More Equifax Breaches, CCleaner Compromised to Distribute Malware, Vevo Hack, and more!

12 views
Skip to first unread message

Infosec News

unread,
Sep 19, 2017, 1:48:05 PM9/19/17
to Infosec News

INFORMATION SECURITY NEWS

For The Week of 9/12-9/19 2017

The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.

CURRENT NEWS


Equifax Argentina Portal Breached - Unrelated to US Breach

The username and password for an Argentinian Equifax portal was admin:admin. The vulnerability was uncovered by a team at Milwaukee-based Hold Security LLC. When logged in, Equifax employee usernames were visible in plaintext, along with passwords which, while hidden by html, were accessible by viewing the source of the page. Over 14,000 DNI (equivalent of SSN in Argentina) numbers were also accessible.

http://www.bbc.com/news/technology-41257576


Equifax CISO Controversy

Since the Equifax breach, it was discovered that the Chief Information Security Officer (CISO) had a music major in her undergrad. While the infosec community has prided itself on being a meritocracy where many experts came to the field from diverse backgrounds, and while the CISO had years of experience in an executive security role at Hewlett Packard and First Data Corp, the matter of her undergraduate degree is sparking much debate as to whether the CISO had the technical expertise to be in that critical role.  Some say the issue is sexism at its core. For example, the Equifax CIO, whose undergraduate major was Russian, has received little-to-no attention. The reaction to the situation - setting her LinkedIn to private and trying to cover it up - has likely poured more fuel on the proverbial fire.


This MarketWatch story is highly cited:

http://www.marketwatch.com/story/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer-2017-09-15


Slashdot discussion thread:

https://it.slashdot.org/story/17/09/15/1910200/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer (see comments)


NBC news story with “Music Major” in the headlines but barely in story:

https://www.nbcnews.com/business/consumer/equifax-executives-step-down-scrutiny-intensifies-credit-bureaus-n801706


Commentary: https://securityledger.com/2017/09/opinion-when-they-say-your-major-is-a-problem-what-they-mean-is-your-gender-is-a-problem/


Twitter thread with a security expert: https://twitter.com/lcamtuf/status/909130573007904768


Another, with Mudge, famed hacker: https://twitter.com/dotMudge/status/908865491942367232


(Full disclosure: Dr. Peterson’s bachelor's degree was in Music Education.)

CCleaner Compromised to Distribute Malware for a Month

Version 5.33 of CCleaner (available for download August 15 to September 12) included the Floxif malware. Floxif gathered information and communicates with a C&C server, but there is no evidence that it ran any other binaries. The malware would quit if the user wasn’t using an administrative account, and ran only on 32-bit systems. It’s unknown if this was done internally, or by some external third party. This lapse in security comes a few months after Avast bought CCleaner’s original developer.

https://www.bleepingcomputer.com/news/security/ccleaner-compromised-to-distribute-malware-for-almost-a-month/


Vevo hacked via “linkedin phishing scheme”, 3.12 tb of data stolen

Hacking group OurMine was able to steal 3.12 tb of videos, internal documents, and other media from Vevo. OurMine compromised an employee’s Okta (app used to sign into workplace networks) through a LinkedIn phishing scam, which granted them access to a Vevo media server. OurMine made the stolen data publically available after an exchange with a Vevo employee where they were told to “f*ck off”.

https://nakedsecurity.sophos.com/2017/09/17/vevo-hacked-3-12-tb-of-data-leaked/


Russia spoofing GPS

Over 20 ships in the Black Sea have reported some anomalies with their GPS-based navigation systems. Their navigation systems are showing that they are on land near an airport, when they are quite obviously in the middle of the sea. This is most likely a spoofing attack, carried out by overpowering the real GPS signal with a fake one. This is not the first report of Russia spoofing GPS. Tourists near the Kremlin report their GPS reporting that they are at an airport (possibly to prevent drones from flying in the area). The spoofing attacks seem to follow Putin -- affected ships were moving near Putin’s Black Sea Residence when their GPS stopped working.

https://nrkbeta.no/2017/09/18/gps-freaking-out-maybe-youre-too-close-to-putin/




Reply all
Reply to author
Forward
0 new messages