Week 42 Cyberattack Digest 2018 – Anthem, Tumblr, Argenta and others

It is Monday, which means that we have a new portion of cyber news for you, and here is our week 41 cyber attack digest.

Another hungry hacker

by Bleeping Computer – 16 October 2018

Hungry students are in hacking game once again. An attacker found a way to get free credit for the vending machines on a university campus. The hacker looked at the inner workings of the machine’s accompanying mobile app. The vending machines from Argenta are a popular provider of coffee services in Italy, currently acquired by the Selecta Group B.V. and are used all over the country for automated sales of all sorts of products. Machines support Bluetooth Low Energy (BLE) and Near Field Communication (NFC) technologies to allow user to make payments with a smartphone. The fraudulent actions were disclosed by Matteo Pisani, an Italian hacker and CTO at Remoria VR, while he was searching for a weak spot. The expert decompiled the Argenta mobile app interacting with the vending machines and monitored its activity for anything that could be manipulated. Soon, he found references to RushOrm, a tool for Android that mapped Java classes to SQL tables. This means that it worked with databases, which always hold precious information. The mobile application used a database ‘argenta.db,’ which the expert located and extracted on his laptop. Still, its opening was protected by a password. The found databases contained multiple tables, including the one called ‘UserWallets,’ which came with an editable ‘walletCredit’ field. This entry could tell the app how much credit the user could spend at the vending machines; also, there was an Android tool that automated the interaction with the database and ran wallet-related changes. Pisani commented that there was no need for initial credit to change its value. Also, he posted a picture with an inflated credit of EUR 999.

Anthem will pay $16 million

by SC Media – 17 October 2018

Anthem is to pay a record $16 million. The company was forced to do that in order to settle potential privacy violations coming from a major data leakage. The attack took place back in 2015 when records of over 80 million current and former patients were compromised. It was reported that the fee is three times larger than the previous amount paid to the governments. The company agreed to pursue a corrective action plan under government monitoring: the company will assess its electronic security risks and take appropriate security measures. As a result of a breach, sensitive personal information was exposed, the stolen records included names, dates of birth, member IDs and Social Security numbers, addresses, phone numbers, email addresses and employment information, e.g. income data. “Anthem takes the security of its data and the personal information of consumers very seriously,” the company’s representatives commented. “We have cooperated with (the government) throughout their review and have now reached a mutually acceptable resolution.”

New version of Kraken Cryptor Ransomware

by Bleeping Computer – 21 October 2018

While BleepingComputer covers ransomware, several fraudsters try to interact with the site in various ways.
Over the past weekend, the Kraken Cryptor Ransomware released version 2.0.6, and now it connects to BleepingComputer going through different stages of the encryption process. Their aims are still unclear, but this provides BleepingComputer with insight into the real amount of victims affected by the ransomware. Kit experts nao_sec and Kafeine first spotted the new version, which was distributed via malvertising and the RIG exploit kit. It was determined that since October 20th, 2018, the ransomware has infected 217 unique victims from all over the world. Kraken Cryptor is written in C# that allows to see how the program operates. The ransomware developers themselves can use site to check the amount of the ransomware victims.

Tumblr’s Recommended Blogs bug

by The Verge – 17 October 2018

A bug in Tumblr’s “Recommended Blogs” feature has been fixed recently. The bug was able to disclose private and personal information on the users ob the recommended blogs. The Recommended Blogs is aimed to display a list of blogs that may attract the logged in user. A security researcher learned about the bug through Tumblr’s bug bounty, which was fixed by Tumblr’s engineering team within next 12 hours.
With the help of debugging tools, a user was able to see private account information including IP addresses, email addresses, and hashed passwords. Tumblr claimed that there was no evidence that the bug had been exploited. “We’re not able to determine which specific accounts could have been affected by this bug, but our analysis has shown that the bug was rarely present,” commented Tumblr.

Ironically, a number of recent incidents has happened due to human error, but not hackers, which means that attention during the work process is essential for your security. Still, do not forget about other security measures and follow us on Twitter, Facebook, and LinkedIn.

The post Week 42 Cyberattack Digest 2018 – Anthem, Tumblr, Argenta and others appeared first on ERPScan.