Technical glitch exposed Samsung mobile phone users’ personal data


A technical glitch resulted in some Samsung mobile phone users being able to see personal data on other users when they visited the company’s U.K. website.

The Korean mobile phone maker said that fewer than 150 people were affected by the breach.

“A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed,” a Samsung representative told The Register.

“We will be contacting those affected by the issue with further details,” the representative added.

The glitch exposed names, telephone numbers, mailing and email addresses of users, Samsung told Reuters.

However, the company stressed that data breach was not connected to a Find my Mobile push notification malfunction, which showed up as the message “1/1” even on phones that disabled the app.

Samsung Galaxy owners complained last week that they had received the Find my Mobile app notification that made no sense.

The company said the notification was a “server glitch” caused by “some test[s] on Samsung’s end to assure services are working.”

Ransomware attackers add data theft to data encryption arsenal


Ransomware attackers have added data theft to their destructive data encryption arsenal.

Not only are they bricking systems that they infect with ransomware, they are also stealing the data and blackmailing victims with the threat of data exposure.

Cybercriminals groups are now stealing data before they encrypt systems and threatening to publish the data unless the victim pays often higher ransom demands.

“Cybercriminals are trying to get a better return on investment in malware development,” observed Marcus Chung, CEO of cybersecurity advisory firm BoldCloud.

“They are stealing the data and then holding it hostage. So, they have a copy and they are encrypting the data on victim’s side. They are shaming this companies by saying, ‘OK, if you don’t want us to release the information and make your brand look really bad,” Chung told IT Security Writer.

Data breach costs could be high

Not only do victims face higher ransom demands, they also could face data breach costs, such as remediation expenses, regulatory fines, and reputation damage.

One type of ransomware that includes data theft is Maze. Attackers recently carried out an attack against Medical Diagnostics Laboratories, infecting 231 workstations at the company. They demanded a ransom of 100 Bitcoin ($964,600) for decrypting the data and 100 Bitcoin for destruction of the data, according to Bleeping Computer. Maze attackers released almost 10 GBs of data in effort to convince the company that they were serious about the ransom demand, with another 100 GBs of data held in reserve.

“These attackers know that these companies, particularly in Europe, have GDPR [General Data Protection Regulation] requirements. If there is a breach, there is no way to hide it. They will be exposed publicly and face fines and other punishments for violating GDPR,” Chung observed.

Maze attackers also went after Southwire, a U.S. wire cable manufacturer, demanding 200 Bitcoin ($1.7 million). The company refused to pay the ransom, and the attackers released some of the data.

Another ransomware strain that carries out similar attacks is REvil (Sodinokibi).

The Russian cybercrime group UNKN used the REvil ransomware to infect the CyrusOne data center in December. In a post, UNKN threatened to release the data if the company refused to pay.

“In case of refusal of payment, the data will either be sold to competitors or laid out in open sources. GDPR. Do not want to pay us, pay x10 times more to the government. No problems,” the group wrote.

There were no follow-up press reports about whether CyrusOne end up paying the ransom, although the company’s CEO, chairman, and director Gay Wojtaszek stepped down last week.

REvil infects more than 150,000 victims

In a recent study, Dutch telecom provider KPN found that REvil ransomware infections number more than 150,000 around the world, with some attacks encrypting more than 3,000 unique systems in one attack. The average ransomware demand by REvil attacks is $260,000, with total ransomware demands topping $38 million during the last few months.

“These attackers are both charging for data destruction and data recovery. They are not just saying, ‘You need to pay us for access to your files,’ but they are also saying, ‘You have to trust us that we will eliminate all copies of the data.’ They are putting these companies over a barrel,” Chung said.

“This new threat of ransomware is different from the past. Before, attackers didn’t care about having access to the data. Now they do. Now they have two aspects they can leverage against the victims … This is a fundamental change in how ransomware attackers are developing their code and attacking their victims,” he concluded.

High-risk vulnerabilities on the rise, warns Imperva report

security risk assessment

The number of high-risk vulnerabilities surged in January, according to Imperva’s new monthly Cyber Threat Index.

From December 2019 to January 2020, Imperva saw a 57 percent increase in high-risk vulnerabilities. These include security bugs that can be accessed remotely with no authentication required, have a public exploit available, or are trending on social media.

Imperva has seen an increase in remote code exploit and cross-site scripting web attacks. It has also seen a jump in exploitation of vulnerabilities in Oracle’s MySQL and SQLite database platforms.

For the index, Imperva analyzed 25 petabytes of network traffic, 30 billion web application attacks, and hundreds of applications and database vulnerabilities per month.

