In fairly recent news, eight adult websites had their databases breached and downloaded to a total file size of 98 megabytes. Now judging from that number, one could assume that this is not the most large-scale breach however it is still relevant. What was breached is as follows, IP addresses of users, hashed passwords, names and 1.2 million unique email addresses. Robert Angelini, the man behind it all claims that the figure is inaccurate as the website had only somewhere to the tune of 100k posts on it. The site has been since taken down for maintenance until the security vulnerability is fixed. He urges users to change their passwords. It is said that if the website cannot be secured then it will remain down forever.
This breach is compared to the breach of Ashley Madison in that the users could be blackmailed due to the nature of the website. The nature of the website of course being to post naked pictures of one’s spouse which is definitely of questionable ethics. The difference of course being the scale of the breach with Ashley Madison dumping 36 million users.
For those who have been breached, there are similar takeaways from other breaches, change your password and please don’t reuse passwords. Blackmail could be avoided by signing up for services like this with a disposable email account . Also, the password hashes that were dumped were hashed with Descrypt, a hash function created in 1979. A password hash posted to twitter by Troy Hung, the guy behind https://haveibeenpwned.com/ was cracked in 7 minutes by hashcat. In conclusion this illustrates the risks people may not know that they are putting themselves at by putting personal information on insecure websites.
A researcher has found large flaws in the leading Real-Time Operating System, FreeRTOS. This leaves a large number of Internet of Things devices vulnerable to attack. This affects devices from refrigerators to pacemakers. Last year, Amazon took over project management and upgraded the OS for their own Amazon FreeRTOS IoT operating system. They enhanced the OS for use with their own products in the future.
There are a total of 13 vulnerabilities in FreeRTOS’s TCP/IP stack, which affect the Amazon FreeRTOS as well. These issues let hackers do just about anything they want to the target device, from executing their own code to leaking memory information. The technical details of the flaws have not been revealed to the public in order to protect the development of a fix.
This article was about malware targeted against Macs that can be hidden in the Mac app store. The writer of the article says that although they found the vulnerability, no one has used it yet from what they can see.
This attack could be used by bypassing the code signing done before submission to the app store. The code signature checks or code signing is basically virtual security checks, to make sure the app is safe and stable. It was noticed that the code only gets checked once, and then the signature doesn’t get checked again. This means that an attacker can make a clean app, submit it to the app store, and then once it gets downloads from users, release an update infected with malware for the users to download. They can also steal or buy real code signatures and put them into their malicious app and it has the possibility of getting published to the app store for everyone to download.
The writer of the main article says, “As a result of this research, Reed himself added code signature verification to Malwarebytes Mac products so they now perform a check every time they launch.” Reed works at the company Malwarebytes and he put out an update to their software to check the code signature again of updates to apps. He even says, “A script kiddie could pull off something like this.” This shows how something should be done to fix this problem before others catch on and start infecting peoples computers with malware. This was released recently, so hopefully, it gets fixed soon. I remember when I made my app for the app store and I do not ever remember any checks being done to my updates after the initial release.
Security researchers at F-Secure have developed a new method to extract encryption keys or other sensitive data in memory from a laptop in sleep mode if an attacker can gain physical access to it.
A quick explanation of how this type of cold boot attack works.
A “cold reboot” occurs when a computer is improperly shut down. When that happens, the contents of the system RAM briefly remain after power is lost and might be readable when the system boots back up. In response to this security issue, computer manufacturers programmed the BIOS to overwrite the RAM early in the boot process. This new issue comes in how this fix was implemented. The BIOS stores a value in flash storage to determine whether it needs to wipe the RAM on the next boot, but that value can be set by the operating system or through hardware tweaking. An attacker can then boot the system from a USB drive and read the contents of memory.
This attack is theoretically possible against any Windows-based computer or any Apple computer released prior to 2018 that an attacker can gain physical access to. Microsoft’s current recommendation is for anyone using encryption to use Hibernate mode instead of Suspend mode for keeping a laptop in sleep, as Hibernate wipes any encryption keys from RAM. A more complete fix will require hardware and BIOS changes and likely will not be available for a while.
Many businesses don’t realize that abandoning their previous domain names that they no longer use can pose a huge security threat. A domain name is a name you can register to identify your business on the internet. For Canadian businesses, this is typically a domain name ending in .com or .ca such as example.com.ca. This is a typical example of a domain name. The problem with domain names are that they usually hold onto a decent amount of information about the company and they are left to be managed by lower leveled technician people or outsourced IT support providers to renew these domains. Domain renewals are often seen as a waste of money to many companies due to circumstances such as a change of branding name, reconstructing of the company, or abandoning the domain as a whole. The issue of the abandoned domain name occurs when the domain is no longer paid for and it is out of service so it is then available for anyone to claim after a certain grace period. After this grace period is over and the domain is available up for grabs, this means that even attackers can claim the domain name that was left behind with no proof of identity or ownership regarding the domain. After the domain is snatched by a new owner the domain can then be setup to do a “catch-all” email service which means emails meant for the previous owner will be rerouted to the new owner of the domain which can then end up in the hands of an attacker. As stated by the article “online services often only rely on an email address as a single factor for password resets meaning online services once held by staff of the previous owner can be hijacked.” This is an example of how hijacking an old domain can be devastating towards a business.
This is an image from the article that shows researchers were able to access documents intended for the former clients. (Source: blog.gaborszathmari.me)
Often times even if business have joined other businesses to merge into one, there is still sensitive information to be leaked through emails between clients, colleagues, vendors, suppliers, and service providers.
Research found by Gabor Szathmari and Jereimah Cruz that they were able to:
access confidential documents of former clients;
access confidential email correspondence;
access personal information of former clients;
hijack personal user accounts (LinkedIn, Facebook, etc.) of former staff working in their new jobs; and
hijack professional user accounts (Commonwealth Courts Portal, LEAP, etc.) of former staff by re-registering abandoned domain names belonging to former businesses.
Active LinkedIn accounts belonging to former staff can be hijacked via abandoned internet domains (Source: blog.gaborszathmari.me)
There are many steps one can take to protect their data from abandoned domains. According to the Australian Cyber Security Centre these following steps should be taken to minimize risks for businesses:
Keep renewing your old domain name indefinitely and do not let them expire and be abandoned, especially if the domain name was once used for email.
Close cloud-based user accounts that were registered with the old domain email address (this can be difficult to do for domains with a large number of email addresses).
Unsubscribe the email notifications which may feature sensitive data such as Text-to-email services and banking notifications.
Advise clients to update their address book.
Enable two-factor authentication, where the feature is supported for online services.