This week’s Cyber Security Headlines – Week in Review, September 19-23, is hosted by Rich Stroffolino with our guest, Joseph Lewis, Director, Cyber Assessment Strategy, US Department of Energy
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Uber says there is no evidence that users’ private information was compromised
Uber has provided an update regarding the recent security breach of its internal computer systems, and is stating that “we have no evidence that the incident involved access to sensitive user data (like trip history).” All the services provided by the company, including Uber, Eats, Freight, and the Uber Driver app remain operational. However the company has not revealed details about the attack, and several experts believe that it downplayed the incident and has no clear idea about the depth of the intrusion.
Gym phone thefts reveal significant 2FA flaw
A rash of thefts at UK gyms and health clubs is revealing a key flaw in how iPhone customers keep their bank accounts and money safe. The theft, in and around London, involved an individual stealing phones and bank cards from gym lockers. Once they have the phones and the cards, the thief registers the bank card on the relevant bank’s app using their own phone or computer. Since it is the first time that card will have been used on the new device, a one-off security passcode is demanded. That verification passcode is sent by the bank to the victim’s stolen phone, which then flashes up on its locked screen, allowing the thief to enter it into their own device. Once accepted, gets full control of the bank account. Experts are recommending that gym goers never leave their valuables in their locker, and consider disabling the “Show Notifications” option on their phones.
(BBC News)
Australian telco Optus suffers massive data breach
Australia’s second-largest telco, Optus, has suffered a massive data breach, with the personal information of potentially millions of customers compromised by a malicious cyber-attack. It is believed the attackers were working for a criminal or state-sponsored organization and made off with birthdates, phone numbers, email addresses, driver’s licences and passport numbers. Optus stated yesterday that they could not yet say how many of its 9.7 million subscribers in Australia had been compromised, but did say the number was “significant”. They added, “We’re so deeply disappointed because we spend so much time and we invest so much in preventing this from occurring.”
Thanks to this week’s sponsor, 6clicks
The shifting ways of Chromeloader
Microsoft and VMware warned of an ongoing malware campaign using Chromeloader. Researchers observed this dropping malicious browser extensions, node-WebKit malware, and ransomware. This isn’t an extremely new campaign, with Red Canary researchers warning of an uptick in attack in Q1 2022. This shows a change of pace for the malware, which initially redirected traffic to advertising sites for click fraud. While the attackers still use Chromeloader for this type of attack, Palo Alto Network reported that it evolved into an info-stealer in July. The most current strain comes from ISO files sent through malicious ads, browser redirects, and YouTube video comments. Researchers note that starting as adware meant Chromeloader didn’t appear on a lot of analyst’s radar until it escalated into a more capable threat.
Ransomware attacks fall in first half
No, that wasn’t a typo. According to a new report from the cyber insurer Coalition, ransomware attack frequency and cost both fell from the second half of 2021 to the first half of 2022. Average ransomware payment demands fell 35% in that time to $896,000. In the first half, Lockbit was the most commonly claimed ransomware strain at 12%. Lorenz accounted for the highest average ransom demand at $3.5 million. While ransomware had a bit of a down start to 2022, phishing saw an uptick. Insurance claims citing phishing accounted for 60% of all claims, up from 32% in 2021.
Revolut confirms cyberattack exposed user data
Revolut has confirmed that an “unauthorized third party” accessed data of roughly 50,000 of its customers. Revolut, which has a banking license in Lithuania, discovered the malicious access late on September 10 and isolated the attack by the following morning. According to Revolut’s breach disclosure, hackers used social engineering to access a database containing partial card payment data, along with customers’ names, addresses, email addresses and phone numbers. Revolut also warned that the breach appears to have triggered a phishing campaign. As a precaution, Revolut has also formed a dedicated task force to monitor customer accounts and data.
15-year old Python bug causing problem
Back in 2007, a researcher submitted a path traversal bug in Python’s tarfile package, letting an attacker overwrite arbitrary files. Since then, the bug remains open with a documentation update warning submitted to warn developers about the risk. The bug does not appear to be exploited in the wild, but could impact the software supply chain. A security researcher at Trellix, Charles McFarland, rediscovered the bug. With help from GitHub, he determined that 588,840 unique repositories include import tarfile in its code, spanning a wide range of industries. McFarland estimates that around 60% of those contain the bug. Trellix released a patch in a forker version of the impacted repository.