Web attacks from the public cloud jumped 16 percent from November to December 2019, but then declined in January 2020, related Edward Roberts, senior director of product marketing at Imperva.

“We are seeing an unusual decline in attacks from cloud platforms. Up until now, that has been rising because attackers are hiding in the cloud … That trend is one to watch,” Roberts told IT Security Writer.

The index also detected spam campaigns that exploit the international concern over the coronavirus in China. The campaigns are designed to trick victims into entering sites that “track” the spread of the coronavirus while pitching bogus pharmaceuticals.

Citrix’s ADC bug failed to attract many attackers

At the same time, Imperva found that the high-profile vulnerability in Citrix’s Application Delivery Controller (ADC) did not attract as much attention from hackers as it did from the press.

In December, Citrix admitted to a critical vulnerability in its ADC, Citrix Gateway, and Citrix SD-WAN that could enable unauthenticated attacker to executive arbitrary code on the devices and possibly gain access to corporate networks.

However, the ADC vulnerability only accounted for 200,000 attacks last month, compared with 2 billion attacks for the top attack target, according to Imperva’s data.

Roberts related that Russia saw the highest proportion of SQL injection attacks due to a three-day attack campaign last month.

Imperva found that many attacks against U.S.-based sites originated from China and Germany. Roberts explained that the origin of the attack is not always where the attacker is based, so the fact that Germany is the source of attacks on U.S. sites doesn’t necessarily mean the attackers are in that country.

Commenting on the report, Nadav Avital, head of security research at Imperva, observed that the “global threat landscape is evolving so rapidly that organizations need to have a constant pulse on it to stay one step ahead of attackers.”

GAO rebuke prompts CISA to publish overdue U.S. election security plan

election security

Apparently chastened by a critical Government Accountability Office rebuke, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released its overdue strategic plan for U.S. election security.

Last week, the GAO criticized CISA for not completing its strategic and operational plans to help state and local officials safeguard the 2020 elections.

CISA had also not documented how it will address prior election security challenges, GAO said in its report published Thursday.

This seemed to put a fire under CISA because the next day it published its #Protect2020 Strategic Plan.

The agency stressed it is building outreach programs to more than 8,000 U.S. election jurisdictions. However, the Iowa Democratic Party said that it had received no help from CISA regarding its mobile app, which failed miserably during the caucus last week.

Troy Price, the Iowa Democratic chairman, said following the caucus fiasco on Monday night that he was not aware of any offer by DHS to help with testing the mobile app that caused the problems. Price’s comments came after Acting Homeland Security Secretary Chad Wolf said that his department had made an offer to vet the mobile app but it was declined by the party.

Perhaps having a strategic plan will improve communication between the DHS and local election officials. That is CISA’s hope, anyway.

“State and local election officials are on the front lines, and the role of the Federal Government is to make sure that they are prepared,” said CISA Director Christopher Krebs in the plan’s introduction.

CISA lays out four ‘lines of effort’

CISA said that its strategic plan falls along four “lines of effort”: election infrastructure, campaigns and political infrastructure, American electorate, and warning and response.

The agency’s objectives in terms of election infrastructure and campaigns and political infrastructure are to build stakeholder capacity, provide assessments and services, and facilitate information sharing. For the American electorate line of effort, its objectives are to understand and evaluate the threat, build public awareness and educate the public on best practices, and facilitate information sharing.

In terms of warning and response, CISA’s objectives are to partner with the private sector, cooperate across the federal interagency process, monitor threat activity, and facility rapid information sharing with election infrastructure stakeholders. “Ultimately, the security of America’s elections rests with the state and local officials who administer them, the private sector vendors who create the technology that makes them possible, the candidates and campaigns who participate in them, and ultimately the electorate who show up to the polls on election day,” the report concluded.

Multinational law enforcement effort takes down hundreds of money mule operations

A multinational law enforcement effort has taken down hundreds of money mule operations in the United States and Europe.

Cybercriminals use money mules to launder money stolen from fraud victims, who are often the elderly. The money mules may be unaware of the criminal activity associated with the money transfers.

In the U.S., the Department of Justice shut down the operation of 600 domestic money mules. The agency also tripled the number of criminal prosecutions against money mule operations this year compared to last year.

The U.S. effort included the FBI, U.S. Postal Inspection Service, Consumer Protection Branch, Secret Service, IRS Criminal Investigation, Department of Treasury Inspector General for Tax Administration, and Social Security Administration’s Office of Inspector General. In addition, the Office of the Attorneys General for the states of Indiana and Wyoming participated.

“Money mules – wittingly and unwittingly – supply the lifeblood of transnational elder fraud schemes. This landmark initiative has significantly impaired certain ways criminals steal from its elderly victims. The Department of Justice and its federal, state, and international partners are committed to shutting down these despicable enterprises that exploit the most vulnerable in our society,” said Attorney General William P. Barr.

