• Dominique

The SecuriTea News - Issue #6

Every Friday The Weekly SecuriTEA Report brings you the latest week’s trending Information Security News. Here's what is new for this week:

Coordinated Ransomware Attacks Hit Texas. Last week Friday, 22 local municipalities in Texas had their systems locked out of by a coordinated ransomware attack, making this one of the largest scale ransomware attacks to have occurred to a government agency (Ransomware, for those who may not know, is an attack where a malicious actor has gotten in to your computer and encrypted your data in exchange for money). Many of the municipalities are in rural places, making them a prime target for such an attack due to the lack of a more robust IT department. The attacker exploited a software used by the various cities, and managed by an outsourced third party, and have affected many parts of everyday life for its residents. For example, birth and death certificates are not available online, and the city can't accept utility payments from any of its 13,250 residents. Collectively, the single, unidentified threat actor is asking for a collective $2.5 million dollars in order to unlock their systems. All of the municipalities have not been revealed but two cities have come forward, Borger and Keene, confirming the attack with one mayor confirming that everything in their City Hall has been impacted. Restoration is still ongoing with no timeline yet established for when full capacity will be back.

Stop Believing Everything You See On Instagram.

Social media is great for many things: posting pictures, being up-to-date minute by minute on the latest chicken wars between Popeyes and Chik Fil A - but disseminating important information like an enterprise Privacy Policy, not so much. If you don't live under a rock you may have seen something similar to the this being spread around the internets by celebrities and government officials alike (you read that right). The post was warning users to repost in order to protest against an unverified Instagram policy that was soon to take affect and could use your photos in litigation against you. Just to clarify: by using any service such as Instagram, Facebook, or Twitter you have already agreed to their terms of service and policies. The only way to mitigate this is to not use any of the services all together. The unfortunate reality is that once you put something on the internet that data is now out of your control. It can be shared, screenshot and used in ways you may not want. To combat this *always* be careful about what information you tweet or post. If you are worried about how an organization is processing or using your data, go to their website and read their terms of service and policies. A reputable company will always post how your data is used and is usually found in links at the bottom of the page. This will help you avoid the yearly instagram hoaxes.

Revealed Zero-Day At Blackhat Turns Out To Be No Accident. Security researchers revealed a critical zero-day vulnerability in an administrative tool called Webmin. (For context, a zero-day is a security flaw in a software that the makers of the software do not know about. If they don't know about the flaw, they can't fix it, leaving users of this software open to attackers who happen to find the flaw before the makers.) Once revealed and investigated, it turns out that this vulnerability wasn't an accident on the part of the vendor - the vulnerability was planted a year prior by a malicious actor and sat unnoticed until Blackhat. This vulnerability was classified as a backdoor, which means literally what it says, it is an undocumented, secret way to enter into an application usually reserved for administrators for upkeep, and this one in particular gave anyone with knowledge of its existence the ability to execute commands as root, which is an account an attacker could use to take full control of the targeted device. In simple turns, if this vulnerability was on your device and an attacker took advantage of it, they now have control of your computer. From there they have free rein to your data. The vulnerability has since been updated and you can find out more information about how the malicious hacker was able to keep their hack unnoticed, despite updated versions and a brand new server being installed.

Recent Apple Update Could Leave Your iPhone Open To Jailbreak. Typically updates pushed to your phone are supposed to fix known issues but in a recent Apple update, iOS 12.4, it did the opposite and introduced a flaw that could allow the device to be jailbroken as well as vulnerable for attackers to escalate privileges and run code-execution attacks. What you need to know about these two types of attacks is that it would allow a malicious attacker to run some type of malicious code on your device in order to gain full access to the device and possibly its data. The flaw was first found by Motherboard and affects a variety of devices including the iPhone 5s and later, iPad Air and later, and the iPod touch sixth generation. This flaw was initially patched in the last release (12.3) after a researcher in the Google Zero Project found and released an exploit for it, properly of course. If you want to give it a shot at jailbreaking your own phone you can find more information on Github here, thanks to a user posting and tweaking the previous researchers code. Note, your device has to be updated to the latest version for it to work.

If you play Fortnite, don't download Syrk. As mentioned above ransomeware is an attack that holds, or in this case deletes, data in exchange for money. In a recent string of ransomware hitting the internets there is one, dubbed Syrk, that is targeting Fortnite's huge user base under the guise of being a tool that will help players with more accurate gameplay as well as helping them find the location of other players. Fortnite's user base various in age but definitely has a younger demographic who are easy to exploit as they are not careful regarding the packages and tools they download - all they care about is winning the game. An analysis of this ransomware shows that once a game user downloads this tool and install, code is executed that connects back to the malicious attackers server and begins encrypting a range of files on the device. Once these files are encrypted the program sets about deleting files every two hours and even affects USBs if connected. Luckily for games, researcher have found and published a way to decrypt and recover deleted files. Nevertheless, this malware just proves how dangerous it is to download unverified files.

And that's a wrap for your Weekly SecuriTea Report. Be sure to check out the latest every week for the latest in Information Security News.


    Drop Me a Line, Let Me Know What You Think