8 February 2019
Flaws In SS7 Exploited To Empty Bank Accounts Of The Metro Bank
The Metro Bank in the UK has fallen victim to a malicious Signaling System 7 (SS7) attack. The flaws in SS7 were previously exploited by hackers to intercept text messages and track phones across the globe. However, the cybercriminals have taken this attack to an all new level by emptying bank accounts of victims. According to Motherboard, the National Cyber Security Center (NCSC) said that it is aware of latest targets of cybercriminals. The NCSC confirmed that the hackers are exploiting the SS7 to intercept codes used for banking. SS7 is a protocol used by telecom companies to coordinate how they route texts and calls around the world. Meanwhile, Metro Bank has acknowledged that it has faced an SS7 attack. The firm has notified the law enforcement agencies about the attack. It believes that a small number of its customers may have been impacted by this attack. Metro Bank has enhanced its security protections to prevent such attacks. In addition, it has advised customers to review their bank account for any suspicious activity.
The UK Grills Google for Potential Data Privacy Violations
E-ticketing Flaw Allow Hackers to Print Boarding Passes
E-ticket systems used by 8 major airlines, including Southwest, suffer from a lax security that could expose personal identifiable information and result in tampering. Researchers at Wandera published a report highlighting vulnerability found in check-in emails delivered to passengers. The issue comes from the use of unencrypted check-in links sent to passengers via email. When a person clicks on the link, they are directed to a site to check in for their flight, make changes or print their boarding pass. Because the links are unencrypted, Wandera warns that a malicious actor connected to the same Wi-Fi network could intercept the link request and gain access to the person's check-in page. Once a hacker has access to the page, they could view a significant amount of personal information, from names and addresses to Passport and ID numbers. They could also access specific details about the flight including booking references, flight times and numbers and seat assignments.
MacOS Zero-Day Vulnerability Found in Keychain
A German security researcher published a video describing the new zero-day vulnerability that impacts Apple’s MacOS. The researcher Linus Henze noted that the vulnerability could allow a malicious application running on a MacOS system to gain access to passwords stored in the Keychain password management system. Henze explained that the vulnerability is present in the Keychain password management system’s access control and could allow the malicious app to retrieve passwords from the user’s Keychain file without the need of admin privileges nor the keychain master password. Henze disclosed that this vulnerability impacts all MacOS versions up to latest 10.14.3 Mojave and stated that Apple’s lack of a bug bounty program for MacOS is the primary reason for the exploit. It is to be noted that Apple runs bug bounty programs for all its products except MacOS.
Multiple RDP Vulnerabilities Allow Hackers To Gain System Control
Security researchers have discovered multiple vulnerabilities in the Remote Desktop Protocol (RDP) that can result in the so-called ‘reverse RDP attack’. These vulnerabilities can allow bad actors to take control of computers. Discovered by researchers at CheckPoint, there are a total of 25 security issues in the RDP. Of these, 16 issues have been found in the open source FreeRDP RDP client and its fork rdesktop, as well as in Microsoft’s own RDP client implementation. Once the attackers get a foothold of the RDP client by using one of the discovered vulnerabilities, they can expand the scope of the attack to the machine’s entire local network. Eleven vulnerabilities with a major security impact are discovered in the 1.83 version of the rdesktop RDP client, while FreeRDP 2.0.0-rc3 contains five vulnerabilities of major security impact. The researchers were also able to find a vulnerability in the Mstsc client too. In order to address these issues, the users have been advised to disable the shared RDP clipboard feature in their clients until a security patch is released. In addition, RDP clients should always be kept up to date to protect their computers from being exploited by such vulnerabilities.
Dating App Exposes Private Photos Due to Authentication Flaw
Dating app Jack’d has been found containing an authentication flaw which allows attackers to download private photos of its users. It appears that anyone can look up and download photos from a web browser without logging or registering on their site. This can allow attackers to stack entire image databases and use it for extortion or other malicious purposes. Even after The Register informed the app developers of this issue three months ago, there has been no update regarding a security patch. The flaw was first discovered by security researcher Oliver Hough. He came across a programming error in the application that led to this vulnerability. Instead of allowing images that should only be viewed by Jack’d users, the bug is the reason anyone can view them without a login. Further technical details of the vulnerability have not been disclosed as of now to prevent any exploitation. Jack’d’s parent company, Online Buddies, has also shied away on responding to this issue, which could potentially lead to breach incidents.
New GandCrab v5.1 Ransomware Comes With New Exploit Kit
It was only a few months back that free decryption tools were made available for GandCrab version 5.0 - 5.0.3. And, while these tools are yet to be made public, a new version of GandCrab has appeared. The developers of GandCrab released the new version - GandCrab v5.1 - within 24 hours of the release of the decryption tools. According to an extensive report from Coveware, the latest version of the ransomware comes with a variety of distribution changes and UX updates to the GandCrab TOR sites. The ransomware’s TOR site comes with a hidden private chat that can be enabled using one of the discount codes. This allows dishonest data recovery firms to hide the final cost of the GandCrab decryption process from its customers, along with their chats with the GandCrab support. The discount code can be requested over chat. However, it can only be activated on the systems of targeted users.
Zcash Team Fix Vulnerability That Allowed Counterfeiting
Zcash, which is a popular cryptocurrency like Bitcoin and Ethereum, had a critical flaw which could have jeopardized its usability on a large scale. The vulnerability lied in zk-SNARK parameters, from the key generation method used in Zcash. It allowed attackers to create counterfeit Zcash in large numbers. Ariel Gabizon, the cryptographer who uncovered this flaw, saw that zk-SNARK was having additional logical elements that led to a soundness bug. He found that zero-knowledge proofs which are used in Zcash could be faked by creation of false proofs due to the soundness bug. Thus, an attacker could create an unlimited amount of shielded coins where the verifier will be affected by the bug.Zcash Company, the creators of Zcash, revealed in a blog that the vulnerability was patched completely. The company mentions that attackers needed to have specific information from Zcash’s MPC protocol transcript to exploit the flaw. Apparently, this transcript was removed as soon as the flaw was discovered but it was reconstructed once Zcash Company remedied the issue.
Mumsnet reports itself to regulator over data breach
Mumsnet has reported itself to the information commissioner after a data breach resulted in users accidentally logging into the accounts of strangers. A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility that their accounts would be switched. Each user was able to post as the other, see their account details, and read private messages. The company doesn’t know how many user accounts were affected, but says that over the three days the bug was live, from Tuesday afternoon to Thursday morning, about 4,000 users logged in. Of that, only 14 users have reported an issue. Mumsnet founder Justine Roberts apologised to users in a post, saying: “You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We will of course be reporting this incident to the information commissioner.”