Tuesday Morning Threat Report: Jul 9, 2024 | by Mark Maguire
Hackers Steal Taylor Swift Tickets: ShinyHunters, the hacking gang that breached numerous companies’ Snowflake accounts, claims to have stolen the barcode for thousands of Taylor Swift tour tickets and is demanding millions in ransom to not leak them.
Severe OpenSSH Vulnerability: A new vulnerability was uncovered in OpenSSH, which can give attackers admin permissions on a victim’s computer. This vulnerability also allows attackers to takeover Linux and Unix servers without authenticating.
2023 OpenAI Data Breach Revealed: The New York Times reported that OpenAI suffered a previously unreported data breach during 2023. The attackers were not able to steal any proprietary source code or customer data but could view internal discussions between employees.
Twilio Data Leak: The ShinyHunters ransomware gang has leaked 33 million phone numbers associated with Twilio two-factor authentication. Twilio is a tech-focused communication company that specializes in sending texts and emails.
Affirm Credit Card Breach: Affirm cardholders were urged to stay cautious after a data breach at Evolve Bank, Affirm’s credit card issuer, exposed customer data on the dark web. Affirm is a “buy now, pay later” technology company that offers financing for online purchases.
Another Record Breaking DDoS Attack: Distributed-Denial of Service (DDoS) is a form of cyberattack that seeks to overwhelm a target with so many requests that the victim’s service crashes. OVHCloud reports that they blocked the largest DDoS attack ever attempted, which peaked at 840 million packets per second.
Europol Complains About Privacy Technologies
Europol asked lawmakers to address SMS home routing, a privacy technology complicating criminal investigations. It allows mobile users’ communications to be processed through their home networks when abroad, hindering the police’s ability to track suspects.
Proton Launches Shared Docs Product
Proton, the privacy-focused company that hosts the email service “Proton Mail,” has launched a shareable word doc service. This service, presumably designed to compete with Google Docs, promises end-to-end encryption and that content user’s create will not be used to train AI.
The Market Working Like It Should
Particularly in the K-12 educational sphere, Google’s services have become inescapable. 68% of K-12 officials surveyed said that Google’s G Suite was the most used platform in their district. Students are given Chromebooks for their laptops, Gmail accounts for email, Google docs for writing essays, and Google Slides for presentations.
When the pandemic began, the usage of Google Classroom quadrupled in a matter of weeks. For privacy advocates, this trend was alarming.
In February 2020, New Mexico’s Attorney General Hector Balderas sued Google due to data privacy concerns with Google Classroom. In a letter to Google’s CEO, Balderas wrote that he had found evidence that Google was tracking students in their homes, across all devices, and recording information that had nothing to do with education.
One of the reasons that Google dominates in the educational space is the lack of viable alternatives. That is why this week’s story about Proton launching a privacy-focused docs service is heartening.
Brazil Suspends Meta’s AI Training
Brazil issued an order to halt Meta from training AI on their citizen’s data in response to a change in Meta’s privacy policy that gave Meta the right to train AI models on Instagram and Facebook posts.
Bug Bounty Issues: Companies host “bug bounty” programs, in which hackers are paid to find vulnerabilities in that company’s products. This thought piece examines flaws with bug bounties, including a recent case where a bug bounty payment dispute has arisen.
Airplane Wi-Fi Hacking Suspect Charged: The Australian police have charged a man who setup a fake Wi-Fi network on a domestic flight and used it to steal other passengers’ credentials and data.
AWS Security Updates: AWS made important security updates, including adding support for passkey authentication. Unlike passwords, passkeys cannot be stolen in phishing attacks. AWS also made multifactor authentication mandatory for root accounts.
Volcano Demon Emerges: A new ransomware group, Volcano Demon, became active during June 2024. Volcano Demon uses malware that steals victim’s files and encrypts them, and then Volcano Demon calls their victims on the phone to coerce them into paying a ransom.
Europol Flags 600 IPs: Europol has released a report of 690 IP addresses that support and distribute Cobalt Strike malware. Identifying these IPs took an international effort and partnership between governments and the private sector.
CocoaPods Vulnerability: For nearly a decade, dependency management software CocoaPods, which is heavily relied upon for iOS and macOS development, contained a severe vulnerability that allowed attackers to easily perform supply chain attacks.
Rockwell Automation Vulnerability: Cybersecurity researchers at Microsoft uncovered vulnerabilities within Rockwell Automation’s PanelView Plus product. The product is widely used for industrial applications.
