CatPhishing: Hamas targets the hearts of Israeli forces

Hamas is targeting the hearts of Israeli soldiers using social engineering attacks that are triggered with a simple friend request.

Israel Defense Forces reported the group is scrolling through Facebook for Israeli soldiers to “catfish” using fake accounts created from photos and identities stolen from attractive unsuspecting users, according to a blog post.

Hamas operatives will then add the Israeli soldiers on social media and chat with them before sending a few pictures, in an effort to disarm suspicious and prove they are real before inviting them to a video chat using an app sent to the soldier from the operative.

The app is actually a trojan capable of gleaning contacts, locations, apps, pictures, and any files as well as access the camera and microphone.

Soldiers are advised to not accept friend requests from strangers, keep GPS features off when not in use, and to not side load apps to their device.

SOURCE: Robert Abel | SC Magazine


Airplane boarding display leaks passenger data

Symantec researcher Candid Wueest spotted Airport boarding gate displays putting passengers at risk by leaking booking codes.

Wueest followed an IP address from a boarding gate display to access a landing page listing debug information listing databases containing information about the next flights which could be used to hack into passenger accounts, according to a Jan. 10 blog post.

An attacker would only need to guess a passenger’s last name and their booking reference codes, also known as passenger name record (PNR) locators, to access details about the flight and other passengers on the same booking including full names, email addresses, telephone numbers, frequent flyer numbers, postal addresses and, for intercontinental flights, passport details and dates of birth.

Wueest said the information was available to anyone that knew about the publicly accessible server. The airline has since patched the flaw.

SOURCE: Robert Abel | SCMagazine

Nevada Marijuana Facility’s Web Portal Breached

data-breaches-notificationThe web portal of a Medical Marijuana facility in Nevada was breached compromising employee information.

What type of information? Social security numbers and dates of birth of individuals with medical marijuana agent cards, such as employees and owners of medical marijuana establishments

What happened?  A flaw in the state’s website portal made the data accessible on the site.

What was the response?  The entire portal has been taken down by the state’s Division of Public Behavioural Health (DPBH) and the DPBH IT staff are working with State IT staff to investigate the breach. Those affected are being contacted and advised on appropriate further action.


Michigan State University database breached


Students and staff records in a Michigan State University database has been accessed by unauthorized third party

How many victims? 400,000 records of 449 students and staff.

What type of information? Names, social security numbers, MSU identification numbers, and in some cases, date of birth of faculty, staff and students who were employed by MSU between 1970 and Nov. 13, 2016, and students who attended MSU between 1991 and 2016.

What happened?  Michigan State University announced last Friday that a server and a database containing the breached information was accessed by an unauthorized third party on November 13. The database was taken offline in less than 24 hours but the attacker accessed records of 449 individuals.

What was the response?  MSU’s IT team immediately determined the cause and nature of the breach and the MSU Police Department is working with federal law enforcement to investigate the crime. The university already notified affected parties and has offered them two years of identity theft protection, fraud recovery credit card monitoring for free. They also ensured that the database did not contain passwords, financial, acadmeic, contact, gift or health information, according to SC Magazine.

Gatak Trojan delivered through fake Software offering

Five year old Gatak Trojan (Trojan.Gatak) is been distributed through an offer of obtaining pirated software to lure its victims. The malware is spread through online adverts offering pirated software keys that could allow use of premium software at a discount if legit.

Once the ad is clicked, a fake key gen page launches and Gatak is simultaneously delivered to the victim.  Much is known about the Gatak trojan but how the developers profit from the malware is still unclear. One theory is that the malware is used to exfiltrate data which is then sold on the dark web,

Some of the premium software which users are targeted to get keys for are

  • SketchList3D (woodworking design software)
  • Native Instruments Drumlab (sound engineering software)
  • BobCAD-CAM (metalworking/manufacturing software)
  • BarTender Enterprise Automation (label and barcode creation software)
  • HDClone (hard disk cloning utility)
  • Siemans SIMATIC STEP 7 (industrial automation software)

339 Million AdultFriendFinder users compromised

Friend Finder Networks, the company that operates and which was affected by a breach of 3.5 million users information in May, 2015 has been breached again.

How many victims? This time 339 million users including 15 million users whose accounts were deleted but their data were still held by the company.

What type of information? Usernames, email address, date of the last visit, password, last IP address used, browser information, and VIP membership status

What happened? speculates that the breach was carried out through the use of an exploit for a Local File inclusion vulnerability which was publicly revealed last month. Passwords were found in unencrypted format or SHA 1 hashed which are both insecure. 99% of the hashed passwords have already been cracked. The team has decided not to make this particular data set searchable by the general public for now.

What was the response?  Friend Finder Networks has not confirmed the breach but they said the Local File inclusion vulnerability which was allegedly exploited has been fixed.

Quote: “It goes without saying that systems, software and processes should be regularly reviewed as previously accepted risk levels may no longer suffice.” – David Kennerley, director of threat research at Webroot, to SC Media.

Australian Red Cross hit by biggest data breach in the country

1.3 million personal and medical records leaked in Australia’s biggest data breach

Australian Red Cross Logo

How many victims? 1.28 million records

What type of information? Personal and medical information such name, gender, physical and email address, phone number, date of birth, blood type and country of birth. It also contains sensitive data such as whether someone has engaged in high-risk sexual behaviour.

What happened?  An anonymous source found 1.74GB file containing 1.28 million donor records going back to 2010 on a publicly accessible website and notified Troy Hunt. The discovery was made via a scan of IP address built to search for publicly exposed web servers that returned directory listings containing .sql files.

What was the response?  The Australian Red Cross has said that it had made contact with the Australian Cyber Security Centre and the Australian Federal Police and notified the Office of the Australian Information Commissioner of the data breach. “We are deeply disappointed this could happen. We take full responsibility for this mistake and apologise unreservedly,” said Jim Birch, chair and Shelly Park, chief executive of the Blood Service. “We would like to assure you we are doing everything in our power to not only right this but to prevent it from happening again.”

Quote: “With sensitive data often passing between multiple companies during partnerships and sales, it’s essential that organisations have a data-centric security strategy in place to ensure that data is secure wherever it goes,” Steve Murphy Senior CP EMEA, Informatica told