Leafly, a cannabis information platform, suffered a data leak that exposed the personal information of some of its customers.
Exposed records include user’s email addresses, usernames and encrypted passwords, fortunately, no financial data
For some users, the database also leaked names, ages, gender, location, and mobile numbers.
“On September 30, we teamed that a set of Leafly user records dated July 2, 2016 held in a secondary Leafly database was disclosed without permission. Your email address was in that file,” reads the notification email sent to the impacted customers. “
The company hired a forensic security firm to help its staff in the investigation. The company recommends users to reset the password and use a unique password for each service online.
“However, it is a good idea to ensure that you use a unique password on Leafly and other services you use. If you share passwords across services and haven’t updated them recently, and you haven’t reset your Leafly password, we recommend you do SO DOW,” continues the notification mail.
“Please accept our sincere apology for any concern this has caused. If you have any questions, please reach out to our customer support team at email@example.com,” states Leafly.
At the time it is not clear the number of impacted users.
The post Leafly Cannabis information platform suffered a data leak appeared first on Security Affairs.
FireEye Mandiant discovered that the FIN7 hacking group added new tools to its cyber arsenal, including a module to target remote administration software of ATM vendor.
Security experts at FireEye Mandiant discovered that the FIN7 hacking group has added new tools to its arsenal, including a new loader and a module that hooks into the legitimate remote administration software used by the ATM maker NCR Corporation.
The group that has been active since late 2015 targeted businesses worldwide to steal payment card information. Fin7 is suspected to have hit more than 100 US companies, most of them in the restaurant, hospitality, and industries.
In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft.
The new loader is able to drop the malware directly in memory, it was dubbed BOOSTWRITE and allows threat actors to load several malicious codes, including the Carbanak backdoor.
Researchers also spotted a new RAT tracked as RDFSNIFFER that is dropped by the BOOSTWRITE loader.
“The first of FIN7’s new tools is BOOSTWRITE – an in-memory-only
BOOSTWRITE implements the DLL search order hijacking technique to load its DLLs into the target’s memory that allows it to download the initialization vector (IV) and the decryption two embedded payload DLLs.
Before decrypting the embedded PE32.DLLs payloads the loader performs sanity checks on the
The researchers analyzed several samples of BOOSTWRITE, one of them that was uploaded to VirusTotal on October 3 was signed with a code signing certificate issued by MANGO ENTERPRISE LIMITED.
The loader was observed delivering the RDFSNIFFER DLL which allows an attacker to hijack instances of the NCR Aloha Command Center Client application and interact with victim systems via existing legitimate 2FA sessions.
RDFSNIFFER hooks the process of NCR Corporation’s RDFClient, it runs every time the legitimate software for remote admi
The malicious code is designed to run
Below the list of supported commands:
|Command Name||Legit Function in RDFClient||RDFClient Command ID||Description|
|Upload||FileMgrSendFile||107||Uploads a file to the remote system|
|Download||FileMgrGetFile||108||Retrieves a file from the remote system|
|Execute||RunCommand||3001||Executes a command on the remote system|
|DeleteRemote||FileMgrDeleteFile||3019||Deletes file on remote system|
|DeleteLocal||–||–||Deletes a local file|
In March, the group carried out attacks delivering a previously unseen malware tracked as SQLRat that drops files and executes SQL scripts on the host. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic.
In April 2018, FIN7 hackers stole credit and debit card information from millions of consumers who have purchased goods at Saks Fifth Avenue and Lord & Taylor stores.
“While these incidents have also included FIN7’s typical and long-used
“Barring any further law enforcement actions, we expect at least a portion of the actors who comprise the FIN7 criminal organization to continue conducting campaigns.”
The post FIN7 Hackers group is back with a new loader and a new RAT appeared first on Security Affairs.
Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back.
Like most people, the internet knows way too much about me — my age, address, phone numbers and job titles for the past 10 years, my home value, the names and ages of family members — and I’d like to change that.
But there’s a catch: Like most people, I can’t go off the digital grid altogether because my professional life requires me to maintain an online presence. So, the more critical question is this:
How private do I want to be online?
The answer to that question will differ for everyone. However, as the privacy conversation continues to escalate, consider a family huddle. Google each family member’s name, review search results, and decide on your comfort level with what you see. To start putting new habits in place, consider these 15 tips.
15 ways to reign in your family’s privacy
- Limit public sharing. Don’t share more information than necessary on any online platform, including private texts and messages. Hackers and cyber thieves mine for data around the clock.
- Control your digital footprint. Limit information online by a) setting social media profiles to private b) regularly editing friends lists c) deleting personal information on social profiles d) limiting app permissions someone and browser extensions e) being careful not to overshare.
- Search incognito. Use your browser in private or incognito mode to reduce some tracking and auto-filling.
- Use secure messaging apps. While WhatsApp has plenty of safety risks for minors, in terms of data privacy, it’s a winner because it includes end-to-end encryption that prevents anyone in the middle from reading private communications.
- Install an ad blocker. If you don’t like the idea of third parties following you around online, and peppering your feed with personalized ads, consider installing an ad blocker.
- Remove yourself from data broker sites. Dozens of companies can harvest your personal information from public records online, compile it, and sell it. To delete your name and data from companies such as PeopleFinder, Spokeo, White Pages, or MyLife, make a formal request to the company (or find the opt-out button on their sites) and followup to make sure it was deleted. If you still aren’t happy with the amount of personal data online, you can also use a fee-based service such as DeleteMe.com.
