Web Hosting Service Weebly suffers major data breach

data-breaches-notificationWeb hosting service Weebly has confirmed a major data breach reported by LeakedSources.com.

How many victims? 43.4 million accounts

What type of information? Usernames, Email addresses, Passwords and IP addresses. Fortunately, the passwords were heavily encrypted.

What happened?  LeakedSource.com acquired the stolen Weebly data from an anonymous source and reports that they were stolen from the company’s main database in February 2016.

What was the response?  Weebly has responded by resetting passwords and sending out breach notification emails. In a company statement sent to SCMagazine, the company noted: “Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers,” It went further to say “At this point we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident.” The statement went further to say: “Our security team, with support from outside security consultants, is working to protect our customers and to enhance our network protections. This includes initiating password resets, implementing new password requirements and a new dashboard that gives customers an overview of recent log-in history of their Weebly account to track account activity,”

Quote: “This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords,”  – LeakedSource.com’s blog post.

Ghost Push malware affecting Android devices

what-is-malware-as-a-serviceThe latest version of the Ghost Push trojan discovered in 2015 has been found by researchers at Cheetah mobile. This latest variant is able to root almost all Android devices except those running the Android 6.0 Marshmallow or higher.

The malware hides its core coding in the system directory, disguising itself as a built-in app of the phone and prevents third parties from taking over root privilege in order to hide and evade detection.

Cheetah Mobile reported that the highest percent of infection was in Malaysia (14%), followed by Vietnam (13%) and Colombia (10%).

Android users can stay immune by upgrading to version 6.0. But most android smartphone manufacturers apart from Google do not get updates pushed out to users in a reasonable amount of time as the manufacturers, carrieers and Google have to work together to push out updates to users.

Hutchinson Community Foundation hit by Data Breach & Ransomware

The Hutchinson Community Foundation in Kansas was hit with a data breach and ransomware attack.

How many victims? Nearly 5,500

What type of information? Personal and financial information.

What happened? On September 19, officials at the foundation found ransomware on the foundation’s network server after clicking on a file and finding its contents encrypted. Upon further investigation they found that intruders had done more than infect their files with ransomware and had actually made it into the foundation’s systems.

What was the response? The foundation didn’t pay the ransom and was able to restore all of their data from backup files however; officials said the data breach could have allowed attackers to access the databases and files on its servers and declared the incident a breach. Not all of the donor records contained sensitive information, but those who had their financial information and other sensitive data stored on the compromised serves are being notified of the incident and will be offered up to a year of free identity monitoring services. Continue reading

Bluetooth enabled POS Skimmers now in use

anonymous-hacker-hacktivistSecurity researcher, Brian Krebs has described the operations of a specific skimmer that is bluetooth enabled. The skimmer fits neatly over the top of an Ingenico ISC250 point of sale terminal. The skimmer has its own battery and can grab data and send it to a mobile device within the bluetooth coverage area.

This makes it possible for cybercriminals to leave the mobile device running nearby and return for it later or store up the stolen information in the skimmer and download them later, SC Magazine reports.

Twitter & Facebook revokes Geofeedia’s access.

Image result for social mediaA recent post by the American Civil Liberties Union (ACLU) has drawn the attention of the public to a social media aggregation platform being used by law enforcement agencies to monitor protesters and activists. The platform ‘Geofeedia’ serves a wide variety of public private and public sector clients with over 500 law enforcement and public safety agencies across the US. Geofeedia offers real time monitoring of posts, photos, and live broadcast on Facebook, Twitter, Instagram, Vine and other social media sites, and sort them by location.

Although this platform is essential and profitable for law enforcement and public safety especially in times of crisis, there are worries as expressed by civil liberties advocates that such services could be misused to disrupt legal protests and possibly create a documentation on protesters.

In response to this revelations and request from ACLU, Facebook terminated Geofeedia’s access to Facebook’s Topic Feed API and the Instragrams API on September 19 and Twitter also suspended Geofeedia’s commercial access to Twitter data but Geofeedia is not the only platform for such monitoring.

ACLU is therefore requesting social media companies to do these:

  • Not provide data access to developers who have law enforcement clients and allow their product to be used for surveillance,
  • Adopt clear, public, and transparent policies to prohibit developers from exploiting user data for surveillance purposes, and
  • Institute human and technical auditing mechanisms to identify potential violations of this policy and take swift action when they do.

CryPy ransomware found by Avast analyst.

cryptoransomware-encryption-300x205Jakub Kroustek, Avast analyst disclosed a new ransomware variant written in Python. The ransonware named CryPy encrypts every file with a unique key. Kapersky researchers have also found that CryPy uses a vulnerable web server based in Isarel as its command and control center.

But security professionals are of the view that encrypting each file is a disadvantage to the malware’s performance and also noting that the C&C method used is very simple. The malware’s operation could be terminated by blocking the source IP address.

Despite it’s flaws, the sophisticated encryption used is difficult to decrypt and potentially will defeat common anti-ransomware softwares.

​New Zealand online dating site data leaked

Personal information including usernames, passwords, e-mail address, gender, date of birth, country of residence and photos, as well as sexual preferences of over 1.5 million online dating users were found in an unsecured MongoDB database by MacKeeper researchers accessible on the internet. The data was found to belong to a New Zealand based company that runs haveafling.mobi, haveafling.co.nz, haveanaffair.co.nz, haveanaffair.mobi, hookupdating.mobi and the mobile application “Hook Up Dating.

In response to MacKeeper’s notification to the company, they claimed that the database is mostly dummy data used to test migrating data from SQL to MongoDB. The researchers are not okay with this claim considering the massive number of accounts.

Also, a one by one analysis of a random selection of more than 300 records shared with ZDNet proves otherwise.

The company is taking the leak lightly claiming that only the researchers had accessed the data. They did not invalidate the affected passwords and only notified users to change their password because they were upgrading their system for security reasons.