Cyber News Rundown: December 2020

  • 23 December 2020
  • 1 reply
  • 216 views
Cyber News Rundown: December 2020
Userlevel 7
Badge +48
  • Community and Advocacy Manager
  • 1662 replies

SMS App Exposes Messages of Millions

Despite the weeks of effort from the developer, GO SMS Pro an instant messaging app with over 100 million users is still suffering from messages being leaked. What originated as a bug has left the messaging app critically flawed for upwards of three months, with no clear signs of resolution, as even new versions of the app have been unable to rectify the problem. The researchers who discovered the flaw were able to view video and picture messages, along with other private messages, due to the URL shortening that occurs when the messages are sent to contacts that don’t have the app installed.

 

Default Passwords Compromising Radiology Equipment

Spreading across a wide range of medical equipment, researchers have discovered that GE implemented default passwords, that can be easily found online. These passwords are used by technicians to perform routine maintenance but could be illicitly used to take control of the machines or cause them to malfunction. To make matters more difficult, users are unable to change these credentials on their own and require a certified GE tech to come on-site to make the adjustments. While GE has stated that they don’t believe an unauthorized access has been identified, the critical nature of these machines makes this a high priority vulnerability.

 

Payment Card Skimmers Hiding in CSS

The latest evasion tactics being used by payment card skimmers is camouflaging themselves into the CSS of the compromised e-commerce site. The skimmer in question is run by the Magecart group, which is known for staying on the latest edge of evading current detection software and finding better methods for boosting longevity on compromised systems. The embedded script launches when the customer starts the checkout process, by redirecting them to a new page, and begins stealing any information that is entered into the form.

 

Trickbot Spreading Through Subway Marketing Emails

Customers of Subway UK have been receiving confirmation emails regarding a recent order, but instead contained malicious links that initiated the download of Trickbot malware onto the current device. Subway has since disclosed that they found unauthorized access on several of their servers, which were then used to launch the email campaign. For any users that did click on the malicious link, there is a known process that will be running in the Task Manager, which can be terminated by the user to stop additional illicit activities that are typical of a Trickbot infection.

 

Ransomware Strikes City of Independence, Missouri

Officials for the City of Independence, Missouri have been working for the past two weeks to recover from a ransomware attack that forced them to take several essential services offline. Fortunately, there were some recent file backups that are being used to restore some of the encrypted systems to normal functionality. At this point, officials are still uncertain if any customer or employee data was stolen during the attack, and no ransomware group has come forward to take credit for the attack or post stolen data for sale.

 


1 reply

Userlevel 6
Badge +17

This is all great info, thank you.

But is missing important details on these known issues. For one example, “Trickbot Spreading Through Subway Marketing Emails” says ”... there is a known process that will be running in the Task Manager...” but does not say what that task is named so that one can actually go check for it and terminate it if found.  

 

I realize now that your links point not to the company mentioned, but to the article mentioned. That is very confusing. When I see, “Customers of Subway UK have been receiving confirmation...” I expect that the name highlighted as a link is a link to the company named, not to an article about this issue. 

Thanks for listening. 

Reply