MENTIS

Week of September 14, 2018

MENTIS
news

Week of September 14, 2018

Google Fights "Right to be Forgotten" in EU Court*:

Google clashed with France in a top EU court arguing it feared for freedom of speech if forced to apply Europe’s “right to be forgotten” principle worldwide.

The two sides are battling over a shock 2014 decision at the same court that imposed a right for individuals, under certain conditions, to have references to them scrubbed from search engine results.

The US tech giant firmly opposed the decision, but complied with the ruling by delisting search references once requested across its European domains, such as Google.fr or Google.de, but not domains outside the EU.

France’s data regulator opposed the distinction and said the firm should apply the delisting to all extensions, regardless of the national domain name.

Lawyers for France’s Commission Nationale de l’Informatique et des Libertes (CNIL) believe that a global implementation for the EU’s “right to be forgotten” is the only way to ensure European rights are upheld.

EU court judges heard a long list of stakeholders, including lawyers from CNIL and Google, as well as representatives from human rights groups that fear abuses of the policy by authoritarian states outside the bloc.

A spokesman for a rights organization argued that, “if European regulators can tell Google to remove all references to a website, then it will only be a matter of time before countries like China, Russia, and Saudi Arabia start to do the same.”

*Source: The Economic Times, September 12, 2018

https://cio.economictimes.indiatimes.com/news/internet/google-fights-worldwide-right-to-be-forgotten-in-eu-court/65780735


British Airways Data Breach was Carried Out by MageCart Crime Gang*:

The researchers at RiskIQ have stated that the British Airways data breach was conducted by the crime gang MageCart.

The group has been active since 2015 and has been compromising many e-commerce websites to steal payment card and other sensitive data.

The group usually inserts a skimmer script to the target websites to extract payment card data and when the attackers are successful in compromising the website the script will automatically add an embedded piece of JavaScript Code dubbed MagentoCore.

The script records the keystrokes from the users and transfers the keystrokes to the attacker’s server.

RiskIQ reported that MageCart carried out the attack on British Airways using a customized script that runs under the radar, and the group also used a dedicated infrastructure to perform the attack on the airline company.

The malicious script was loaded from the baggage claim information page on the British Airways website.

The code attached by the threat actors sends the payment information to the attacker’s server when the customer enters his payment credentials in the British Airways webpage.

The information stolen from the British Airways was sent in the form of JSON to a server running on baways.com that matches the legitimate domain used by the airline.

At the time it is still unclear how MageCart managed to inject the malicious code in the British Airways website.

*Source: Latest Hacking News, September 12, 2018

https://latesthackingnews.com/2018/09/12/british-airways-data-breach-was-carried-out-by-magecart-crime-gang/


Indian Online Food Platform FreshMenu Hid Data Breach Affecting 110K Users for Two Years*:

The Indian online food platform, FreshMenu, recently confessed a data breach that affected over 110,000 customers.

A website called HaveIBeenPwned.com revealed in a tweet that an online food ordering platform kept a data breach incident hidden from its customers for years.

Reportedly, FreshMenu hid a data breach that happened back in 2016 affecting more than 110,000 customers.

The breached information allegedly includes personal details of the customers along with order histories; this includes everything from usernames, email addresses, contact numbers, physical addresses, device information, and food ordering details.

However, FreshMenu did not mention physical addresses and order histories being included in the breached data.

Despite having a massive impact, FreshMenu kept the matter secret. In fact, according to HIBP, they deliberately chose not to disclose the breach.

Recently, FreshMenu uploaded a detailed notice on their website explaining about the breach whilst apologizing to the customers.

They confirmed that the breached information did not include any passwords or payment details.

FreshMenu also stated that they contacted a reputed white-hat hacker to audit their systems for security.

They also reiterate their commitment to ensuring site and data security to make their customers feel safe.

*Source: Latest Hacking News, September 12, 2018

https://latesthackingnews.com/2018/09/12/indian-online-food-platform-freshmenu-hid-data-breach-affecting-110k-users-for-two-years/


Veeam Server Lapse Leaks Over 440 Million Email Addresses*:

Veeam, a backup and data recovery company, bills itself as a data giant that among other things can “anticipate need and meet demand, and move securely across multi-cloud infrastructures,” but is believed to have mislaid its own database of customer records.

Security researcher Bob Diachenko found an exposed database containing more than 200 gigabytes of customer records – mostly names, email addresses, and in some cases IP addresses.

Diachenko, who blogged about his latest find, said the database didn’t have a password and could be accessed by anyone knowing where to look.

The database contained more than 200 gigabytes — including two collections that had 199.1 million and 244.4 million email addresses and records respectively over a four-year period between 2013 and 2017.

Without downloading the entire data set, it’s not known how many records are duplicates.

