Cyber Weekly Digest - Week #14

It was a brought range of news this week, with breaches, vulnerabilities, exploits and lots of news about Zoom. Let's take a look at what happened.


1. Another data breach affecting over 5.2 million guests was disclosed today by the international hotel chain Marriot. The incident took place after two employee accounts got compromised, exposing the guest's personal information, including email address, phones, names, gender, date of birth and loyalty account information. This breach is not the first time that Marriott is involved in a cyber incident. In 2018 it was disclosed that Starwood, a subsidiary of Marriott, had their central reservation system hacked, exposing the personal information of more than 327 million guests.


2. As this health crisis continues, more and more people are increasingly working from home, utilizing online communication platforms like Zoom. This surge of popularity has security researchers concerned since Zoom has had some problems in the past regarding privacy and security. An example of this was the discovery of a technique back in January that could have allowed attackers to identify and join active meetings. Moreover, it was revealed that Zoom was reinstalling itself on mac devices without permission, even after users had uninstalled the software. In the end, Apple issued an update to remove this sneaky code from all Macs. Even now, Zoom claimed to use end-to-end encryption, something that is not true and something that caused some trouble for the British PM, who uses the platform for government meetings. Businesses must follow some security practises to eliminate as many risks involved with this as they can; here are some recommendations.


3. According to research published by Kaspersky and Trend Micro, a hacking campaign exploited a remote iOS vulnerability to install spyware on iPhones. This watering hole attack uses fake links posted in multiple forums, popular in Hong Kong, which lead the unaware victims to a site containing the malicious scripts. Once installed, the exploit allows the interloper to exfiltrate sensitive data from the device and even take full control.


4. As reported from KrebsonSecurity, a spearfishing attack on a GoDaddy.com customer service employee gave the phishers the ability to access half a dozen GoDaddy customers. The attackers were able to change the domain names of the compromised websites to point to a third party web server. One of the websites compromised was escrow.com and, even though had none of their systems compromised, their website changed for two hours, pointing to a plain text message left behind by the attacker.


5. In other news, Microsoft Edge's next version will contain a new feature called Password Monitor. This feature will alert the device owner if any of their login credentials saved on the browser have been detected on the dark web. Moreover, this new version of Edge will contain an inPrivate mode that will automatically delete browsing history, site data, and cookies when a browsing session is completed. Microsoft Edge is not the first browser to implement such a feature. Firefox launched a similar service nearly two years ago using data from the database provider "Have I been Pwned" and Google Chrome's extension "Password Checkup" arrived last year. Nevertheless, if you are interested in checking out these features, the update will take place on April 21st.


6. According to cybersecurity researchers, hackers were able to install a secret backdoor on thousands of Microsoft SQL servers. The attack seems to have infected 2000-3000 servers daily over the past few weeks, with the victims located in China, India, South Korea, the US and Turkey. Thankfully, the researchers were able to develop and release a script to let sysadmins detect if their systems are compromised.

10 views