CYBER SECURITY NEWS – WEEK OF JANUARY 02, 2023
For sale on eBay: A military database of fingerprints and Iris scans
- The sensitive data on the devices was stored on memory cards. If the cards had been removed and destroyed, this data would not have been exposed.
- Most people in the database, which was reviewed by The New York Times, were from Afghanistan and Iraq. Many were known terrorists and wanted individuals, but others appeared to be people who had worked with the U.S. government or simply been stopped at checkpoints.
- Metadata on the device, called a Secure Electronic Enrollment Kit, or SEEK II, revealed that it had last been used in the summer of 2012 near Kandahar, Afghanistan.
BetMGM confirms breach as hackers offer to sell data of 1.5 million customers
- MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers.
- In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”.
- The company said the compromised information includes name, email address, postal address, phone number, date of birth, hashed Social Security number, account identifier, and information related to transactions.
- BetMGM claims there is no evidence that passwords or account funds were accessed by the hackers. However, the company still recommends changing passwords as a good practice, and it’s offering two years of free credit monitoring and identity restoration services to impacted individuals.
Canadian mining firm shuts down mill after ransomware attack
- The cyberattack targeting the company occurred late on December 27, 2022, and the firm’s IT team responded quickly by implementing the predefined risk management systems and protocols.
- To contain the incident, CMMC isolated the infected systems and took down other parts to examine them thoroughly and determine the ransomware attack’s impact.
- CMMC’s engineers had to shut down the mill as a preventative measure to determine the status of its control system, while other processes switched to manual operations.
- “The Company’s external and internal IT teams are continuing to assess risks and are actively establishing additional safeguards to mitigate any further risk to the Company,” reads the announcement on CMMC’s website.
Google Home speakers allowed hackers to snoop on conversations
- A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.
- Researcher Matt Kunze discovered the issue and received $107,500 for responsibly reporting it to Google last year. Earlier this week, the researcher published technical details about the finding and an attack scenario to show how the flaw could be leveraged.
- Using a Nmap scan, the researcher found the port for the local HTTP API of Google Home, so he set up a proxy to capture the encrypted HTTPS traffic, hoping to snatch the user authorization token.
Hacker claims to be selling Twitter data of 400 million users
- A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They’re asking $200,000 for an exclusive sale.
- The alleged data dump is being sold by a threat actor named ‘Ryushi’ on the Breached hacking forum, a site commonly used to sell user data stolen in data breaches.
- The threat actor claimed to have collected the data of 400+ million unique Twitter users using a vulnerability. They warned Elon Musk and Twitter that they should purchase the data before it leads to a large fine under Europe’s GDPR privacy law.
North Korean hackers created 70 fake bank, venture capital firm domains
- North Korea’s BlueNoroff hackers have updated their arsenal and delivery techniques in a new wave of attacks targeting banks and venture capital firms, cybersecurity firm Kaspersky reports.
- Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyberattacks targeting banks, cryptocurrency firms, and other financial institutions.
- Following several months of silence, the group has resumed its activities this fall with renewed attacks that leverage new malware, and updated delivery techniques that include new file types and a method of bypassing Microsoft’s Mark-of-the-Web (MotW) protections.