Cybersecurity Weekly: Walgreens leaked PII, ultrasonic Siri hack, Clearview data breach

March 2, 2020 by Sam Fay

Walgreens accidentally leaked sensitive user data. Hackers can use ultrasonic waves to secretly control voice assistants. The AI firm Clearview lost billions of photos of users in a recent hack. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Walgreens accidentally leaked sensitive user data

Walgreens disclosed that some of its mobile apps’ users have been able to inadvertently access other users’ sensitive information because of a bug. The data leak incident was caused by the unauthorized disclosure of secure messages within the app. The bug persisted for only one week before being fixed by a January 15 security patch.
Read more »

2. Hackers can use ultrasonic waves to secretly control voice assistant devices

Researchers discovered a new method to target voice-controlled devices by transmitting ultrasonic waves through solid materials. It’s possible for an attacker to interact with the devices using the voice assistants, hijack SMS two-factor authentication codes and place fraudulent calls, all without the victim’s knowledge.
Read more »

3. Clearview AI firm hacked, lost billions of photos of users

Hackers recently hijacked Clearview’s entire client list, which includes police forces, law enforcement authorities and financial institutions. So far, the company collected nearly three billion photographs of users from numerous social media platforms like Facebook, Instagram, Twitter and YouTube.
Read more »

4. Shark Tank star Corcoran loses $388,000 in email scam

Barbara Corcoran lost nearly $400,000 in a classic email fraud scam after a fraudster persuaded her bookkeeper to wire funds to a new bank account. The attacker reportedly spoofed the email address of Corcoran’s assistant, telling the bookkeeper to wire the funds to a German company called FFH Concept.
Read more »

5. RailWorks discloses a data breach after a ransomware attack

The security breach may have exposed personally identifiable information for current and former employees, their beneficiaries and dependents, as well as contractors. The company is taking precautionary measures to protect the financial security of impacted individuals by providing them with access to free credit monitoring.
Read more »

6. New high-risk vulnerability affects servers running Apache Tomcat

All versions of Apache Tomcat are vulnerable to a new high-severity file read and inclusion bug, which is exploitable in the default configuration. The flaw could let unauthenticated, remote attackers read the content of any file on a vulnerable web server and obtain sensitive configuration files or source code.
Read more »

7. Research shows hackers can peep through this smart vacuum’s camera

Cybersecurity researchers found several high-severity flaws in the Trifio Ironpie smart vacuum that open the device to remote attacks. Those include a denial of service attack that bricks the vacuum and a hack that allows attackers to peer into private homes via the vacuum’s embedded camera.
Read more »

8. Nemty ransomware malspam campaign

Security experts uncovered an ongoing campaign delivering Nemty ransomware via emails disguised as messages from secret lovers. Like other strains of ransomware, Nemty operators announced that they will set up a website to leak the data stolen for victims who refused to pay the ransom.
Read more »

9. Android malware stealing Google Authenticator 2FA codes

A new version of an Android Trojan can extract and steal codes generated by Google. This banking trojan is made to steal one-time codes that have been generated using Google Authenticator app, and pass through the 2FA-protected accounts. Researchers say this trojan is very advanced and is actively targeting mobile banking apps.
Read more »

10. Flaw in billions of Wi-Fi devices left communications open to eavesdropping

Billions of devices are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air. The affected devices include Apple phones and laptops, Android devices, and some Wi-Fi routers. Manufacturers have made patches available for most or all of the affected devices, but it’s not clear how many devices have installed the patches.
Read more »

Posted: March 2, 2020
Sam Fay
View Profile