HomePodcastCyber Security HeadlinesCyber Security Headlines – March 25, 2021

Cyber Security Headlines – March 25, 2021

Voting information on millions of Israeli’s leaked ahead of election

The data leaked on March 23rd, two days ahead of the general parliamentary election, exposing voter registration details of 6.5 million Israelis and the personal details of 3.1 million of Israel’s estimated 9.3 million total population. This personal information includes full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences. A threat actor calling itself “The Israeli Autumn” took credit for the leak. The source appears to be the website Elector, the web front end for an app used by the country’s Likud political party. In February 2020, a web developer discovered the site exposed an API endpoint that allowed him to gain access to the site’s admin logins and passwords. 

(The Record)

Facebook disrupts Chinese group targeting Uyghur community

The company announced it took actions to disrupt the group known to security researchers as “Evil Eye” or “Poison Carp” targeting members of the Uyghur ethnic minority in the US, Turkey, Syria, Australia and Canada. Facebook first spotted the group in 2020, which used fake accounts to get targeted individuals to visit malicious websites or download Android apps that would install the trojan malware, ActionSpy and PluginPhantom. Although the group appears to operate out of China, Facebook did not link the campaign to efforts by the Chinese government. 


Privacy and security issues with Slack’s Connect DM rollout

Slack rolled out Connect DMs, letting any Slack user direct message another even if outside an organization. To send messages, users must send email invitations, once accepted the DMs appear in the Slack sidebar, though organizations retain control of their own messages in these conversations. Many users pointed out that Slack’s implementation suffered from a major privacy and security flaw, with users able to customize invitation emails with any text they like, which would be sent from a Slack originating email address, easily getting around existing blocked contacts. Slack said it is now disabling letting users customize invite emails.  

(The Verge)

Google not testing FLoC in Europe

At a meeting of the Improving Web Advertising Business Group, Google engineer Michael Kleber said the company currently isn’t testing its third-party cookie replacement Federated Learning of Cohorts, or FLoC, in the EU over concerns it violates GDPR and the ePrivacy Directive. The issue is that publishers will not be providing users with clear notice and choice about how their data will be used to create cohorts. Google says it is still “100% committed to the Privacy Sandbox in Europe.”

(Ad Exchanger)

Thanks to our episode sponsor, Trend Micro

Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.

Fast and Furious: Exchange Server Hack Edition

Microsoft released critical updates to fix four vulnerabilities in Microsoft Exchange Servers on March 2nd. Despite Microsoft urging immediate attention to the zero-day vulnerabilities, F-Secure reports that only about half the visible exchange servers on the internet have been patched and criminals are attacking tens of thousands of them a day. The UK’s National Cyber Security Centre recommends those who cannot patch right away should block untrusted connections to port 442 and require access through VPN. Microsoft has an automatic mitigation tool for unpatched servers available in Defender Antivirus.


Purple Fox botnet growing rapidly

Security researchers at Guardicore discovered a new infection vector for the Purple Fox malware, which was first spotted in 2018 and initially spread through phishing emails. The researchers found Purple Fox is now targeting internet-facing Windows computers using SMB to look for machines with weak passwords. Once access is gained, the malware downloads a rootkit from a network of 2000 infected Windows servers, closes the firewall ports it used to gain initial access, and scans the internet looking for further devices to infect. Guardicore estimates Purple Fox infections have increased 600% since May 2020. 


Firefox 87 adds Smart Block

Mozilla’s latest browser release now includes the Smart Block feature, which uses “stand-in” scripts for embedded third-party trackers so that pages still load in an intended page-rendering sequence without sending data. The browser also includes improved referrer trimming, which removes query data usually sent back to site operators when requesting content.

(Ars Technica)

Broker leaks billions of customer records

The online foreign exchange trading broker FBS leaked over 20TB of customer data with a misconfigured cloud database, which was left online without encryption or a password. Data leaked included full names, email and billing addresses, phone numbers, IP addresses, passport numbers, social media IDs, driver’s licenses, bank account statements, credit cards, user IDs, and unencrypted passwords. Researchers at WizCase discovered the database on October 1, 2020 and alerted FBS, who secured the server on October 5th. It’s unclear how long it was online unsecured.  

(Info-Security Magazine)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.

Most Popular