Cybersecurity Weekly: SSL malware campaign, Intel vulnerability, PwnedLocker decrypted

March 9, 2020 by Sam Fay

A new malware campaign employs fake security certificate updates. An unfixable vulnerability in Intel chipsets allows hackers to obtain protected data. Decryption is now available for PwnedLocker ransomware. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Malware campaign employs fake security certificate updates

Scammers are using a new phishing technique to trick victims into installing a security certificate update that delivers malware. Visitors to infected websites are asked to install a software update because the security certificate expired. The first infections employed in these attacks date back to January 16 of this year.
Read more »

2. Vulnerability in Intel chipsets allows hackers to obtain protected data

Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection systems. According to security researchers, this is an unfixable vulnerability that affects the CSME boot ROM on most intel processors, except for Ice Point chips.
Read more »

3. U.S. property and demographic database exposes 200 million records

200 million records containing a wide range of property-related information on U.S. residents were left exposed on a public database. The database, which was hosted on Google Cloud, was first indexed by search engines on January 26 and discovered a day later by cybersecurity researchers.
Read more »

4. Virgin Media data breach exposes info of 900,000 customers

Virgin Media announced that the personal information of 900,000 of its customers was accessed without permission on at least one occasion due to a misconfigured and unsecured marketing database. The database did not include any passwords or financial details, but did contain limited contact information, such as names and email addresses.
Read more »

5. Decryption now available for PwndLocker ransomware

Security researchers discovered a way to decrypt files encrypted by the new PwndLocker ransomware so victims can recover their files without paying any ransom. PwndLocker demanded ransoms ranging from $175,000 to over $660,000, depending on the size of the victim’s network.
Read more »

6. T-Mobile data breach exposes customer’s personal, financial info

T-Mobile announced a data breach caused by a compromised email vendor that exposed the personal and financial information of some of its customers. Some of the hacked accounts contained T-Mobile customer information, such as Social Security numbers, financial information, government ID numbers, billing information and rate plans.
Read more »

7. Carnival cruise line operator discloses potential data breach

According to Carnival’s recent data breach report, an unauthorized third party gained access to some employee email accounts that contained personal information regarding their guests. Depending on the guest, hackers might have accessed customers’ names, addresses, Social Security numbers and financial information.
Read more »

8. Let’s Encrypt revoking 3 million incorrectly issued TLS certificates

Let’s Encrypt removed three million TLS certifications that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug opened up a scenario where a certificate could be issued even without adequately validating the holder’s control of a domain name.
Read more »

9. FCC proposes to fine wireless carriers $200 million for selling customer location data

Last week, the U.S. FCC proposed $200 million fines against the four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. The commission’s fine is in response to a private company selling location data to law enforcement back in May 2018.
Read more »

10. Cathay Pacific Airways fined over long-running breach

Last week, the U.K. fined Cathay Pacific Airways $646,000 following a long-running breach that occurred between October 2014 and May 2018. One of the attackers entered the network via an internet-facing server, moved laterally, installed malware and harvested credentials. The breach affected 9.4 million customers worldwide.
Read more »

Posted: March 9, 2020
Sam Fay
View Profile