



Personal Data of Entire 16.6 Million Population of Ecuador Leaks Online

Security researchers at vpnMentor, Noam Rotem and Ran Locar, have discovered a data leak that holds information belonging to the entire population of Ecuador. The leak consists of 18GB of data containing 20.8 million records.

The exposed data was retained on an unsecured server located in Miami, Florida but owned by an Ecuadorian company.

According to Forbes and the vpnMentor report, the personal leaked information includes:

full name (first, middle, last)

gender

date of birth

place of birth

home address

email address

home, work, and cell phone numbers

marital status

date of marriage (if applicable)

date of death (if applicable)

level of education

employer name

employer location

employer tax identification number

job title

salary information

job start date

job end date

If a resident held a bank account with the Ecuadorian national bank, you could find additional information like:

account status

current balance in the account

amount financed

credit type

Fortunately, the Ecuador Computer Emergency Response Team (CERT) closed the database once they were notified by the vpnMentor researchers.

Read more here

France and Germany to Block Facebook’s Libra Cryptocurrency

French Finance Minister Bruno Le Maire has announced that both France and Germany have agreed to block Facebook’s upcoming cryptocurrency, Libra. A joint statement issued by the two governments declares,

“[They] believe that no private entity can claim monetary power, which is inherent to the sovereignty of nations.”

Le Maire further asserted the government’s stance against Libra stating,

“I want to be absolutely clear: in these conditions, we cannot authorise the development of Libra on European soil.”

Libra is designed to allow individuals the opportunity to make payments across Facebook’s various apps, like WhatsApp and Facebook Messenger. Companies such as Visa, MasterCard, and PayPal have all been backers of the project. Libra’s head of policy recently commented on the announcements from France and Germany, stating that this chain of events further underscores the importance of working with regulatory bodies.

Read more here

SIM-Based Attack Has Been Spying on People for Two Years

Researchers at AdaptiveMobile have discovered a new SIM based vulnerability, dubbed Slimjacker. And the exploit has reportedly been used by a classified surveillance company to surveil people’s devices.

To exploit this vulnerability, an attacker sends an inperceivable SMS message containing instructions for an older version of the S@T Browser app, which is currently supported on various cellular carrier’s SIM cards. The hacker can use these instructions to obtain location info and IMEI numbers which they can then send (using SMS) back to a malicious device that records the information.

According to Security Affairs, the attacker can perform the following actions:

Retrieve targeted device’s location and IMEI information,

Spread misinformation by sending fake messages on behalf of victims,

Perform premium-rate scams by dialing premium-rate numbers,

Spy on victims’ surroundings by instructing the device to call the attacker’s phone number,

Spread malware by forcing a victim’s phone browser to open a malicious web page,

Perform denial of service attacks by disabling the SIM card, and

Retrieve other information like language, radio type, battery level, etc.

To make matters worse, the attacker obtains this information without notifying the victim and can steal data off any brand of phone (iPhones, various brands of Android phones). According to the researchers, the mystery company has been utilizing this vulnerability in 30+ countries for over two years. SIMalliance has provided a new set of security guidelines for cellular carriers, providing some recommendations, including:

Implementing filtering at the network level to intercept and block “illegitimate binary SMS messages” and

Making changes to the security settings of SIM cards issued to subscribers.

Get more information here

Asus, Lenovo, and Other Routers Riddled with Remotely Exploitable Bugs

Researchers have discovered more than a hundred vulnerabilities in small office/home office routers and network-attached storage devices (NAS) from vendors like Asus, Zyxel, Lenovo, Netgear, and others. The researchers pen tested 13 different models and discovered at least one web application vulnerability per device, including cross-site scripting (XSS), operating system command injection, or SQL injection flaws. Many of the vulnerabilities could allow an attacker to gain remote access to the device’s shell or administrator panel.

According to the pen test paper, researchers were able to discover 125 different CVE’s and remotely exploit six devices without authentication.

The affected devices include:

Asustor AS-602T,

Buffalo TeraStation TS5600D1206,

TerraMaster F2-420,

Drobo 5N2,

Netgear Nighthawk R9000,

TOTOLINK A3002RU.

Many of the companies have taken mitigation steps; however, some organizations such as Drobo and Buffalo Americas have been unresponsive.

Read more here

InnfiRAT Malware Steals Litecoin and Bitcoin Wallet Information

Hackers have updated a remote access Trojan (RAT), InnfiRAT, with extensive capabilities to steal sensitive data, including cryptocurrency wallet information.

Researchers at ThreatLabZ have analyzed the malware and discovered some interesting abilities. InnfiRAT is based on .NET and includes 11 commands, including anti-VM, process checks, and enumeration capacities.

After infecting a victim’s computer, the malware copies itself into %AppData%/NvidiaDriver.exe and drop a Base64-encoded PE file which will then be decoded into a .NET binary. After executing, InnfiRAT first checks to see if it’s running in a sandbox and looks for process monitor processes.

If it determines that any of those values are present, the malware automatically terminates itself. If it’s initial scans don’t show any red flags, it will then proceed to collect the machine’s HWID and country.

After the initial recon processes, InnfiRAT grabs browser cookies to steal stored usernames and passwords, as well as searches for wallet.dat files in %AppData%\Litecoin\ and %AppData%\Bitcoin\ folders. If the malware discovers any information, it quickly delivers that data back to its C2 server.

Other commands InnfiRAT can execute on a victim’s computer include:

SendUrlAndExecute(string URL) – download a file from a specified URL and execute it

ProfileInfo() – collect and exfiltrate network, location, and hardware info

LoadLogs() – write files into specific folders

LoadProcesses() – get a list of running processes and send it to the C2 server

Kill (int process) – kill a specific process on the victim’s machine

RunCommand(string command) – execute a command on the victim’s machine

ClearCooks() – clear browser cookies for specific browsers

You can find indicators of compromise (IOC) like malware sampled hashes and domains in the ThreatLabZ team’s InnfiRAT write-up.

Read more here