“The Money Mule initiative highlights the importance of partnership to stop fraud schemes, and it sends a message to all who are engaged in money mule activity that they will be caught and prosecuted,” added FBI Director Christopher Wray.

European law enforcement arrests 228 money mule recruiters

In Europe, 31 countries supported by Europol, Eurojust, and the European Banking Federation (EBF) identified 3,833 money mules and arrested 228 money mule recruiters.

As part of the fifth European Money Mule Action, more than 650 banks, 17 bank associations, and other financial institutions reported 7,520 money mule transactions, preventing losses of €12.9 million.

Criminals are increasingly recruiting money mules from online dating sites, tricking them to open bank accounts under the guise of sending or receiving funds. Criminals are also using social media to recruit new accomplices through get-rich-quick online ads, Europol warned.

HHS Releases V3.1 of Its Security Risk Assessment Tool for Healthcare

security risk assessment

The Department of Health and Human Services (HHS) has released version 3.1 of its security risk assessment tool designed to aid small and medium-sized healthcare organizations in conducting a security risk assessment and mitigating the impact of malware, ransomware, and other cyberattacks.

The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to conduct a security risk assessment to ensure that protected health information (PHI) is secured.

The HHS tool is designed to guide users through the process using a self-paced modular workflow that includes questions based on the HIPAA Security Rule. Using the modular workflow, users can evaluate potential threats and vulnerabilities so they can determine the likelihood and potential impact of threats to their organizations.

Version 3.1 includes the following new features:  threat and vulnerability validation; improved asset and vendor management (multi-select and delete functions added); incorporation of NIST Cybersecurity Framework references; capability to export the tool’s detailed reports to Excel; addition of question flagging and a flagged report; and bug fixes and improved stability.

The tool can assist organizations in determining which devices store or capture PHI and uncovering potential flaws in their security policies, process, and systems.

Security Risk Assessment Flags System Vulnerabilities

“In the healthcare sector, security is the way your organization implements administrative, technical, and physical safeguards to provide for the confidentiality, integrity, and availability of health information,” explained a blog post by HHS’s Office of the National Coordinator for Health Information Technology.

“Conducting a security risk assessment is one way to identify and assess risks to ePHI [electronic PHI] within your organization, check if your organization has appropriate safeguards in place, and reveal any areas where ePHI may be at risk. You can then take action to mitigate any risks that are found,” the blog post noted.

“Assessing risk is an important step in your security management process and helps your organization recognize where safeguards are needed to protect ePHI, including guarding against ransomware and other types of cyberattacks,” it concluded.

Cybersecurity Pros Worry About Insider Threats Targeting Cloud Storage

insider threats

Thirty-nine percent of cybersecurity professionals identified cloud storage and file sharing apps as the most vulnerable to insider threats, according to a survey of more than 300 professionals by Cybersecurity Insiders and Securonix.

More than half of respondents said that detecting insider attacks has become harder since migrating to the cloud. Despite this, only 40 percent of respondents said their organization monitor user behavior across their cloud footprint.

Fifty-nine percent said privileged IT users or administrators pose the biggest insider threat to their organization, followed by contractors, service providers, and/or temporary workers at 52 percent.

“Six years ago the Snowden incident sent a wake-up call to enterprises and government agencies across the globe that risky insiders are a threat hidden in plain sight, but the cloud has exponentially increased the insider threat attack surface,” said Shareth Ben, Insider Threat SME at Securonix.

“The benefits of moving to the cloud are obvious, but along with that comes an increased need for security. It’s not enough to guard the network perimeter because the perimeter has become more porous. Organizations need to take a close look inside, decide what’s most important to them, and put in place an insider threat program that incorporates, people, process, and technology,” Ben added.

One In Five Have Had More Than 5 Insider Attacks in Past Year

Surprisingly, one in five organizations have experienced more than five insider attacks in the past 12 months. Seventy percent of organizations said insider attacks have become more frequent in the past 12 months.

Two-thirds of respondents said they feel moderately to extremely vulnerable to insider attacks.

Fifty-six percent of organizations say their monitoring, detecting and responding to insider threats is only somewhat effective or worse. The top reasons for insider threat were fraud, monetary gain, and IP theft, followed by corporate sabotage, and espionage.

The Securonix report describes the types of insider threats, motivations for insider attacks, which data is the most vulnerable, and which insiders pose the biggest security risk to an organization.

More Than 7M Adobe Creative Cloud Customer Accounts Exposed

A vulnerability exposed close to 7.5 million Adobe Creative Cloud customer accounts, reported the Comparitech website on Oct. 25.

