Bitcoin Gold hit by a double-spend attack, exchanges lose over $18 million
The attacks started on May 18, the attacker used a large number of servers that allowed him to take the control of the majority of the Bitcoin Gold’s network hashrate, an attack technique dubbed “51% attack. The Bitcoin Gold team explained that due to the high cost of such kind of attack, the only way to make profits was to target exchanges to automatically withdraw a large amount of money. Bitcoin Gold director of communications Edward Iskra promptly notified the attacks to the users confirming that a malicious miner was using an exploit to steal funds from cryptocurrency exchanges in double-spend attacks. The attacker monetized its effort by transferring large amounts of BTG coins at exchanges and at the same time sending the same amounts to his wallet. “An unknown party with access to very large amounts of hashpower is trying to use “51% attacks” to perform “double spend” attacks to steal money from Exchanges. According to one of the exchanges involved in the attacks, the mysterious attacker is the same actor that attempted a double-spend attack on the original Bitcoin network in the past. ” The Bitcoin Gold team was able to follow the stolen funds from exchanges to the BTG address GTNjvCGssb2rbLnDV1xxsHmunQdvXnY2Ft, the hacker transferred more than 388,000 BTG coins (roughly $18 million. “A party like an Exchange may accept large deposits automatically, allow the user to trade into a different coin quickly, and then withdraw automatically. Because the cost is high, the attacker can only profit if they can quickly get something of high value from a fake deposit,” states Bitcoin Gold team. Iskra explained that the victims of the attack were not the end-users, instead of the hacker targeted exchanges.
A bug in T-Mobile site allowed anyone see any customer’s account details
The exposed records also included references to account PINs used by customers as a security question when they contact the customer case, this means that an attacker could use that information to impersonate a customer and take over its account. The data leak was caused by the lack of any authentication mechanism for calling the API, in this way anyone could have had access to any customer record including full name, postal address, billing account number, and in some cases information about tax identification numbers. “The returned data included a customer’s full name, postal address, billing account number, and in some cases information about tax identification numbers. The data also included customers’ account information, such as if a bill is past-due or if the customer had their service suspended. com subdomain contained a hidden API that would return customer data simply by invoking it with the customer’s cell phone number as a parameter. In February, Motherboard journalist Lorenzo Franceschi-Bicchierai published an interesting post on SIM hijacking reporting that T-Mobile customers were victims of an info disclosure exploit. “Although the API is understood to be used by T-Mobile staff to look up account details, it wasn’t protected with a password and could be easily used by anyone. “The bug was patched as soon as possible and we have no evidence that any customer information was accessed,” the spokesperson added. Stevenson reported the flaw to the telco giant in early April, the company quickly disabled the API and awarded the researcher of $1,000 under its bug bounty program. com used by the staff as a customer care portal to access the company’s internal tools.
Coca-Cola data breach has affected about 8,000 workers
Coca-Cola announced a data breach after a former employee was found in possession of worker data on a personal hard drive. In compliance with state laws, the company is notifying the data breach to the affected employees via letter. The company discovered the security breach in September when law enforcement officials notified it that a former employee at a Coca-Cola subsidiary was found in possession of an external hard drive. Coca-Cola supported the investigation conducted by law enforcement, it confirmed the authenticity of the documents that contained personal information of some workers. The company did not disclose the incident immediately at the request of authorities who were investigating the data breach. Following state laws, the company is now sending notification letters to affected employees. According to a company spokesman, the data breach has affected about 8,000 workers. “We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company,” a company spokesperson told Bleeping Computer. “We take information security very seriously, and we sympathize with everyone whose information may have been exposed. We regret any inconvenience or concern this may be causing them. We do not have any information to suggest that the information was used to commit identity theft.” As usually happens in these cases, Coca-Cola is offering free identity monitoring for one year to affected employees. Back in 2014, Coca-Cola warned some 74,000 employees and other individuals that their personal information was compromised due to the theft of several company laptops.
