Cyber Bites

Images of tens of thousands of travellers crossing the United States' border have been stolen from an immigration subcontractor in a data breach, US media reported on Monday. The images were snatched from the network of a subcontractor for US Customs and Border Protection (CBP), after the company copied data to its database without the agency's consent, according to The New York Times. The data included images of drivers in their cars and license plates...

Ransomware attacks hit indiscriminately and sometimes they may affect charitable organizations that can’t afford to surrender to the demand. Auburn Food Bank in King County, Washington, fell victim to a ransomware strain known as GlobeImposter 2.0, which encrypted all computers on their network. Only one machine escaped the attack and is currently used to maintain charity activity. Source: Bleeping Computer

Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that the personal and medical information of over 19 million of their customers was exposed in a data breach. The data breach which impacted the clients of both companies was caused by the web payment page breach of billing collections service provider American Medical Collection Agency (AMCA) between August 1, 2018, and March 30,...

Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, Microsoft researchers have warned. The exploit takes advantage of a vulnerability in an older version of the Office Equation Editor, which was manually patched by Microsoft in November 2017. Source: HelpNet Security

Two security researchers have recently revealed vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside special computer components known as HSMs (Hardware Security Modules). "The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials," researchers said. Furthermore, the two also said they can "exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM." Source: ZDNet

With Android being an open source type of OS, it's no surprise that the OS is at risk of being hacked. But now it seems that the risk is a lot closer than expected, as hundreds of apps on the Google Play Store were found to have the potential of breaking user's smartphones. https://blog.lookout.com/beitaplugin-adware that 238 apps on the Google Play Store can break your phone. Source: Stuff

The Emuparadise retro gaming site has been reported to have suffered a data breach in April 2018. This breach exposed account information for approximately 1.1 million Emuparadise forum members. Over the weekend, people have been reporting receiving notices from Have I Been Pwned and HackNotice stating that their information was found as part of a Emuparadise data breach in April 2018. Source: Bleeping Computer

Microsoft has made a move with the most recent version of Windows 10, the May 2019 update. Among the changes introduced, Microsoft has removed the need to change passwords every 60 days. With emerging technology such as 2FA and better breach detection, Microsoft is trying to cut the bungee to password rules developed decades ago and nudge people and companies to better practices. Source: LifeHacker

After almost a year and a half, the operators behind the GandCrab Ransomware are shutting down their operation and affiliates are being told to stop distributing the ransomware. Filling the gaps left behind by the shutdown of large scale ransomware operations such as TeslaCrypt, CryptoWall, and Spora, GandCrab exploded into the ransomware world on January 28th, 2018, when they started marketing their services on underground criminal sites. Since then, they had become one of the...

A variant of the Maze Ransomware, otherwise known as the ChaCha Ransomware, has been spotted being distributed by the Fallout exploit kit. An interesting feature of this ransomware is that it says the ransom amount will be different depending on whether the victim is a home computer, server, or workstation. Malwarebytes security researcher Jérôme Segura discovered this ransomware being distributed by the Fallout exploit kit through a fake site pretending to be a cryptocurrency exchange...