Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security. Let’s face it. We all have too many online accounts and too many passwords to remember. Password fatigue is real — but password managers or single sign-ons (SSO) can take away the chore of having to recollect your passwords. SSO, especially those from Google, Facebook, LinkedIn, Twitter, and Apple, make the process even more seamless, as you only need one set of credentials to access multiple apps. Despite the benefits, SSOs introduce new risks of their own. They need to be constantly available. If something goes wrong with an SSO, you won’t be able to access any of the sites you use it to log in with. Even worse, if a hacker breaches your SSO provider, all your accounts could be exposed to credential-stuffing, allowing an attacker to use that leaked password to sign in to other services. In 2018, Facebook, for example, disclosed a data breach that impacted 50 million of its users. The breach allowed attackers to steal their access tokens used to login to Spotify, Instagram, etc. The company then reset the tokens to prevent further misuse. More recently, amid the escalating war of words between Apple and Epic Games, the gaming company warned that Apple intended to revoke Epic’s integration of “Sign In With Apple.” This came in retaliation for introducing a direct payment option violating App Store policies. Apple ultimately extended the deadline, but it led Epic to urge users to switch to a different email address to maintain access to their accounts — or risk getting permanently locked out. This incident is yet another reason why it’s always a better idea to use password managers over SSOs. Just make sure you’re not reusing the same password and your account is secured by 2FA.
What’s trending in security?
A patient died after a ransomware attack crippled a German hospital, TikTok fixed a number of security issues in its Android app, and Zoom finally added support for 2FA.
A woman in Germany died during a Doppelpaymer ransomware attack on the Dusseldorf University Hospital. This is the first death directly linked to a cyberattack on a healthcare facility. The case is being treated as negligent homicide. [The Hacker News] Hackers working for Russia, China, and Iran have recently escalated their attacks ahead of the upcoming US presidential election. [Microsoft] In what’s largest attack since 2015, more than 2,000 Magento online stores have been compromised to plant malicious web skimmers to steal payment information. [Sansec] Cybersecurity firm RiskIQ is keeping track of all domains and hostnames containing the last name of each of the four US presidential candidates — Biden, Hawkins, Jorgensen, and Trump — so that researchers can assess if they are malicious. [RiskIQ]
A researcher found a database from Chinese company, Shenzhen Zhenhua, that contained details on 2.4 million influential people around the world, their kids, and how to exert influence over them. [The Register] The encryption debate is back. According to a new proposal by the European Commission, EU law enforcement authorities would be allowed to access end-to-end encrypted communications as part of “targeted lawful access” to help crackdown on child abuse networks and other organised crime. [The Financial Times] ZDNet’s Danny Palmer’s credit cards were stolen and used to make a payment 4,500 miles away. He followed the trail from London all the way to the city of Paramaribo, Suriname. [ZDNet] Earlier this year police took down Encrochat, an encrypted phone network used almost exclusively by criminals, by deploying malware on thousands of devices. But new documents show the malware had the capability of collecting “all data stored within a device,” including chat messages, geolocation data, usernames, passwords, and the list of WiFi access points near the device. [Motherboard]
Good news! Zoom enabled 2FA for an extra layer of account protection. [Zoom] TikTok fixed a number of security flaws in its Android app that could potentially allow a bad actor to execute malicious code. [Oversecured] Cybercriminals are evolving their techniques to bypass spam detection systems. Their new trick? Using obscure URLs containing hexadecimal IP addresses. [Trustwave] Billions of Bluetooth devices are vulnerable to a newly discovered flaw called “BLESA” (short for Bluetooth Low Energy Spoofing Attack) that makes it possible for a nearby attacker to send spoofed data to a BLE device with incorrect information. [ZDNet] The last fortnight in data breaches, leaks and ransomware: Artech, Belarus law enforcement, Equinix, Luxottica, Razer, Shopify, Staples, Tyler Technologies, the UK National Health Service, and the US Department of Veterans Affairs.
Data Point
Ransomware attacks are so frequent and prevalent, they have now accounted for 41% of all cyber insurance claims in the first half of 2020. What’s more, ransomware infections have spared no industry. According to cybersecurity firm Trend Micro, government agencies, healthcare, and manufacturing are the top 3 sectors targeted by ransomware, followed by financial and education institutions.
Tweet of the week
That’s it. See you all in two weeks. Stay safe! Ravie x TNW (ravie[at]thenextweb[dot]com)