The data exposed included email addresses, account information, member IDs, Adobe products used, and payment status.

Adobe Creative Cloud is a subscription service that gives users access to more than 30 desktop and mobile apps and services for photography, design, video, and web, such as Photoshop and InDesign.

To uncover the exposed database, which could be accessed with no authentication, Computech partnered with security researcher Bob Diachenko. He informed Adobe about the database vulnerability, and the company secured it right away.

The data exposed could be employed by hackers in phishing emails and other scams.

Adobe admitted to the vulnerability, but did not provide information on the number of users compromised. The company said that vulnerability was found in one of its prototype environments.

“The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services,” Adobe said in a security update.

Aging IT Infrastructure, Security Worries Fuel IT Budget Growth

IT budget

Aging IT infrastructure and security concerns are driving many businesses to increase their IT budget next year, according to a survey of more than 1,000 IT buyers by Spiceworks.

The survey found that 44 percent of businesses intend to increase their IT budgets in 2020, compared to 38 percent in 2019. Only 8 percent of businesses surveyed said that IT budgets would decline in 2020.

One-quarter of enterprises surveyed admitted that a recent security incident is driving them to increase their 2020 IT budget, compared to only 4 percent of small businesses

“Many businesses may have the ability to deploy more cutting-edge technologies as IT budgets grow and it becomes critical to replace outdated hardware, software, and services, such as Windows 7 and Windows Server 2008 R2, both of which reach end of service in January 2020,” said Peter Tsai, senior technology analyst at Spiceworks.

“And, as security breaches become more frequent, the findings indicate that many businesses are taking action to address security concerns and transform their technology environments,” Tsai added.

Advanced Technology To Get Portion of IT Budget Increase

A portion of the increased IT budgets will go toward advanced technology, such as artificial intelligence (AI). The survey found that adoption rates of AI technologies will nearly triple, while adoption of hyperconverged infrastructure, edge computing, and serverless computing technologies will double.

The biggest IT challenge next year is expected to be keeping infrastructure up to date. However, some challenges will be more pressing in 2020 than they were in 2019. Respondents expect to face bigger challenges when it comes to following the latest security best practices and managing a mix of on-premises infrastructure and cloud-based services.

The top IT challenges in 2020 will vary by business size. Compared to enterprises, small businesses are more likely to face issues following security best practices and maintaining disaster recovery policies. On the other hand, enterprises may have more difficulty implementing new technology innovations seamlessly into their environment.

Fujitsu, Nutanix to Run SAP HANA on Joint Hyper-converged Infrastructure

hyper-converged infrastructure

Fujitsu and Nutanix have achieved certification to run SAP HANA on a joint hyper-converged infrastructure solution.

Fujitsu is using the Nutanix-based hyper-converged infrastructure solution to promote integration of SAP HANA into wider data center infrastructures.

The integration allows for simplified management and greater scalability of SAP HANA workloads using a virtualized solution. The operating systems and hosted software are run on top of virtual hardware.

Running SAP and non-SAP workloads on a software-defined platform increases performance for data-rich business applications such as the in-memory data analytics applications enabled by SAP HANA.

Nutanix Enterprise Cloud on PRIMERGY optimizes the use of data center resources across workloads and allows businesses to flexibly scale their SAP landscapes.

Computing power and storage can be extended simultaneously by adding new nodes, while integrated, automated, cloud-like operations further reduce complexity and cost.

Hyper-Converged Infrastructure Solution Combines Nutanix Cloud and Fujitsu Servers

Nutanix Enterprise Cloud on PRIMERGY is an integrated system that combines the Nutanix Enterprise Cloud software with  Fujitsu PRIMERGY servers.

The management and control of the networking, storage, and data center infrastructure of the Nutanix Enterprise Cloud is automated by software instead of infrastructure hardware.

Optimized for SAP HANA and delivered as a SAP-certified, turnkey infrastructure, Nutanix Enterprise Cloud software scales to accommodate business growth.

Out-of-the-box deployment speeds up the creation of software-defined, multi-hypervisor environments from private cloud to the network edge.

Fujitsu is the contact for hardware and Nutanix hyper-converged infrastructure support for the joint solution. It also offers additional services, including system optimization and system health checks for customers’ individual landscapes.

The joint offering includes dedicated backup solutions using data protection appliances that are integrated with the Nutanix hyper-converged infrastructure software solution and boast a range of features such as all-in-one backup, multicloud backup and recovery, and multicloud and hypervisor data migration.

Nutanix Enterprise Cloud on PRIMERGY is available from August 2019 directly from Fujitsu and via Fujitsu SELECT channel partners. Pricing varies according to configuration.