After TechCrunch informed the company of the exposure, the server was pulled offline within three hours.

Veeam says on its website that it has 307,000 customers covering most of the Fortune 500.

*Source: Tech Crunch, September 11, 2018

https://techcrunch.com/2018/09/11/veeam-security-lapse-leaked-over-440-million-email-addresses/


Researchers Find Vulnerability in Tesla Model S Key*:

A group of COSIC experts form KL Leuven University in Belgium have developed a new relay attack called Passive Key Entry and Start (PKES) which is used by most cars to unlock and start an engine.

The Passive Keyless Entry (PKE) works automatically as it detects the if the user is in proximity and relies on the paired key Fob.

Most thieves use PKES attacks to steal vehicles by use of relayed messages between the key and the vehicle.

There is a drawback to this attack as the attacker can only steal the car when the owner’s key is in the range of the proximity sensor.

During normal operation, the car periodically advertises its identifier. The key will receive the car’s identifier, if it is the expected car identifier the key fob will reply, signalling it is ready to receive a challenge

In the next step, the car will transmit a random challenge to the key fob. The key fob computes a response and transmits it.

After receiving the key fob’s response, the car must verify it before unlocking the doors. The same challenge-response protocol is repeated to start the car.

Several security weaknesses were found in these smart unlocking systems, with many of these security vulnerabilities existing due to a lack of the mutual communication between the car and key.

Tesla has already fixed the issues with the help of the research team. The experts communicated the flaw to Tesla in August and the vendor fixed the problems with their staff in recent weeks.

Tesla rolled out upgraded cryptography for key fobs and introduced an optional feature called “PIN to Drive,” that requests a PIN from the driver before the vehicle can be driven.

*Source: Latest Hacking News, September 13, 2018

https://latesthackingnews.com/2018/09/13/researchers-discover-vulnerability-in-tesla-model-s-key/


New Ransomware Named PyLocky Discovered*:

Security experts at Trend Micro have found a new Ransomware strain named PyLocky which has been involved in attacks between July and August of this year.

The malware poses as Locky Ransomware by issuing a seemingly similar ransom note to affected victims.

The Ransomware is written in Python and uses PyInstaller to act as a standalone application.

The PyInstaller converts the Python Scripts into a Standalone executable; this is unique from other ransomware as it has Anti-Machine Learning Capabilities and also uses an open-source script called Inno Setup Installer.

The aim of the ransomware is to bypass static analysis methods using the Inno Setup Installer and PyInstaller which makes it more dangerous.

The ransomware was mostly designed to target the population in Europe and France, and it is distributed using spam campaigns.

The spam messages have started low in volume they have increased over time.

PyLocky tries to encrypt the Image, Video, Documents, Sound, Applications, Database and Archive Files before displaying the ransom note.

The ransomware is configured to encrypt a hardcoded list of file types.

PyLocky also abuses Windows Management Instrumentation (WMI) to check the attributes of the affected system.

The ransomware sleeps for 999,999 seconds approximately 11.5 days before it starts the encryption process in the victim’s computer.

The ransomware uses the 3DES (Triple DES) cypher, which is already included in the PyCrypto Library, and generates a list of files that are encrypted. The ransomware then uses these files to overwrite the original ones.

*Source: Latest Hacking News, September 14, 2018

https://latesthackingnews.com/2018/09/14/new-ransomware-named-pylocky-discovered/


Amazon Probing Employees Leaking Data for Bribes*:

Amazon is investigating reports of employees leaking confidential internal data and offering other services to sellers on its e-commerce platform in exchange for bribes, the Wall Street Journal reported Sunday.

Employees at the internet retailer are allegedly selling sales and search information to independent merchants selling products on the site, giving them an edge over competitors in violation of company policy.

Brokers working as intermediaries for Amazon employees are also offering to delete negative reviews and restore banned accounts, the newspaper said, citing anonymous sellers, brokers and others familiar with the probe.

The investigation began in May after the company was tipped off to the practice taking place in China, where it's said to be most prevalent.

The reports of bribery are the latest challenge Amazon faces in protecting the integrity of its marketplace after working for years to eradicate its sites of fake reviews and counterfeit products.

Since 2015, the company has been filing legal actions to fight against scams and already sued more than 1,000 entities involved in allegedly creating fake product reviews on its sites.

Middlemen working for sellers in China who want negative reviews of their products deleted use the messaging service WeChat to identify and approach Amazon employees who want to perform the service in exchange for cash payments from around $80 to more than $2,000, the newspaper reported.

Amazon confirmed the investigation's existence Sunday afternoon.

*Source: CNET, September 16, 2018

https://www.cnet.com/news/amazon-reportedly-probing-employees-leaking-data-for-bribes/

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top