Tag Archives: Google Play

Security Never Sleeps- Equifax Hack, Google Play Malware

Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers

“More details on the major hack”

In an update posted to its security breach website, Equifax announced that hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. At the time it was discovered, in March 2017, the Apache Struts CVE-2017-5638 vulnerability was a zero-day — a term used to describe security bugs exploited by attackers but which vendors are not aware of or have a patch released. Equifax did not reveal the exact date when the security breach occurred, but only when it became aware of it — July 29, 2017. It is unclear if Equifax was breached before the Struts zero-day became public, or months after Apache made a patch available.

Attackers Can Bypass SKEL Protection in macOS High Sierra

“Malicious kernel extensions allow security evasion”

A new security feature added in macOS High Sierra (10.13) named “Secure Kernel Extension Loading” can be bypassed to allow the loading of malicious kernel extensions. Just like Linux and Windows, macOS allows applications to load third-party kernel extensions whenever they need to perform actions that require access to lower levels of the operating system.

Backdoored Plugin Impacts 200,000 WordPress Sites

“Malware updated in plugin”

Wordfence reports that around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code. Dubbed Display Widgets, the plugin was sold by its original author to a third-party developer on May 19, 2017, for $15,000. Roughly one month after that, the plugin was updated by its new owner and started displaying malicious behavior.

Google Is Fighting One Of The Biggest Ever Android Malware Outbreaks — Up To 21 Million Victims

“More malware!”

Surprising almost no one, another batch of Android malware has found its way onto Google Play. Researchers from Check Point have claimed to have found the second-biggest outbreak to ever hit Google’s platform, with as many as 21.1 million infections from one malware family.

Enjoy your read? Check out our other content here.

Security Never Sleeps- Google Apps, Fancy Bear

Google Kicks 500 Apps Off Online Store Over Spyware Concerns

“Developers likely unaware of flaws”

The decision to remove over 500 apps from the Google Play online app store comes after researchers raised spyware concerns. Cyber security firm Lookout have disclosed that they have found apps that contain and spread spyware programs. Certain software used in the apps had the ability to covertly siphon people’s personal data on their devices without alerting the app makers, Lookout said.

Potential Data Breach of Oceanside Online Utility Payment System

“Residents report abnormalities”

City of Oceanside officials said Tuesday that the internet payment systems where Oceanside residents can pay their utility bills have possibly been breached. Authorities first learned of the potential issue when several residents alerted the municipal institutions, saying the cards they used to pay utility bills had charges to their accounts that had not been authorized. At least two victims used the affected accounts only to pay their utility bill and no other purpose. Though Oceanside officials have not confirmed the utility payment is necessarily the source of the breach, the reports raised the concern and speculation of vulnerability.

Russia-Linked Hackers Leak Football Doping Files

“Fancy Bear claims to be associated with the hacking attacks”

The infamous Fancy Bear, a group of hackers commonly believed to be operating out of Russia has leaked emails and medical records related to football (or soccer, to us Americans) players who have used illegal substances. Fancy Bears has made assertions before to be associated with the broader Anonymous hacktivist movement previously. Their members have constructed a website, fancybears.net, where they leaked numerous files as part of a campaign dubbed “OpOlympics.”

The hackers released a statement in which they comment on their operations: “Today Fancy Bears’ hack team is publishing the material leaked from various sources related to football. Football players and officials unanimously affirm that this kind of sport is free of doping. Our team perceived these numerous claims as a challenge and now we will prove they are lying.”

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 182

The 15 biggest data breaches of the 21st century

“Highlights need for infosec upgrades”

Data breaches are, unfortunately, daily occurrences that end up exposing millions to undue risk. CSO have compiled a list of the 15 biggest breaches of this century, with criteria that includes damage to companies, insurers, and customer account holders. In many cases, passwords and other information were protected via encryption so a password reset eliminated.

New Malware Threatens to Send Users’ Pictures, Internet History and Messages to Friends

“LeakerLocker threatens privacy”

A new type of malware that can access and distribute pictures, browsing history and messages in a users device. The program, LeakerLocker, can be downloaded inadvertently through applications on Google Play, and will lock your phones screen and then claims your sensitive information has been stored.

Hospitals to receive £21m to increase cybersecurity at major trauma centres

“Huge beefing up of infosec”

Hospitals that treat patients for major incidents will receive over £21m for cybersecurity upgrades in the wake of the WannaCry ransomware attacks on NHS IT systems. Helath Secretary Jeremy Hunt pledged the funds in an attempt to shield the healthcare sector from the disruptions of malware events in the future.

Cyber security industry believes GDPR is stifling innovation

“Looked skeptically upon by the community”

A recent poll of Infosecurity Europe 2017 attendees showed that almost half think that the EU General Data Protection Regulation is stifling innovation by making companies nervous about cloud services. There are several concerns respondents named as issues with the regulations, including the perceived inability to find and/or report a data breach within 72 hours.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 179

‘NotPetya’ Hackers Demand $256,000 In Bitcoin To Cure Ransomware Victims

“One of biggest attacks leaves many with a big bill”

Some of the largest industrial firms were infected by the ‘NotPetya’ ransomware and those responsible are demanding 100 Bitcoin, or about $256,000, to decrypt the victims files. A post on Pastebin by an anonymous user said: “Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks).”

