Cybersecurity Weekly: Equifax default password discovered, NordVPN data breach, Army retires floppy disks

October 28, 2019 by Sam Fay

A default admin password was used to “secure” sensitive data at Equifax. NordVPN suffered a data breach, exposing private encryption keys of some of its users. The U.S. Army moves on from an 8-inch floppy disk computing system. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. Hackers “are no longer winning,” says KPMG cyber chief

Hackers are “no longer winning the cyber crime war” following years of public and private investment and collaboration, according to KPMG’s global head of cyber futures, David Ferbrache. He also said that active defense measures taken by the NCSC are effective at keeping the bad guys at bay.
Read more »

2. Microsoft to reward hackers for finding bugs in open source election software

On October 18th, Microsoft launched the ElectionGuard Bounty program, inviting security researchers from across the world to help the company discover high-impact vulnerabilities in the ElectionGuard SDK. This SDK can be integrated into voting systems and is designed to “allow individual voters to confirm their votes were correctly counted.”
Read more »

3. Equifax used default admin password to secure hacked portal

According to a class-action lawsuit, Equifax staffers used the default “admin” username and password to secure a portal containing sensitive customer information. This comes in the wake of the 2017 data breach that leaked information on 148 million accounts of people in the U.S., Canada and UK.
Read more »

4. Alexa and Google Home abused to eavesdrop and phish passwords

Whitehat hackers developed eight malicious apps for the Amazon Echo and Google Home that passed Amazon or Google security-vetting processes. Behind the scenes, these “smart spies,” as the researchers called them, secretly eavesdropped on users and phished their passwords.
Read more »

5. AWS servers hit by sustained DDoS attack

Businesses were unable to service their customers for approximately eight hours on Tuesday after Amazon Web Services servers were struck by a distributed denial-of-service (DDoS) attack. After initially flagging DNS resolution errors, customers were informed that the Route 53 DNS was in the midst of an attack, according to statements from AWS support.
Read more »

6. NordVPN breach FAQ — What happened and what’s at stake?

NordVPN, one of the most popular and widely used personal VPN services, disclosed details of a security incident that compromised one of its thousands of servers based in Finland. A security researcher alleged that unknown attackers stole private encryption keys through the compromised server.
Read more »

7. Experts found 17 apps infected with clicker trojan in the Apple app store

The mobile apps were instructed by the command and control server to simulate user interactions, allowing crooks to fraudulently collect ad revenue. Security experts noticed the developer previously published infected apps to the Google Play store that have since been removed.
Read more »

8. Ransomware attack shuts down city of Johannesburg’s systems

The City of Johannesburg municipality shut down its website, e-services platform and the billing system following a recent ransomware attack. According to the ransom note, this also led to unauthorized information access. Attackers are asking for a payment of four bitcoins (around $33,654) to be paid by October 28.
Read more »

9. U.S. Army stopped using floppy disks as storage for command system

The U.S. Army announced that it replaced the 8-inch floppy disks in a computer to receive nuclear launch orders from the President with a “highly-secure solid state digital storage solution”. The system has been operating since 1968 running on an IBM Series/1 mainframe, using 8-inch floppy disks as storage support.
Read more »

10. Hackers breach Avast antivirus network through insecure VPN profile

Hackers accessed the internal network of cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started on May 14. Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account.
Read more »

Posted: October 28, 2019
Sam Fay
View Profile