Airbus Suffers Data Breach, IT Personnel Affected
Airbus has reported, in accordance with the EU’s GDPR compliance regulations, that it has detected a data breach affecting contact and identification details for some employees, included some in IT. The company has announced that it has strengthened security measures and is currently investigating the breach.
Abine Announces 2.4 Million Affected in Blur Data Breach
Abine announced that a file containing personal information for some 2.4 million users who had registered before 2018 had been left freely accessible online. The information contained in the breach includes email addresses, some names, some password hints, IP addresses, and encrypted website passwords. The company says that no passwords stored inside of users’ accounts were exposed.
Rogue Mobile Application
Spyware Spreads in Google Play Store
The MobSTSPY spyware, embedded in six apps, spread to 196 countries via the Google Play store. While the method of infection is not novel, the scale of the infection, and the fact that the malware was present in six different apps, is striking. The apps were downloaded more than 100,000 times. The malware itself contains standard spyware capabilities, as well as a trojan-like interface for popular login pages, such as those for Google and Facebook.
Phishing with Custom Web fonts
German Politicians Doxxed in Major Campaign
Attackers have doxed several hundred German politicians, including Chancellor Angela Merkel, belonging to all major German political parties, with the far-right Alternative for Germany (AfD) remaining unaffected. The information released in the dump includes personally identifiable information (PII), bank details and debit authorizations, and private chat histories and conversations with family members. Some of the data in the dump reached as far back as 2009.
Attackers Spread Spam via Emergency Notification Network
The Australian Early Warning Network (EWN), the country’s emergency notification system, was hacked and used to distribute spam to all of the network’s subscribers. The incident occurred as a cyclone approached the Queensland coast. The EWN says that the attacker gained access to the system using “illicitly gained credentials”.
WordPress Vulnerabilities Increased 30% in 2018
Reported vulnerabilities in WordPress increased by about 30% in 2018. In comparison, from 2017 to 2018, WordPress experienced an increase of 21%. In total, 17,142 vulnerabilities were discovered across WordPress sites in 2018, compared to 14,082 in 2017. Approximately one half of these vulnerabilities have a publicly available exploit, and another third do not have any known solutions.
DNS Hijacking Campaign Attributed to Iranian Actors
A major, global DNS hijacking campaign targeting victims in North America, Europe, the Middle East, and North Africa since 2017 has been attributed to unidentified actors in some way associated with Iran. The attacks, which were staged in clusters from January 2017 to January 2019, employed DNS record manipulation and fraudulent SSL certificates, allowing the attackers to harvest credentials for further attacks against the affected organizations.
DHS Orders Government Agencies to Audit DNS Records, DNS Services Updating Security Infrastructure
The US Department of Homeland Security has issued an order to government agencies directing those agencies to conduct a full DNS audit, including password changes, enabling of MFA, and implementation of Certificate Transparency logs. In a related development, several major DNS providers have announced their intentions to make significant upgrades to their DNS handling software in order to increase speeds and block several security workarounds.
DarkHydrus Using Google Drive as C2 Server
The DarkHydrus APT, as known as Lazy Meerkat, has been observed using Google Drive as a Command and Control (C2) server for its variant of the RogueRobin Trojan. Drive is not the default C2 server, though the trojan’s code allows the attacker to manually enable a DNS tunnel for communication with Drive should the need arise. The use of Google Drive allows the trojan to upload, download, and update files while effectively bypassing blocklists, due to Google generally being whitelisted at the majority of organizations.