Cyware Weekly Threat Intelligence, November 25 - 29, 2019

Weekly Threat Briefing • Nov 29, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Nov 29, 2019
The Good
Yet another week has passed by, and it was bustling with activity in cyberspace — both ethical and otherwise. Let’s begin the weekly review of cybersecurity happenings with the positive ones. The Finnish Transport and Communication Agency Traficom announced that cybersecurity labels for IoT devices would be issued. SoniTalk, a new method for near-field communication focused on security, has been made freely available. In other news, researchers from the National Tsing Hua University (NTHU) have developed a new cryptographic technique to transmit encrypted messages.
Traficom, the Finnish Transport and Communications Agency, has announced that the country would issue cybersecurity labels for IoT devices. This initiative aims to raise awareness about information security and the safe use of IoT devices among customers. Labels are said to be awarded to connected devices that meet the criteria specified by EN 303 645, a document that outlines IoT security specifications.
SoniTalk, a new method for near-field communication with a focus on data protection and security, has been made freely available as an open-source technology. This method lets users decide in which cases which apps and devices are allowed to communicate through ultrasound.
The European Union Agency for Cybersecurity (ENISA) has published a report detailing good cybersecurity practices for the maritime sector. The agency has also published another report on cybersecurity for connected and (semi-)automated cars.
Researchers from the National Tsing Hua University (NTHU) have developed a new cryptographic technique using quantum technology to transmit encrypted messages. This technique is said to be much harder to decrypt than the currently available cryptography. Pulsed laser light was used to produce photons, on which researchers encoded binary code.
The Bad
Cyber incidents were reported in plenty this week. In a massive breach this week, an open database exposed the data of over 1.2 billion people. Facebook and Twitter disclosed that the data of hundreds of Android users may have been improperly accessed after their accounts were used to log in to Google Play Store apps. Meanwhile, Adobe disclosed that its Magento Marketplace suffered a security breach impacting the account details of registered users.
An open Elasticsearch database was found to be leaking more than 4 terabytes of data associated with People Data Labs and OxyData, two data enrichment companies. Personal and social information of over 1.2 billion people, is said to be impacted by this leak. Researchers have not been able to attribute the database to a specific company.
Facebook and Twitter announced that hundreds of Android users may have had their data improperly accessed after the accounts were used to log in to Google Play Store apps. This reportedly happened because One Audience, a software development kit, allowed third-party developers to access users’ personal data. Twitter said that it had notified Apple and Google of the vulnerability.
Adobe disclosed the details of a security breach that impacted the company's Magento Marketplace. An unauthorized third-party is said to have accessed the account information of registered users. Plugin and theme developers as well as users registered to buy the theme and plugins have been reportedly impacted.
Smartphone vendor OnePlus suffered a data breach that involved the order information of certain customers. The company said that payment information, passwords, and accounts were not impacted. The incident has been reported to relevant authorities and an investigation is said to be in progress.
The New York City Police Department’s fingerprint database was hit by a ransomware attack in October 2018, and the incident was reported this week. This incident is said to have occurred when an infected third-party vendor’s machine was connected to the police network. Officials said that the system was shut down for hours while the software was reinstalled on all the systems.
The Online Registration System (ORS) website, a health portal run by the Indian government, was discovered to be risking the data of about 2 million people. A security flaw in the website potentially allowed access to patient names, age, mobile numbers, addresses, and partial Aadhar numbers among other details. This vulnerability is said to have been fixed in October last year.
Mexican food chain On the Border has issued notice of data breach in a payment processing system. The company said that some credit card information used between April 10 and August 10, 2019, could have been potentially compromised. Investigation of the incident was said to be ongoing.
Hackers were reported to have stolen 342,000 Ethereum coins from the South Korean cryptocurrency exchange Upbit. The stolen cryptocurrency is said to be worth $48.7 million. The company has suspended withdrawals and deposits for the time being.
Spanish security company Prosegur was hit by a ransomware attack that impacted the company’s telecommunication platform. In order to avoid malware propagation, the company has limited its customer communications. Prosegur was said to be analyzing this security incident and working on restoring services as soon as possible.
New Threats
This week witnessed the emergence of several new malware strains and vulnerabilities. Thousands of Android applications were reported to be impacted by a GIF processing vulnerability that was recently disclosed. The Common Weakness Enumeration (CWE) list of the 25 most dangerous software vulnerabilities has been updated for the first time in eight years. In other news, security experts have reported that the new Dexphot malware has infected more than 80,000 computers.