Indian Cricket Board Exposes Personal Data of Thousands of Players
The IT security researchers at Kromtech Security Center discovered a trove of personal and sensitive data belonging to around 15,000 to 20,000 Indian applicants participating in cricket seasons 2015-2018. The authority responsible for protecting this data was The Board of Control for Cricket in India (BCCI) but it was left exposed to the public in two misconfigured AWS (Amazon Web Service) S3 cloud storage buckets. According to the analysis from Kromtech researchers, the data was divided into different categories of players including those under 19 years old. The data was accessible to anyone with an Internet connection and basic knowledge of using AWS cloud storage. The data was discovered earlier this month and included names, date of birth, place of birth, permanent addresses, email IDs, proficiency details, medical records, birth certificate number, passport number, SSC certificate number, PAN card number, mobile number, landline and phone number of the person who can be contacted in case of emergency. At the time of publishing this article, the BCCI was informed by Kromtech researchers and both misconfigured buckets were secured. However, this is not the first time when such sensitive information was leaked online. In 2017, Bangalore-based Centre for Internet and Society (CIS) found that names, addresses, date of birth, PAN card details, Aadhaar card numbers and other relevant details of millions of Indian citizen could be found with just a simple Google search. On the other hand, lately, AWS buckets have been making headlines for the wrong reasons. Until now, there have been tons of cases in which misconfigured AWS buckets have been found carrying highly sensitive and confidential data such as classified NSA documents or details about US Military’s social media spying campaign. In two such cases, malicious hackers were able to compromise AWS buckets belonging to Tesla Motors and LA Times to secretly mine cryptocurrency. Therefore, if you are an AWS user make sure your cloud server is properly secured.
Chili’s restaurant chain is the last victim of a Payment Card Breach
On May 11, Brinker International company, which operates more than 1,600 Chili’s and Maggiano’s restaurants across 31 countries worldwide, announced to have suffered a data breach. “This notice is to make you aware that some Chili’s restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of your payment card data, and to provide you information on steps you can take to protect yourself and minimize the possibility of misuse of your information.” reads the notice issued by Brinker. The company issued a notice to warn people that recently used their payment cards at a Chili’s restaurant of a possible data breach, according to the initial investigation crooks infected payment systems with a malware. Cybercriminals syphoned payment card data from some Chili’s restaurants between March and April 2018. The malicious code was used to harvest credit and debit card numbers as well as cardholder names from PoS systems in the restaurants. “Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.” continues the note. “Chili’s does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised.” The company highlighted that it does not collect social security numbers, dates of birth or other personal information, it immediately activated the incident response plan and is currently working with third-party forensic experts to investigate the incident. Brinker advised customers to monitor their bank and credit card statements for any suspicious activity. Customers can visit a web page set up by the company to receive more information on the data breach and updates on this event. Major restaurant chains are a privileged target for cybercriminals, last year many companies suffered a data breach including Amazon’s Whole Foods Market, Arby’s, and Chipotle.
NigelThorn malware infected over 100,000 systems abusing Chrome extensions
Google addresses critical security vulnerabilities in Chrome 66
Google released an updated version of Chrome 66 (version 66.0.3359.170) for Windows, Mac, and Linux systems that addressed 4 security vulnerabilities. “This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.” reads the post published by Google.
1.  Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23
2.  High CVE-2018-6121: Privilege Escalation in extensions.
3.  High CVE-2018-6122: Type confusion in V8.
4. [$5000] High CVE-2018-6120: Heap buffer overflow in PDFium.
Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17. Three of the vulnerabilities were reported by external researchers, the most severe issues are a privilege escalation in extensions tracked as CVE-2018-6121 and a type confusion in V8 tracked as CVE-2018-6122. An anonymous researcher reported that chaining the two flaws could result in the sandbox escape and could allow a remote attacker to take control of target systems. Chrome addressed the CVE-2018-6120 heap buffer overflow in PDFium reported by Zhou Aiting of Qihoo 360 Vulcan Team that received a $5,000 reward. In April, Google issued security patches to address another Critical flaw in Chrome, the flaw was fixed in with the 66.0.3359.137 version.
A malicious package containing Bytecoin cryptocurrency miner found on the Ubuntu Snap Store
An Ubuntu user that goes online with the GitHub moniker “Tarwirdur” has discovered a malware in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store, a first analysis revealed that it is a cryptocurrency miner. The malicious code was able to mine the Bytecoin (BCN) cryptocurrency, the account hardcoded in the malware is “firstname.lastname@example.org.” The malicious app is 2048buntu, it is a copycat of the legitimate of the 2024 game included as an Ubuntu snap. Tarwirdur discovered the app contained a cryptocurrency mining application disguised as the “systemd” daemon, the package also includes an init script that allows gaining boot persistence on the target. Tarwirdur reported his discovery to the maintainers at the Ubuntu Snap Store team that promptly removed the app. The user also noticed another app uploaded by the same developers and after a check, he discovered it also contained a malicious code and for this reason, it was removed too. “At least two of the snap packages, 2048buntu and Hextris, uploaded to the Ubuntu Snaps Store by user Nicolas Tomb, contained malware. All packages by Nicolas have since been removed from the Ubuntu Snaps Store, “pending further investigations“.” states a post published on the website linuxuprising.com. Currently, it is impossible to establish the number of affected users because the Ubuntu Snap Store does not provide an install count. The problem is that submitted snaps do not go through a security check, this means that ill-intentioned can upload malicious snap packages to the Ubuntu Snap Store.
