Almost 9 million victims in a data breach, a database of crooks is published, and more
Welcome to Cyber Security Today. It’s Wednesday, May 31st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Just under 9 million American residents are being notified by a dental benefits administrator that their personal data was stolen. Managed Care of North America says a hacker got into its systems between February 26th and March 7th and copied data of current and former people with dental coverage. Information stolen included peoples’ names, dates of birth, address, Social Security number, driver’s licence or government ID numbers, email addresses and information on their dental care. People would have been covered under a private plan or Medicaid or Medicare.
On a March 31st podcast I told you that a collections agency is notifying almost a half million American residents of a data breach involving a firm called NCB Management Services. It does account receivables for a number of financial institutions. Last week one of the biggest credit card issuers in the U.S., Capital One, began notifying almost 17,000 people of its current and former cardholders they were victims of that data breach. Copied were customers’ names, addresses, Social Security numbers and account numbers.
A trove of data on hundreds of thousands of hackers and crooks may have fallen into the hands of security researchers. According to the Bleeping Computer news service, a database of over 478,000 members of the RaidForums messaging and marketplace site for crooks has been published on a forum called Exposed. Police likely got a list of members a year ago when the RaidForums infrastructure was seized. The RaidForums members list has email addresses of users, and their usernames — which would be phony. But for security researchers looking for links between threat actors and their activities, that could be very useful.
Attention security administrators: If you rely for login authentication on using a CAPTCHA — a step requiring users to choose, for example, which of nine photos has a car — hackers are finding new ways of getting around it. CAPTCHAs are used to confirm a human and not a bot is trying to log in. It’s one way of catching brute-force attacks. But researchers at Trend Micro say CAPTCHA-breaking services are now available to threat actors. So its time to think about supplementing CAPTCHAs and IP blocking with other measures.
On Monday’s podcast I told you about a new exploit of Zyxel firewalls added to the Mirai botnet. That’s not the only one, say researchers at Palo Alto Networks. Also recently added are exploits to take advantage of vulnerabilities in the Tenda G103 Gigabit optical network terminal, several LB-Link routers, and the Netlog system of certain products from DCN. Compromised devices can be fully controlled by attackers and become part of the botnet. From there they can be used for things like DDoS attacks. Security patches for these devices must be installed as fast as possible.
A new controversy has emerged over where China-based TikTok stores data on American users. Sources told Forbes.com that personal financial information on TikTok creators is stored in China, where the company’s parent can manage payments to those who earn money through the app. Those creators are residents of many countries including the U.S. However, in testimony before Congress earlier this year TikTok’s CEO said American data is stored in either Virginia or Singapore. TikTok is in the process of ensuring data of American users is only held in the U.S. Forbes quotes TikTok as standing behind the CEO’s testimony. The seeming conflict with this new allegation needs to be cleared up.
Attention developers using the Expo framework for implementing OAuth and other functions: You need to either install a hotfix or depreciate the service to meet the risk of a new vulnerability. The hole was found by researchers at Salt Security, who say it can leak credentials. This is particularly critical for commercial web sites that use OAuth for customer login and purchasing. The vulnerability can lead to a full customer account takeover. And in some cases it could allow an attacker to use stolen Facebook, Google, Twitter or other social media credentials to log into an account through OAuth. OAuth is an open authorization standard that lets people use credentials from one service to log into another.
Finally, sometimes filing a lawsuit works in fighting cybercrime. According to a story last week by cybersecurity reporter Brian Krebs, the filing of a lawsuit by Facebook parent Meta against a domain registrar called Freenom got quick action. A huge number of new phishing domains had been approved by Freenom, which often waives registration fees. Crooks use these free domains to set up look-alike websites and email addresses for launching email attacks. But after Meta filed a lawsuit last December against Freenom the number of new phishing domains okayed by the company plunged. Unfortunately there are other domain registrars willing to turn a blind eye to those who want a copy-cat domain name.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.