Security Briefing 1.10.17
Several unsecured MongoDB files compromised since December 2015 – identities of millions, including 3.3 million adults and children Hello Kitty fans, published online. Sanrio stated in 2015 that no one had compromised the data of its users from the MongoDB Files, however recently a database was found on LeakedSource that contained personal information of 3.3 million users, including nearly 185,000 people under the age of 18.
Russia actually pulled the trigger on blocking LinkedIn nation-wide as well as pulling the application from mobile device stores. Russian courts ruled that LinkedIn, a popular social networking site for professionals, has breached the country’s data protection rules and has actually blocked the site nation-wide.
A second variant of the Shamoon 2 malware discovered by researchers at Palo Alto Networks has been set up to target virtualization products, likely in an effort to increase the impact of the attack and make recovery more difficult for targeted organizations. These attacks are disk-wiping scheduled malware targeted at Saudi Arabian organizations and some other organizations in the Persian Gulf targeted at virtual desktop infrastructure.
Following the Intelligence Community report blaming Russia for both the Democratic National Committee hack in 2016, and for attempting to influence the presidential election in favor of Republican Donald Trump, the Democrat Governor of New York has now introduced new cyber security proposals to his January State of the State address. This includes establishing a cyber incident response team (CIRT) from other national agencies, to help state agencies and local governments who are hit with cyber attacks and scaling punishment for harsher crimes.
A snippet of malicous code designed to crash Mac OS machines is being delivered through drive-by downloads as part of a campaign designed to trick users into calling a fake tech support service, security researchers warn. This is rendered useless by upgrading to Sierra 10.2.2 or higher. Macs historically have been less prone to browser hijacks and drive-by downloads, so this is a bit concerning.
Nintendo released Super Mario Run for iOS devices, but did not release the game for Android devices yet. Some crafty hackers have released ‘Super Mario Run’ for Android, which actually infects the mobile device with Marcher, a sophisticated banking malware strain capable of stealing the victims’ banking and credit card information.
Linux or Unix variant malware is rare, but it does exist. The destructive KillDisk malware previously associated with attacks targeting industrial firms, was recently observed infecting Linux machines as well, ESET security researchers warn. Killdisk was used to target Ukraine’s energy sector in late 2015. Primative versions of Killdisk wipe the hard drive, already bad, the updated versions include encryption technologies and ransomware behavioral patterns. It has been observed in the wild targeting Linux workstations and servers, demanding a ransom of 222 bitcoins (nearly $250,000 USD), according to ESET.
CES 17 (consumer electronics show) was last week and, while numbers like ’50 billion devices will be connected to the internet by 2020’ are touted, not a lot of people seemed to care about cybersecurity. There were some hidden gems at the show, though, such as a collaborative effort between Symantec and Norton to release a router with Norton Core technology, which will protect all devices on the network that cannot protect themselves (like, your smart water bottle or Bluetooth toothbrush or, perhaps a better example, your DVR’s, cameras, etc)
In conclusion, use us to keep your stuff safe, from MongoDB Files to other cyber security concerns, we can handle it.