Vega Stealer malware steals passwords & card data from Chrome & Firefox
Proofpoint researchers said: “The document macro utilized in this campaign is a commodity macro that we believe is for sale and used by multiple actors, including the threat actor spreading Emotet banking Trojan.” Dubbed Vega Stealer by researchers; the malware is a variant of August Stealer which was discovered in December 2016 stealing saved passwords, documents, and other sensitive data from Skype, Opera, Chrome and Firefox browsers. ” “While Vega Stealer is not the most complex or stealthy malware in circulation today, it demonstrates the flexibility of malware, authors, and actors, to achieve criminal objectives,” the firm’s researchers said. However, researchers believe that the obfuscated macros used in this campaign are for sale and used by not one but multiple threat actors including those behind Emotet banking trojan. Moreover, the Chrome browser stealing functionality in Vega is a subset of the August code; August also stole from other browsers and applications, such as Skype and Opera. Once Vega Stealer infects a targeted system it starts stealing data and searches the victim’s desktop and sub-directories for files in different formats including. “Because the delivery mechanism is similar to more widely distributed and mature threats, Vega Stealer has the potential to evolve into a commonly found stealer. Vega’s new functionality includes new network communication protocol and expanded Firefox’s stealing functionality. “However, the URL patterns from which the macro retrieves the payload are the same as those used by an actor we are tracking who distributes the Ursnif banking Trojan, which often downloads secondary payloads such as Nymaim, Gootkit or IcedID. The IT security researchers at Proofpoint have discovered a new malware developed to steal saved login and credit card credentials from Chrome and Firefox browsers.
Chinese researchers from Tencent discovered exploitable flaws in several BMW models
Researchers from the Tencent Keen Security Lab have discovered 14 vulnerabilities affecting several BMW models, including BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series. The team of experts conducted a year-long study between January 2017 and February 2018. They reported the issues to BMW and after the company started rolling out security patches the researchers published technical details for the flaws. We systematically performed an in-depth and comprehensive analysis of the hardware and software on Head Unit, Telematics Control Unit and Central Gateway Module of multiple BMW vehicles reads the report published by Tencent Keen Security Lab. Though mainly focusing on the various external attack surfaces of these units, we discovered that a remote targeted attack on multiple Internet-Connected BMW vehicles in a wide range of areas is feasible, via a set of remote attack surfaces (including GSM Communication, BMW Remote Service, BMW ConnectedDrive Service, UDS Remote Diagnosis, NGTP protocol, and Bluetooth protocol). According to the experts, the vulnerabilities affect car produced from the year 2012. White hat hackers focused their tests on the infotainment and telematics systems of the vehicles. Eight of the vulnerabilities impact the infotainment system, four issues affect the telematics control unit (TCU), and two the central gateway module. The TCU provides telephony services, accident assistance services, and implements remote controls of the doors and climate. The central gateway receives diagnostic messages from the TCU and the head unit and sends them to other Electronic Control Units (ECUs) on different CAN buses. The experts discovered that an attacker could exploit the flaws, or chain some of them, to execute arbitrary code and take complete control of the affected component. The experts demonstrated that a local attacker could hack BMW vehicles via a USB stick, in another attack scenario the researchers illustrated a remote hack through a software-defined radio. Remote attacks can be conducted via Bluetooth or via cellular networks, remote hack of a BMW car is very complex to carry on because the attacker would need to hack a local GSM mobile network. Our research findings have proved that it is feasible to gain local and remote access to infotainment, T-Box components and UDS communication above certain speed of selected BMW vehicle modules and been able to gain control of the CAN buses with the execution of arbitrary, unauthorized diagnostic requests of BMW in-car systems remotely, states the researchers. BMW issued some security updates to the backend systems, it also rolled out over-the-air patches for the TCU. The company also developed firmware updates that will be made available to customers at dealerships. Neither BMW nor Keen Lab have revealed the list of affected models. BMW awarded the Keen Lab as the first winner of the BMW Group Digitalization and IT Research Award. In July 2017, the same team of security researchers from Chinese firm Tencent demonstrated how to remotely hack a Tesla Model vehicle.