Equifax Used The Word ‘admin’ for Database Login and Password

A class-action lawsuit against Equifax’s 2017 data breach is shedding light on the atrocities of the firm’s security hygiene. Most notably, researchers at Hold Security found that the sensitive information of hundreds of individuals was protected by the same generic username and password: admin.

The researchers found names, emails, and social security equivalents of over 100 individuals on Equifax’s website in Argentina. The lawsuit also states that Equifax was storing unencrypted user data on a public-facing server, allowing an attacker to view the information openly.

The 2017 Equifax breach exposed several pieces of sensitive information, including the social security numbers of more than 147 million people across the world. Two years later, more details are emerging, showing the abysmal cybersecurity practices the firm held at the time of the breach.

Read more here

Attackers Hide Backdoors and Cryptominers in WAV Audio Files

BlackBerry Cylance threat researchers have discovered a malicious campaign that utilizes WAV audio files to hide Monero cryptominers and drop backdoors in victims’ machines. In June, Symantec researchers spotted another threat group embedding a publicly available Metasploit Meterpreter payload into WAV files as well.

The Cylance researches discovered that both attacks utilized the same steganography tactic. The more recent attack implements an XMRig Monero cryptominer in combination with Metasploit code that gains a reverse shell. Further explaining the attack, the researchers stated:

“Each WAV file was coupled with a loader component for decoding and executing malicious content secretly woven throughout the file’s audio data,” says the report. “When played, some of the WAV files produced music that had no discernible quality issues or glitches. Others simply generated static (white noise).”

The cybercriminals used three different methods to decode and execute malicious code within the WAV file loaders:

Least Significant Bit (LSB) steganography to decode and execute a PE file

A rand()-based decoding algorithm to decode and execute a PE file

A rand()-based decoding algorithm to decode and execute shellcode.

This strategy produces an additional layer of obfuscation, making detection of the malicious file more difficult.

Read more here

NordVPN Confirms Data Center Breach

The popular virtual private network (VPN) service NordVPN recently confirmed the validity of a breach of one of its data centers. The breach occurred in March 2018 at one of the company’s Finland data centers.

The attackers were able to access the server by exploiting an insecure remote management system left by the data center provider. NordVPN states that the company was unaware of the system’s existence and has terminated its contract with the server provider.

Luckily, the attackers were unable to access the activity logs, usernames, or passwords of NordVPN users. This past weekend, security researchers disclosed that NordVPN had an expired private key, allowing anyone to set up a server imitating NordVPN. A malicious party could then use the dummy server to conduct a personalized man-in-the-middle attack, tracking connections that try to access the VPN.

Get more information here

New Vulnerability Enables ‘Voice Phishing’ and Eavesdropping Through Alexa, Google

Researchers have discovered new ways in which a malicious actor can exploit Alexa and Google Home smart devices to spy on users. The attack scenario uses both eavesdropping and voice-phishing attacks.

The vulnerability derives from applications initially meant to increase usability for both smart devices. According to a report by Security Research Labs (SRLabs), Skills for Alexa and Actions on Google Home “can be abused to listen in on users or vish (voice phish) their passwords.”

The researchers found two ways where they could abuse data privacy on smart devices. The first tactic involves a request to collect personal data (which includes user passwords), and the second tactic involves eavesdropping on users after they believe the device is no longer listening.

These vulnerabilities are just a few in a long list of inadequate user privacy protections in smart devices such as Alexa and Google Home.

Read more here

Sudo Flaw Lets Linux Users Run Commands as Root Even When They’re Restricted

Sudo stands for “superuser do,” a system command that allows you to run a specific program or command with the privileges of the root user. The Linux Sudo flaw enables a malicious user or application to execute arbitrary commands as root on a Linux environment even if the “sudoers configuration” disables root access.

The vulnerability was discovered by Joe Vennix and is tracked as CVE-2019-14287.

Surprisingly, a user can exploit the flaw by specifying the user ID as -1 or 4294967295. The function, which converts a user ID into a username, incorrectly assigns -1 or 4294967295 to 0, which is always the user ID of a root user. The vulnerability affects all Sudo versions before version 1.8.28.

Read more here