- Be wise to scams. Don’t open strange emails, click random downloads, connect with strangers online, or send money to unverified individuals or organizations.
- Use bulletproof passwords. When it comes to data protection, the strength of your password, and these best practices matter.
- Turn off devices. When you’re finished using your laptop, smartphone, or IoT devices, turn them off to protect against rogue attacks.
- Safeguard your SSN. Just because a form (doctor, college and job applications, ticket purchases) asks for your Social Security Number (SSN) doesn’t mean you have to provide it.
- Avoid public Wi-Fi. Public networks are targets for hackers who are hoping to intercept personal information; opt for the security of a family VPN.
- Purge old, unused apps and data. To strengthen security, regularly delete old data, photos, apps, emails, and unused accounts.
- Protect all devices. Make sure all your devices are protected viruses, malware, with reputable security software.
- Review bank statements. Check bank statements often for fraudulent purchases and pay special attention to small transactions.
- Turn off Bluetooth. Bluetooth technology is convenient, but outside sources can compromise it, so turn it off when it’s not in use.
Is it possible to keep ourselves and our children off the digital grid and lock down our digital privacy 100%? Sadly, probably not. But one thing is for sure: We can all do better by taking specific steps to build new digital habits every day.
Be Part of Something Big
October is National Cybersecurity Awareness Month (NCSAM). Become part of the effort to make sure that our online lives are as safe and secure as possible. Use the hashtags #CyberAware, #BeCyberSafe, and #NCSAM to track the conversation in real-time.
The post 15 Easy, Effective Ways to Start Winning Back Your Online Privacy appeared first on McAfee Blogs.
Security researchers at Adaptive Mobile who discovered the SimJacker issue have published the list of countries where mobile operators use flawed SIM cards.
Exactly one month ago, researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.
The SimJacker vulnerability resides in the S@T (SIMalliance Toolbox) Browser dynamic SIM toolkit that is embedded in most SIM cards used by mobile operators in many countries. The experts discovered that that the exploitation of the vulnerability is independent of the model of phone used by the victim.
Now Adaptive Mobile published the list of countries where local mobile operators are using SIM cards affected by the Simjacker flaw, anyway the company did not name the impacted mobile phone carriers.
“This varies by country and region. From our
Below the full list of countries published by the experts:
The S@T Browser application is installed on multiple SIM cards, including eSIM, as part of SIM Tool Kit (STK), it enables the SIM card to initiate actions which can be used for various value-added services.
Since S@T Browser implements a series of STK instructions (i.e. send, call, launch browser, provide local data, run command, and send data) that can be executed by sending an SMS to the phone.
The Simjacker attack involves an SMS containing commands that instruct the SIM Card in the phone to ‘take over’ the phone.
The attacker could exploit the flaw to
- Retrieve targeted device’ location and IMEI information,
- Spread mis-information by sending fake messages on behalf of victims,
- Perform premium-rate scams by dialing premium-rate numbers,
- Spy on victims’ surroundings by instructing the device to call the attacker’s phone number,
- Spread malware by forcing victim’s phone browser to open a malicious web page,
- Perform denial of service attacks by disabling the SIM card, and
- Retrieve other information like language, radio type, battery level, etc.
The experts explained that the attack is transparent to the users, the targets are not able to notice any anomaly.
Adaptive Mobile revealed that a private surveillance firm was aware of the zero-day flaw since at least two years and is actively exploiting the SimJacker vulnerability to spy on mobile users in several countries.
Experts also added that the vulnerability has been likely exploited by
After the flaw was publicly disclosed, the researchers at
Experts at Adaptive Mobile also analyzed the impact of the recently disclosed WIBattack and explained that it impacts a smaller number of users compared with SimJacker. Experts estimated that only 8 operators in 7 countries are using SIM cards vulnerable to the attack.
“WIB is a propriety SIM card technology like S@T which reports show could also be exploited via ‘Simjacker-like’ attacks. However, it’s important to state that we haven’t seen any attacks involving WIB.” concludes the report. “The WIB technology itself seems less prevalent that the S@T Browser (see diagram below and section 7 of the report), and available
The following graph shows the number of Vulnerable Countries & Operators for S@T Browser and WIB.
“This has important implications for all Mobile Operators if they wish to deal with attacks from threat actors like this in the future.” concludes the report.”It means that previous ways of relying on recommendations, with no operational investigation or research won’t be enough to protect the mobile network and its subscribers, and what’s worse, will give a false sense of security.”
The post SIM cards used in 29 countries are vulnerable to Simjacker attack appeared first on Security Affairs.
Australia! Geez it's nice to sit amongst the gum trees and listen to the birds, even if it's right in the middle of some fairly miserable weather. I'll continue to be here for the foreseeable future too, at least in one state or another. But being back here hasn't stopped me talking about European laws being handled by a local American website nor commentating on the (now well and truly over) debate about the usefulness of visual identity indicators in browsers. But hey, at least the discussion keeps in providing entertaining material!
- I tweeted about not liking having content blocked when I'm in Europe (no, it doesn't mean I don't like privacy, it means I don't like the choice being taken away from me!)
- Is there an elephant in the room? (Or are some people just still fighting a battle for visual indicators that's already been lost?)
- But folks pretty quickly ripped into it (sanity prevails, let's treat it as a fruitless attempt to reverse the attitude of most of the major browser vendors)
- And just to nail that coffin shut, the thread here is good (it'd be hard to find many people better versed in this stuff than @sleevi_)
- Sponsored by Resistance DEX - Privacy-Focused Decentralized Trading - Download it Now!