CSS News Round-Up: Corporate Networks Targeted By Russian Attack Group

News Round-Up – Get a Quick Rundown of What You Need to Know

 

The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

Corporate Networks Targeted By Russian Attack Group

Microsoft researchers have discovered communications between Strontium, a Russian attack group, and phones, office printers, and even video decoders belonging to different companies, according to Dark Reading. The researchers noted that Strontium was trying to take over the devices in attempts to gain further access into their environments to see private data. The discovery is yet another addition to the almost 1,400 previous alerts of Strontium activity given to affected companies.  

Man Charged for AT&T Malware Scheme

According to Security Week, United States authorities have charged Muhammad Fahd from Pakistan for a massive malware scheme involving AT&T employees. The charges follow his previous arrest in Hong Kong in February last year. Fahd convinced employees to assist him by unlocking phones for payment as well as placing malware on AT&T’s network. He paid around $1 million to the employees in the form of bribes, says the article, with unlocked phones totaling more than 2 million. The crime took place from 2012 to 2017 and Muhammad Fahd will face up to 20 years in prison.

StockX Hack Exposes Over 6.8 Million Records

After disguising it as a system update, StockX was found to have exposed more than 6.8 million records online. The trading platform’s data was listed on the dark web by a hacker for a mere $300 and has already been purchased at least once, says Tech Crunch. As a way of dealing with the breach without admitting it, the company had sent its users a password reset email claiming it was just for updates, according to the article. Tech Crunch notes that StockX has yet to make any comments.

Mexican Bookstore’s 2.1 Million Customer Records Held for Ransom

Libreria Porrua’s MongoDB database was found online containing 2.1 million records of its customers, says Info Security Magazine. After a security researcher stumbled upon the database and notified the company, they received no response and hackers got ahold of it just a few days after. The criminals stole the data and have demanded a $500 Bitcoin payment, the article states. One set of stolen records included names, phone numbers, addresses, emails, hashed payment card details and more. A second set also contained discount card activation codes in addition to other data.

“Warshipping” Technique Can Be Used By Hackers

A new hacking technique, known as “warshipping”, has been proven by researchers. Tech Crunch describes the method as shipping a small device that can be remote controlled to a company, where hackers can potentially use it to locate a WiFi network to break into using the attackers own servers. Theoretically, hackers could break into a company’s network without them even noticing before the package is opened.

Twitter Once Again Caught Sharing User Data Without Permission

Twitter has admitted to sharing data of users with third parties despite their preferences not giving the platform permission to do so, says Security Week. The data was related to the users’ engagement with ads, and has been shared since May of last year. As a result, ads were shown based on this data even if the setting for collecting this data was turned off, the article notes. Luckily, no more sensitive data such as passwords or emails were collected. Twitter resolved the problem on August 5th, says Security Week, and is currently unsure how many users’ data was improperly collected.

Do Users Know What Data FaceApp is Collecting?

An app with 150 million users, FaceApp is a giant with access to a ton of data. While it is becoming increasingly popular for its aging filter, many are unaware of the permissions they are handing over to the Russia-based developers at Wireless Lab, states Dark Reading. The terms and conditions of the app are extreme, giving the company permission to do whatever they want with all users’ data without informing the user, keeping their images and information even after they have requested for them to be deleted, third party data sharing without informing the user, and more, according to the article. Additionally, Russia’s data privacy laws vastly differ from those in the U.S., putting those using the app at even greater risk.

Converged Security Solutions provides our clients with measurable value by better quantifying, reducing, and managing security risk through assessments, remediation, and monitoring of IT and critical infrastructure. Our services span cyber and physical security to address the growing complexities in a world with internet enabled devices. Contact us to request quotes, learn more about the full catalog of services, or for a free initial consultation.