Posts

Rakuten exposes 1.48 million sets of data to access from outside


Japanese online shopping mall operator Rakuten Inc. said Friday that a computer security problem at the group exposed 1,486,291 sets of personal and corporate information to access from the outside.

Of the affected data, managed by Rakuten, credit card subsidiary Rakuten Card Co. and e-money business Rakuten Edy Inc., at least 614 sets were accessed from abroad.

The incident pccurred because the Rakuten group failed to notice or deal with a change in the security settings of an external sales management system the group uses.

The change, which occurred as part of a system update Jan. 15, 2016, left the data accessible from the outside. The group recognized the security hole Nov. 24 this year after being warned by an external expert.

The group completed a necessary setting change by Nov. 26. Since then, no access by a third party has been confirmed, Rakuten said.

At Rakuten Card, the exposed information included the names of corporate representatives and sole proprietors who applied for business loans, amounts of outstanding loans, use of borrowed funds and data from the drivers’ licenses of guarantors.

Among other affected information were data on companies and employees that requested documents to open stores at the Rakuten cybermall and the names and telephone numbers of individuals who asked for transfers of Edy e-money when their smartphones failed.

Rakuten apologized for causing concern and problems to customers and promised to compensate for any damage stemming from misuse of exposed personal information.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.

SUBSCRIBE NOW

Source…

Lookout Exposes New Spyware Used by Sextortionists to Blackmail iOS and Android Users


SAN FRANCISCO, Dec. 16, 2020 /PRNewswire/ — Lookout, Inc., the leader in mobile security, today announced the discovery of Goontact, a new spyware targeting iOS and Android users in multiple Asian countries. Uncovered by the Lookout Threat Intelligence team, Goontact targets users of illicit sites and steals personal information stored on their mobile devices. Evidence shows these sextortion scams are affecting Chinese-, Japanese- and Korean-speaking people. Goontact may also be operating in Thailand and Vietnam. Lookout discovered evidence the campaign may have been active since 2018 and is still active today. 

The goal of adversaries is likely extortion or blackmail, based on the information gathered and the quality of the sites that distribute these malicious apps. The bounty of information Goontact can exfiltrate includes device identifiers and phone numbers, contact information, SMS messages, photos on external storage and even location information. The culprits spearheading Goontact are still unknown but based on the Lookout research, it is highly probable that Goontact is the newest addition to a crime affiliate’s arsenal, rather than nation-state actors.

The private data individuals keep on mobile devices both makes it easier for cybercriminals to socially engineer successful attacks and, in the case of Goontact, run successful extortion campaigns. Acting on human impulse, this scam begins when potential targets are lured into initiating a conversation on websites offering escort services. In reality the targets communicate with Goontact operators who later convince them to install mobile applications meant to enhance the user experience. The mobile applications in question appear to have no real user functionality, except to steal the victim’s personal data, which is then used by the attacker ultimately to extort money from the target. 

“It’s no secret that mobile devices are a treasure trove for cybercriminals,” said Phil Hochmuth, Program Vice President of Enterprise Mobility at IDC. “As the use of mobile devices continues to increase, so does the maturity of iOS and Android cybercrime. Now more than ever, consumers must be proactive in avoiding compromise with…

Source…

Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox


adrozek-attack-chain.png

Image: Microsoft

Microsoft has raised the alarm today about a new malware strain that infects users’ devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages.

Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day.

But in a report today, the Microsoft 365 Defender Research Team believes the number of infected users is much, much higher. Microsoft researchers said that between May and September 2020, they observed “hundreds of thousands” of Adrozek detections all over the globe.

Based on internal telemetry, the highest concentration of victims appears to be located in Europe, followed by South and Southeast Asia.

adrozek-geographic-distribution.png

Image: Microsoft

How Adrozek spreads and works

Microsoft says that, currently, the malware is distributed via classic drive-by download schemes. Users are typically redirected from legitimate sites to shady domains where they are tricked into installing malicious software.

The boobytrapped software installs the Androzek malware, which then proceeds to obtain reboot persistence with the help of a registry key.

Once persistence is assured, the malware will look for locally installed browsers such as Microsoft EdgeGoogle ChromeMozilla Firefox, or the Yandex Browser.

If any of these browsers are found on infected hosts, the malware will attempt to force-install an extension by modifying the browser’s AppData folders.

To make sure the browser’s security features don’t kick in and detect unauthorized modifications, Adrozek also modifies some of the browsers’ DLL files to change browser settings and disable security features.

Modifications performed by Adrozek include:

  • Disabling browser updates
  • Disabling file integrity checks
  • Disabling the Safe Browsing feature
  • Registering and activating the extension they added in a previous step
  • Allowing their malicious…

Source…

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe – Threatpost



Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe  Threatpost

Source…