Cyber Security Training from QA

Cyber Pulse: Edition 53

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


15 February 2019

DataCamp Hit With A Breach

Popular data science learning site DataCamp suffered a breach on Monday compromising sensitive information of some of its users. The company immediately notified the affected users regarding the incident and has logged out all their accounts as a security measure. It has also reset passwords of these accounts. Robert Cabral, Director of Customer Support for DataCamp, informed in the security update that, "We are still investigating the precise causes and are retaining a leading digital forensics and security firm to assist us in the work being conducted by our internal security team. We will be notifying the data protection authorities." DataCamp has also disclosed the details of user data affected in the breach. Personal information included name, email address, optional info such as location, company, biography, education, and a picture of the user. On the account side, bcrypt-hashed passwords, account creation date, last sign in date & sign in IP address were involved. However, the platform has mentioned that no payment-related information was stolen since they were not stored in their systems.

Cybercriminals Hack Malta's Bank of Valletta, Embezzle Funds!

Cybercriminals broke into Malta’s Bank of Valletta (BOV) and reportedly stole around $15 million from the bank’s systems. It is suspected that the cyber attack came from an overseas entity. The theft was detected immediately after the bank observed ‘reconciliation problems’ in international transfers. As a result, the bank temporarily shut off all the operations including email services as well as its website. “All of the bank’s functions - branches, ATMs, mobile banking and even email services - were suspended and its website taken offline,” reported Times of Malta. In the latest statement, Prime Minister of Malta, Joseph Muscat announced that the transactions would be reversed immediately. BOV has asked its correspondent banks to block and reverse the transactions that were done. Muscat told media that the attackers made international fund transfers which were blocked within 30 minutes. These were being made to banks located in the UK, the US, Czech Republic, and Hong Kong.

620 Million Accounts Stolen From 16 Hacked Websites, Sold On DarkWeb!

A trove of data stolen from 16 different websites is available for sale on the dark web. The data is available on the popular Dream Market forum for less than $20,000 worth of Bitcoin. Some 617 million online account details have been estimated to be stolen from the 16 websites. The list of websites to which the leaked accounts belong, includes Dubsmash, MyFitnessPal, MyHeritage, Animoto, 8fit, 500px, Armor Games, CoffeeMeetsBagel and Artsy. The highest number of records were stolen from Dubsmash, recording a total of 162 million. Data compromised in the hack includes account holder names, email addresses and hashed passwords. The Register pointed out that few of these websites revealed information such as personal details and social media authentication tokens of users. The data does not include financial information. While some of these websites have suffered repeated breaches, there are a few that suffered the data breach for the first time. The records were breached mostly during 2018. Spokespersons from MyHeritage and 500px confirmed the authenticity of the data. 500px also confirmed about its users’ data being stolen and put for sale.

'Dirty Sock' PE Vulnerability In Linux Systems

A security researcher for Shenanigans Labs, Chris Moberly, recently discovered a vulnerability affecting the Ubuntu operating system. The researcher named the vulnerability as ‘Dirty Sock’ and noted that this bug is a local privilege escalation vulnerability which could allow attackers to gain root level access to the system. Moberly noted that the actual vulnerability does not exist in the Ubuntu OS itself, but in Snapd, which is included in all recent Ubuntu versions, and in some other Linux distros by default. Snapd is the daemon that manages ‘snaps’, a new app packaging format developed and used in Ubuntu apps since 2014. Snapd allows users to download and install apps in the .snap file format. The security researcher noted that the ‘Dirty Sock’ vulnerability impacts Snapd versions 2.28 and later. Canonical released Snapd version 2.37.1 and also released security updates for the Ubuntu Linux OS. Other Linux distros that use Snapd such as Debian, ArchLinux, OpenSUSE, Solus, and Fedora also released security updates to fix the bug.

Vulnerability Spotted in WordPress plugin ‘Simple Social Buttons'

WordPress plugin Simple Social Buttons is a popular free and paid plugin that allows adding social media sharing buttons on the sidebar, inline, above and below the content of the post, on photos, popups, fly-ins. This plugin has been installed on more than 40,000 WordPress sites. Luka Sikic, a developer and researcher at WordPress security firm WebARX, discovered a critical security vulnerability in the WordPress plugin ‘Simple Social Buttons’. This vulnerability could allow attackers to modify WordPress installation options. Sikic described the security flaw as “an improper application design flow chained with a lack of permission check”. He described that the improper application design flow along with a lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users to alter WordPress installation options. “A function would iterate through JSON object provided in the request and update all options with option_name from object key and option_value from a key value without checking whether the current user has permission to manage options or provided option_name belongs to that plugin,” Sikic explained in a blog.

New Offensive USB Cable Allow Attackers To Run Commands over WIFI

A security researcher Mike Grover, who goes by the pseudonym ‘_MG_’, developed an offensive USB cable (O.MG cable) that includes an integrated WiFi PCB. This newly developed malicious USB cable if plugged into a computer could allow attackers to execute commands on the computer or manipulate a mouse cursor over WiFi. Grover described that the WiFi chip embedded in the USB cable allows an attacker to remotely connect to the computer and execute commands. This cable when plugged into a computer is detected by the operating system as a human interface device (HID). HID devices are considered as input devices by an operating system, they can be used to input commands as if they are being typed on a keyboard. The security researcher explained that when the cable is plugged into a computer, it works like a keyboard and a mouse. This implies that an attacker can input commands regardless of whether the device is locked or not. Even worse, if the computer locks a session using an inactivity timer, the offensive cable plugged-in can simulate user interaction to prevent session locking.

Unknown cyber attackers have entirely wiped VFEmail's servers

VFEmail, an email service provider offering free and paid services since 2001, has been struck with a devastating blow by a cyberattack. Unknown cyber attackers have entirely wiped out their servers of data related to the email provider’s US users. The incident came to light yesterday when VFEmail’s site and web client faced an outage for a while. It appears that the attackers have even destroyed the backup servers used by the company. The email provider elaborated on the developments in a series of tweets. “At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provider were intact, and service should be up there,” read one tweet. “Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy,” described another tweet indicating that the hack was not intended for extortion. Fortunately, VFEmail has told that its employees are working to recover a server which was caught during an attempted ‘formatting’ by the attackers. The company might provide an update regarding this in the coming days. Moreover, VFEmail’s subdomains have also been offline post the hack.

 

Visit cyber.qa.com for more information on how QA can help solve the Cyber Security skills gap and subscribe to Cyber Pulse.

 

Useful links

Cyber Pulse: Edition 52

Cyber Pulse: Edition 51

Cyber Pulse: Edition 50

Cyber Pulse: Edition 49

Cyber Pulse: Edition 48

Cyber Pulse: Edition 47

Cyber Pulse: Edition 46

Cyber Pulse: Edition 45

Cyber Pulse: Edition 44

Cyber Pulse: Edition 43

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Specialist

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.