Articles for July 2018

LifeLock Bug Exposed Millions of Customer Email Addresses — Krebs on Security

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security.

Source: LifeLock Bug Exposed Millions of Customer Email Addresses — Krebs on Security

 

Apple Transfers Chinese Users’ iCloud Data to State-Controlled Data Centers

There’s terrible news for Apple users in China.

Apple’s Chinese data center partner has transferred iCloud data, belonging to 130 million China-based users, to a cloud storage service managed by a state-owned mobile telecom provider—raising concerns about privacy.

Back in February this year, Apple moved the encryption keys and data of its Chinese iCloud users from its US servers to local servers on Chinese soil to comply with the new regulation of the Chinese government, despite concerns from human rights activists.

Source: Apple Transfers Chinese Users’ iCloud Data to State-Controlled Data Centers

 

21-Year-Old Creator of LuminosityLink Hacking Tool Pleads Guilty

The punishment (possible) doesn’t fit the crime… IMHO.

As it was speculated that the author of LuminosityLink RAT was arrested last year, a plea agreement made available to the public today confirmed the news.

Back in September last year, Europol’s European Cybercrime Centre (EC3) and National Crime Agency began the crackdown on the LuminosityLink RAT, targeting sellers and users of the malware, which resulted in the seizure of a considerable number of computers and internet accounts across the world, and complete takedown of the threat.

Source: 21-Year-Old Creator of LuminosityLink Hacking Tool Pleads Guilty

 

Hackers Used Malicious MDM Solution to Spy On ‘Highly Targeted’ iPhone Users

Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.

The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely.

Source: Hackers Used Malicious MDM Solution to Spy On ‘Highly Targeted’ iPhone Users

 

Linux experts are crap at passwords!

Last week’s megastory was the Gentoo breach that saw an entire online Linux code repository hacked – now we know how it happened…

Someone broke into the Linux distro’s GitHub repository, took it over completely by kicking out all the Gentoo developers, infected the source code by implanting malcious commands (rm ‑rf) all over the place, added a racist slur, and generally brought a week of woe to the world of Gentoo.

Source: Linux experts are crap at passwords!