Fake WannaCry Ransomware Uses NotPetya’s Distribution System

“Distributed through the same channel”

The NotPetya malware was not the only bug to make its way through the M.E.Doc last week. A WannaCry variant that ended up being a fake, FakeCry, was delivered with the same mechanism. Kaspersky found that FakeCry was delivered to the M.E.Doc users on June 27th, the same day as the NotPetya spread. The security firm says that it was run as ed.exe by the parent process ezvit.exe, which led Kaspersky to believe that it utilizes the same delivery system as NotPetya.

Android Ransomware Mimics WannaCry

“WannaCry interface similarities in SLocker”

Windows systems were hit by a ransomware that had an interface mimicking the WannaCry malware last month. TrendMicro security researchers found that one of the first Android ransomware families to encrypt files in exchange for payment, Slocker, has had a major upgrade. SLocker has been seen before, but was offline for a while after the creator had been arrested just days after its initial release.

CopyCat malware infected 14 million outdated Android devices

“Fradulent ad revenue collected”

A new Android malware strain dubbed, CopyCat, has injected itself into over 14 million outdated devices globally. The malware hijacks applications to display fradulent ads, according to CheckPoint researchers. On Thursday, the security firm claimed that most victims were in Asia, but over 280,000 U.S. devices were also affected. Google was tracking the malicious software for the better part of two years, but third party app downloads, phishing attacks, and other avenues make the infection difficult to contain.

Enjoy your read? Check out our other blogs and content here.

10Fold- Security Never Sleeps- 158

Mysterious Hajime Botnet Grows to 300,000 IoT Devices: Kaspersky

“About 300,000 devices already captured”

Kaspersky Labs security researchers has revealed that a new botnet malware emerging in October of last year, Hajime, has been busy ensnaring thousands of IoT devices. This new strain came on the scene around the same time we saw the Mirai attacks and targets devices in the same way without using them for DDoS processes.

Chipotle Investigating Payment Card Breach

“Unauthorized activity recently detected on network”

Popular restaraunt chain Chipotle Mexican Grill informed its recent customers on Tuesday that the company’s payment archives from its over 2,000 locations may have been breached. With an investigation ongoing, the information being made to the public is still limited.

Game guide malware ‘targeted more than 500,000 users’

“Popular mobile games affected”

App based game guides that include some of the most popular programs have been used to attack over half a million Android users. Google Play harbors the applications responsible for the malware, with researchers at Checkpoint reporting that the apps project unwanted ads and other issues to users.

Web Attacks Decline, Ransomware Attacks Surge

“More efficient and lucrative attacks developed”

New ransomware attacks on end users have been detailed by Symantec’s annual Internet Security Threat Report. The report shows the effects of cyberattacks on intended victims as well as the growing trend in ransomware attacks, up 36% last year.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 108

Vulnerabe IBM Code Pulled After Insistence From Security Experts

“Potential to affect several versions of WebSphere”

A researcher who was able to successfully exploit a proof of concept code able to affect WebSphere versions 7, 8, 8.5, and 9 was censored without major damages occurring. Maurizio Aggazini was cooperating with IBM to responsibly patch and censor vulnerabilities experienced in the firm’s products. These include the deserialization of untrusted data sources, causing DoS issues and allowing re,ote execution of hacking.

Half of Androids Able to be Compromised to Seemingly Outdated Malware

“Ghost Push capable on infecting Androids up to version 5”

A fairly dated yet successful malware program known as Ghost Push is reportedly still one of the most widely effective software’s used to exploit unsuspecting users. Cheetah Mobile experts say that the majority of the infections are received from application downloads not installed through the Google Play store. The Trojan program is capable of preventing third parties from gaining root privilege.

UK Firms Could Face Huge Increase in Data Breach Fines in 2018

“New EU legislations could enact harsh penalties”

PCI Security Standards Council is recommending technology companies to bypass extremely increased costs of fines that new legislation from the European Union is poised to enact. In 2015 90% of large scale firms and 74% of SME’s had reported at least one security breach, reaching just about 1.4 billion pounds worth of consumer protection fines. The EU General Data Protection Regulation is set to put harsher regulations into place that will affect firms that will instill penalties of up to €20m.

Hackers Successfully Infiltrate Senate GOP Committee

“Accelerates fears of security vulnerabilities”

While news reports of Democratic Party server hacks run rampant through the press, Republicans have been hit with a particularly devastating cyberattack by Russian operatives. For the last six months, cybercriminals have allegedly been siphoning credit card information from customers in the web storefront of the National Republican Senatorial Committee, selling the data in the black market.