Cyber Round-up for 17th September
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Sportswear manufacturer, Puma, were recently hit by hackers who stole source code from one of their internal applications. The group have threatened to publish the stolen files on a specialised dark web portal in an attempt to receive ransom payment. It has since been confirmed that “No consumer or employee data was affected”, although hackers claim to possess around 1GB of Puma data. Sample files were released on a dark web site known as Marketo. It is unclear how Puma will respond, but we will provide updates when we learn more.
Russian Internet Giant, Yandex, have become the most recent victim of a new botnet known as Meris. The botnet reportedly sent a record-breaking 21.8 million requests per second, crippling their target. Despite being a new player in the field, Meris is growing rapidly and becoming a big issue, using HTTP pipelining to carry out their DDoS attacks. We are likely to see more of this group in the future.
A database of more than 60 million records was recently left unsecure and accessible online. The exposed records contained information about “wearable technology”, specifically fitness tracking services and contained names, dates of birth, weight, height, gender, and GPS locations. A sample of the leaked data shows that “the majority of data sources were from Fitbit and Apple’s HealthKit”. Researchers believe that GetHealth were possibly the owners of this data and are currently chasing them for more information.
The US Department of Justice recently fined three former NSA employees who were reportedly offering hacker-for-hire services to the United Arab Emirates. These fines were issued as a way of evading jail time, with the three being charged $750,000, $600,000, and $335,000. The DOJ are working hard to crack down on this Hacker-for-Hire trend, and these are not likely to be the last fines issued. The punishment also includes a lifetime ban on US security clearances, restrictions for UAE employment and enforced cooperation with DOJ and FBI components.
Anonymous recently stole gigabytes of data from web hosting provider, Epik, and has leaked it online. The hacktivist group claim that this data is “all that’s needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and, well, just everybody. Anonymous are now believed to be in possession of a “decade’s worth of data from the company.”.
The Zloader campaign that is currently targeting Windows users has implemented a new infection method, that involves disabling Microsoft Defender to evade detection. As well as this, the campaign no longer uses phishing emails to lure in victims; they are instead using “Teamviewer Google ads published through Google Adwords”. We strongly advise being cautious when accessing ads while using your browser and recommend avoiding them all together if possible.
Vulnerabilities & Updates
66 vulnerabilities were addressed in the September Microsoft Patch Tuesday, three of which are rated critical. The most dangerous flaw tackled in this update was a Windows MSHTML zero-day that has reportedly been actively exploited for the last two weeks. We strongly recommend applying the latest update as soon as possible to ensure you are protected against this zero-day, as well as other critical & important flaws addressed this week.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #158 – 17th September 2021
Why not follow us on social media:
Ironshare – Security Simplified