Every Friday The Weekly SecuriTEA Report brings you the latest week’s trending Information Security News. Here's what is new for this week:
Smart Devices Leaking Your Info To Facebook and Google. Two reports have come out that analyzed and found out that smart TV's and viewing devices have been collecting and passing on information about user's viewing habits and preferences to partner companies of Facebook and Google. Northeastern University and Imperial College London as well as Princeton University and the University of Chicago were the institutions that analyzed how the information exposed from 81 devices, including Samsung, LG, and Roku, were not reporting to the device manufacturer itself but to these partner companies. Tracked channels, which are predominately managed by Google and Facebook, collect information not only about viewing habits but can also feature information that can uniquely identify the device and where it's being used - information like location, serial numbers, IDs, Wi-Fi network names and MAC addresses. A third report, by a Washing Post reporter, discovered that spying was occurring from pixels and screenshots that take pictures every second and reports back to the manufacturer everything that crosses the screen. These reports highlight the growing privacy issues by technology and media giants to keep tabs on consumers.
IRS Email Phishing Scam On The Rise. A new botnet, dubbed Amadey, is being delivered via email phishing campaigns to users purporting to be the IRS offering fake refunds. A botnet is defined as a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. In a write-up by Milo Salvia, security researcher at Cofense, it is laid out that the attack starts with the delivered email in which the recipient is given a one-time username and password for a fake IRS login portal page. This fake portal tells the victim that they have a pending refund and is asked to download a document to print and sign. Clicking this document to download drops a zip file that executes itself upon decryption and installs other files to complete its mission. This payload process installs itself to maintain persistence on the victims machine. Researchers have seen this malicous payload perform tasks such as updating & deleting itself, stealing login and password information, logging keystrokes, and ransomware attacks.
Snowden VS the US Once Again. Edward Snowden is most famous for leaking thousands of classified documents regarding top-secret surveillance programs to journalists that shed light on U.S. spying efforts back in 2013. He is a former employee of the CIA and was a contractor for the NSA. The leak angered Congress and Snowden fled the country to avoid prosecution. Now the US is angry again as Snowden recently released a new memoir and is being sued to violating the non-disclosure agreements signed with both the CIA and NSA. The government is attempted to seize any proceeds from the memoir from the book publishers, as well claiming a violation stemming from Snowden's public speeches on intelligence-related matters since a pre-publication review did not occur. Snowden's attorney, Ben Wizner, has argued that the book contains no government secrets that have not been previously published by respected news organizations and if Snowden "believed the government would review his book in good faith, he would have submitted it for review".
Beware of Where You Book Your Next Vacation. These days everyone uses their mobile devices to book their next vacation. It's easy to do a couple of clicks on sites such as Booking.com or Hotel.com and voila, you have a round trip ticket to Italy. Unfortunately, researchers have discovered that a series of incidents took place earlier this month where two well-known hotel chains were hit by the credit card skimming malware known as Magecart. Magecart is a group of malicious hackers who target online shopping cart systems to steal customer payment information. Attackers, in this case, were able to exfiltrate data by replacing the original credit card form on the booking page of each website with a fake one, then stealing the data entered into the imposter form by the user. The attackers were able to take victim full names, email addresses, telephone number, credit card details. and room preferences allowing for identity and financial theft. This theft was so sophisticated and target that the attackers went through the trouble of preparing fake forms in eight different languages. It is important for users, such as yourself, to always verify and check the sites of websites asking for your personal and credit card information. Verify that there is an HTTPS in the URL browser and look for a lock key symbolizing that this information is secure when entering and transmitting (examples below).
WeWork Security Flaws Revealed. WeWork, the popular co-working space, was on schedule to have their IPO this week but is now facing some backlash. First, a profile by the Wall Street Journal over their CEO and now with a report by Gizmodo over the company's severe lack of network security for their customers. The outlet reported it was able to review wifi scans from hundreds of exposed devices that laid bare an “astronomical amount” of private data, including emails, financial records, and client databases as well as scans of people’s IDs, their bank account credentials, and other sensitive information. WeWork has a varying amount of customers in industries, such as legal and financial institutions, that handle an astronomical amount of sensitive data. Not having a secure network system, that is shared amongst the housed community - which can include good and bad actors alike - leaves customers unknowingly exposed. It has been stated that the company uses shared and simple passwords across their various locations, making it easy for an attacker to grab a day pass to simply cash in on a day's worth of personal information. While enticing to work at such fancied locations or even a Starbucks, it is important for users to be careful about when and where they are entering sensitive data over public wifi.
And that's a wrap for your Weekly SecuriTea Report. Be sure to check out the latest every week for the latest in Information Security News.