Cyware Weekly Cyber Threat Intelligence May 21 - 25, 2018

Weekly Threat Briefing • May 25, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • May 25, 2018
In a world besieged by cybercriminals and fresh attacks every week, it is key to celebrate every hard-won security advancement made. This week saw Congress pass a new bill to help prevent synthetic identity fraud. Apple unveiled new privacy controls for its users while Mozilla is developing an improved Tracking Protection system for Firefox. Meanwhile, a new Chrome plug-in could help you pick stronger passwords.
US Congress passed a new bill that establishes guidelines to help prevent synthetic identity fraud. Synthetic identity fraud involves hackers creating fake identities using credit-inactive Social Security Numbers, particularly those of children, to get loans and commit other crimes. The provision will require the Social Security Administration (SSA) to accept electronic signature for financial institutions to verify identities and, in turn, identify synthetic identity fraud more quickly.
Apple introduced a new “Data and Privacy” website that allows customers to download a copy of all the data the company has collected about them, including Apple ID accounts and iCloud data, iTunes and App Store history. The new privacy controls will also let users deactivate or delete their accounts, and all of the stored information as well.
Mozilla is developing an improvised Tracking Protection system for Firefox 63 that will block the browser from loading scripts from abusive trackers, in-browser miners and user fingerprinting scripts. The upcoming version, set to release in October, will also make it easier for users to clear cookies and site data directly from the security panel.
Login management company Okta has released a new Chrome extension that can help warn users if their password has been compromised. The browser plug-in named PassProtect will automatically check if your password was leaked in an earlier data breach by verifying it against the Have I Been Pwned? Service and inform users in a pop-up if it isn’t safe to use.
This week saw a string of data breaches and leaks affecting several governments, universities and firms. A teen-monitoring app leaked thousands of users’ personal data while an insurance startup left sensitive data exposed in an unprotected storage bucket. Nearly 1 million personal records of South Africans were publicly leaked. A database containing sensitive details of calls made to a crisis hotline was exposed while Altcoin Verge was hacked for the second time in two months.
TeenSafe, a teen-monitoring app that lets parents monitor their kids’ phone activity, accidentally exposed the data of tens of thousands of accounts in an unprotected AWS S3 storage bucket. Personal data, parental email addresses, Apple ID information, name of the teen’s device and the phone’s unique identifier were exposed.
An insurance startup named AgentRun exposed highly sensitive information of thousands of broker clients including insurance policy documents, health and medical data, and some financial data in a publicly accessible online storage bucket. Many files included scans of identification documents such as Social Security cards, Medicare cards, drivers’ licenses, armed forces and voter ID cards and other documents.
Less than a year after South Africa’s massive data leak in 2017, another 934,000 personal records of South Africans have been leaked online. The compromised data includes full names, national identity numbers, email addresses and plain text passwords. Security researcher Troy Hunt and Tefo Mohapi from iAfrikan said the data was likely backed up or posted publicly by one of the firms responsible for traffic fine online payments in South Africa.
A non-profit organization that handles Los Angeles County’s crisis hotline, 211 LA County, accidentally exposed 3.2 million files that contained detailed information about calls made to the hotline. The compromised data included over 3 million rows of call logs and 200,000 rows of detailed call notes including graphic details of elder abuse, child abuse and suicidal distress. Full names, phone numbers, addresses of victims, alleged perpetrators and witnesses in numerous cases of physical and sexual abuse were also exposed along with 33,000 full Social Security Numbers.
Cryptocurrency Verge fell victim to yet another hack that saw approximately 35 million XVGs (worth above $1.7m) stolen within a few hours. Verge suffered a similar hack in early April when it lost 250,000 XVG. Hackers exploited a glitch in Verge’s technology by mining multiple blocks one second apart using the same algorithm - the same tactic used in the first attack. Verge developers had initiated a hard fork following the April hack to “resolve” the issue.
Researchers identified a few new strains of malware such as the VPNMalware infecting over half a million routers worldwide and the evolving Roaming Mantis malware. Meanwhile, a Satori botnet is scanning the internet for cryptomining rigs while a newly discovered Spectre-like CPU flaw has come to light.