA bypassed by automated system

  • UnCaptcha2, developed by researchers at the University of Maryland, is capable of bypassing Google reCAPTCHA by solving the audio challenges presented, boasting an accuracy of 91%.
  • The source code has been released as a proof of concept, but the researchers have stated that it will not be updated once Google improves their service, and that the code has to navigate to specific parts of the user’s screen.
  • Google has not yet responded to the release of unCaptcha2.



Researchers create fake wax hand to bypass vein sensor technology

  • Vein authentication works by comparing a user’s placement of veins under their skin to a copy record. The method is used currently by the German signals intelligence agency (BND) at their new headquarters in Berlin.
  • Researchers Jan Krissler and Julian Albrecht photographed their vein patterns using a converted SLR camera with the infrared filter removed. The images were used to make wax models of their hands, after which the researchers were able to dupe the scanning system.



General News

European Union voices security concerns about Chinese 5G equipment

  • An anonymous diplomat told the Financial Times that the EU is looking to address national security concerns over exposure to Chinese technology. The diplomat said that Brussels would potentially play a more prominent role in vetting companies in the future, in order to provide a more coordinated response across the region.



The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein. 

More News

  • Silobreaker Daily Cyber Digest – 17 June 2019

      Malware New variant of Houdini Worm discovered Researchers at Cofense discovered a new variant of the Houdini Worm which targets commercial banking customers....
  • Silobreaker Daily Cyber Digest – 14 June 2019

      Ongoing Campaigns Trend Micro discover new campaign using NSA leaked tools to deliver cryptominers Trend Micro researchers discovered an ongoing cryptojacking campaign infecting...
  • Silobreaker Daily Cyber Digest – 13 June 2019

    Malware Palo Alto’s Unit 42 report on evolving Hide ‘N Seek botnet Unit 42 have discovered a variant of the Hide ‘N Seek botnet...
View all News

Request a demo

Get in touch