Welcome to GlobalSign’s weekly cybersecurity blog.
To say that Twitter had a bad week is an understatement. Earlier this week the popular social media platform suffered what’s being described as everything from a mega breach to “the most catastrophic security breach in company history” and as the AP wrote, “perhaps one of the worst attacks in history.” Not only were the accounts of some of the world’s most prominent people in the world hacked – including former President Barack Obama, Democratic presidential candidate Joe Biden and Elon Musk – it was all part of a Bitcoin scam AND the incident appears to be an inside job.
Also, some concerning news regarding coronavirus vaccine research, as the US, British and Canadian governments say Russian hackers are attempting to steal it. The National Security Agency said APT29, the hacking group known as Cozy Bear which is associated with Russian intelligence, has been taking advantage of the chaos created by the coronavirus pandemic and targeting healthcare organizations by seeking to steal intelligence on vaccines using spear-phishing and malware tactics.
2020 – what a year! And it’s only July.
That’s all for me. Wishing you a safe, hack-free weekend!
Top Global Security Stories
Yahoo Finance/Bloomberg (July 16, 2020) Twitter Races to Unravel How Cyber-Attack Came From Inside
As Twitter Inc. grapples with the worst security breach in its 14-year history, it must now uncover whether its employees were victims of sophisticated phishing schemes or if they deliberately allowed hackers to access high-profile accounts.
On Wednesday, some of the world’s most prominent people, including former President Barack Obama and Democratic presidential candidate Joe Biden, along with Bill Gates, Elon Musk and Warren Buffett, had their Twitter accounts post invitations for an apparent Bitcoin scam. Twitter reacted by blocking further posts from all verified accounts on the service and said it had detected “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
CNBC (July 16, 2020) EU court voids data-sharing pact with the U.S. in Facebook privacy case
A top European court ruled Thursday that companies moving personal user data from the EU to other jurisdictions will have to provide the same protections given inside the bloc.
The ruling by the European Court of Justice could impact how companies transfer European users’ data to the United States and other countries, such as the U.K.
The legal battle started back in 2013, when privacy activist Max Schrems lodged a complaint with the Irish Data Protection Commissioner. He argued that, in light of the Edward Snowden revelations, U.S. law did not offer sufficient protection against surveillance by public authorities.
New York Times (July 16, 2020) Russian Hackers Trying to Steal Coronavirus Vaccine Research, Intelligence Agencies Say
Russian hackers are attempting to steal coronavirus vaccine research, the U.S., British and Canadian governments said Thursday, opening a dangerous new front in the cyberwars and intelligence battles between Moscow and the West.
The National Security Agency said APT29, the hacking group known as Cozy Bear which is associated with Russian intelligence, has been taking advantage of the chaos created by the coronavirus pandemic and targeting health care organizations seeking to steal intelligence on vaccines.
The Russian hackers have been targeting British, Canadian and American organizations researching vaccines against Covid-19. The hackers have been using spear-phishing and malware to try to get access to the research.
Bleeping Computer (July 13, 2020) Critical SAP Recon flaw exposes thousands of customers to attacks
SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments.
The RECON (short for Remotely Exploitable Code On NetWeaver) vulnerability is rated with a maximum CVSS score of 10 out of 10 and can be exploited remotely by unauthenticated attackers to fully compromise unpatched SAP systems according to Onapsis, the company that found and responsibly disclosed RECON to the SAP Security Response Team.
RECON is introduced due to the lack of authentication in an SAP NetWeaver AS for Java web component allowing for several high-privileged activities on the affected SAP system.
Data Breach Today (July 14, 2020) UK Reverses Course, Bans Huawei Gear From 5G Networks
The British government officially reversed course Tuesday and will now ban Huawei's telecom gear from its 5G networks. The ban against use of the Chinese vendor's equipment will go into effect Dec. 31, with the goal of removing all Huawei equipment from the nation's 5G networks by the end of 2027.
The U.K. Department of Digital Culture, Media and Sport made the announcement in conjunction with the National Security Council chaired by U.K. Prime Minister Boris Johnson. The decision was prompted, in part, by White House sanctions announced in May that ban Huawei from using U.S. manufactured processors in its gear.
ZDNet (July 14, 2020) A hacker is selling details of 142 million MGM hotel guests on the dark web
The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020.
The new finding came to light over the weekend after a hacker put up for sale the hotel's data in an ad published on a dark web cybercrime marketplace.
According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900.
Krebs on Security (July 13, 2020) Breached Data Indexer ‘Dbata Viper’ Hacked
Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.
The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime.
Data Viper is the brainchild of Vinny Troia, a security researcher who runs a cyber threat intelligence company called Night Lion Security. Since its inception in 2018, Data Viper has billed itself as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access to the largest collection of private hacker channels, pastes, forums and breached databases on the market.”
Other Industry News
U.S. Secret Service establishes cyber fraud task force
Fintechs from UK, Europe, Australia and Canada targeted through malware
The TLS 1.2 deadline is looming; do you have your act together?
RSA finds two thirds of phishing attacks directed at Canada
Argenta shuts down 143 cash machines after new cyber attack
Spanish politician victim of top secret cyber attack
IT services provider Collabera suffers Maze ransomware attack
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.