Cyber Bites

The US National Security Agency (NSA) has discovered a major flaw in Windows 10 that could have been used by hackers to create malicious software that looked legitimate. Microsoft has issued a patch and said it had seen no evidence of the bug being exploited by hackers. The issue was revealed during an NSA press conference. It was not clear how long it had known about it before revealing it to Microsoft. Source: BBC News

Dating apps Grindr, OkCupid, and Tinder are allegedly spreading user information like sexual preferences, behavioural data, and precise location to advertising companies in ways that may violate privacy laws, according to a study conducted by the Norwegian Consumer Council (NCC). The study tracked the activity of 10 popular apps during the period June to November 2019 in order to identify how personal data is transmitted from these apps to commercial third parties. Source: ZD Net

Five major US wireless carriers – AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams, a danger apparently looming large especially over prepaid accounts, a study by Princeton University researchers has found. SIM swapping attacks, also known as port-out or SIM swap scams, have been a serious and growing problem of late, with its victims including Twitter CEO Jack Dorsey. It has previously been shown that attackers can, with relative ease, execute these...

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down. Source: Bleeping Computer

A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. Aging reports (aka schedule of accounts receivable) are collections of outstanding invoices designed to help a company's financial department to keep track of customers who haven't yet paid for goods or services they bought on credit. Source: Bleeping Computer

The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. A new tactic started by the Maze Ransomware and now used by Sodinokibi ​​​​​​is to steal files from companies before encrypting them. If a victim does not pay the ransom, then the stolen data will be leaked little-by-little until payment has been made or it has all been released. Source: Bleeping Computer

The attack may have compromised donors' payment information. A website gathering donations for the victims of the wildfires in Australia has been hit by a credential-skimming attack, placing the payment information of donors at risk. The attack, identified as the work of Magecart, injected the ATMZOW skimmer into the charity's website code, grabbed payment information, and forwarded it to a third-party destination with an obfuscated web address. Source: Dark Reading

Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off to a remote site under the attacker's control. The Malwarebytes Threat...

Albany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. Airport operations were not impacted by the ransomware attack and customers' financial or personal information was not accessed by the attackers according to a statement from airport officials per WNYT-TV. No airline or TSA servers were affected in the incident, with airport officials saying that the vast majority of encrypted files...

Bapco, the national oil company of the Persian Gulf island nation of Bahrain, was reportedly targeted in a Dec. 29 disk wiper attack that officials believe originated from Iran-backed hackers. Iran is historically associated with past disk wiper campaigns against energy companies, most notably the destructive Shamoon or Disttrack malware attack against the Saudi Arabian Oil Company Saudi Aramco in 2012, which destroyed roughly 35,000 computer workstations. Source: SC Magazine