Malicious document builder LCG Kit a key component in recent phishing campaigns

Researchers at Proofpoint have uncovered a sophisticated tool commonly used by malicious actors to build weaponized…

Online retailers should be on high alert for attacks carried out by a Magecart-style credit card sniffing tool similar to the one used to carry out the British Airways and Ticketmaster hacks.

Armor researchers are warning retailers after spotting the tool for sale in a Russian forum on the dark web for $1,300, according to a report by Armor Threat Intelligence.  

Russian ad for the Margecart-style tool.

The tool is advertised to contain two components: a standard universal payment card sniffer and a control panel. The tool’s control panel is capable of generating a custom credit card sniffer in a JavaScript file that will work on any e-commerce site that employs Magento, OpenCart or OsCommerce payment forms.

In addition, researchers noted it used Secure Socket Layer (SSL) protocol to encrypt the outbound payment card data being collected, which makes it harder for security teams to see the data being exfiltrated from the e-commerce site.

Armor’s Threat Resistance Unit senior security researcher Corey Milligan believes the tool represents the first step in the commoditization of the Magecart-style attack that will create a new line of revenue for the original Magecart threat groups while also saturating the threat landscape with attempts by low-level threat actors.

“We expect to see a mass of “Hail Mary” attacks, with the cybercriminals  intent on hitting as many sites as possible, hoping that some of them will succeed and be fruitful,” Milligan said. “Unfortunately, the threat actors only have to be right once, and in this case, being right once could result in a haul of credit card data that is profitable and easy to sell on the Dark Web.”

In addition, TRU team believes that the low-level threat actors will plug this tool into processes that involves the automated scanning for and the indiscriminate attacking of vulnerable e-commerce sites, even ones that don’t have the applicable payment form.  

The post Magecart-style credit card sniffer spotted for sale, online retailers beware appeared first on SC Media.

Go to Source
Author: Robert Abel

The developers of make-your-own-avatar app Boomoji reportedly neglected to password-protect two of their internet-connected databases, thus publicly exposing the personal data of roughly 5.3 million users.

The wide-open databases, from Elasticsearch, stored users’ names, genders, countries and phone types all in plain text, TechCrunch reported yesterday. Moreover, the databases also contained unique user IDs, each of which was linked to additional, highly sensitive information that the user either provided or allowed the app to access. 

For instance, some IDs were linked to tables that listed the school the user attends, geolocation data, and phone book entries. Because phone book contacts were included, that means that the information of non-users were collected and exposed as well.

“Boomoji’s data leak is an example of how one breach resulting in a number of users’ data exposure is not as straightforward as it seems,” said George Wrenn, CEO and Founder at CyberSaint Security, in emailed comments. “Exposed records compromising [millions of[ contacts who might have had perhaps no knowledge of the app is just one example of an unforeseen consequence of the data leak.” 

The databases – one in the U.S. containing information on international users and one in Hong Kong reserved primarily for Chinese users – could be easily found using the Shodan search engine.

“It does not take much effort for outsiders to find unsecured databases and access sensitive information,” said Anurag Kahol, CTO, at Bitglass in emailed comments. In fact, there are now tools designed to detect abusable misconfigurations within IT assets like Elasticsearch databases. Because of these tools, and the continued carelessness of companies when it comes to cybersecurity, abusing misconfigurations has grown in popularity as an attack vector across all industries.”

TechCrunch said Boomoji removed the databases after contacting the developers, after dubiously claiming the accounts were made for testing purposes.

Boomoji’s app store description encourages would-be users to create 3D avatars, customize them with outfits, and turn them into animated stickers.

The last few months have seen a spate of data exposures involving unprotected Elasticsearch servers, including ones affecting FitMetrix, Sky Brasil, Urban Massage and Voxox.

“Boomoji’s breach joins the likes of… companies that have exposed massive amounts of user data due to leaving Elasticsearch databases unsecure,” said Stephan Chenette, co-founder and CTO at AttackIQ. “By allowing the data of global users to be exposed, Boomoji could potentially face sanctions under several international data privacy laws, such as GDPR.”

The post Report: Boomoji app developer leaves customer data exposed on open database appeared first on SC Media.

Go to Source
Author: Bradley Barth

Google is boosting Android Key security for mobile apps with new Keystore features to improve the safety of devices running Android Pie.

The Android Keystore provides application developers with cryptographic tools designed to secure user data and Android Pie is introducing new capabilities to Keystore to enable restrictions on key use and to secure key use while protecting key material from the application or operating system, according to a Dec. 12 blog post.

Android Pie is implementing keyguard-bound keys which ties the availability of keys directly to the screen lock state while authentication binding uses a constant timeout so that the keys become unavailable as soon as the device is locked. The keys are then only made available again when the user unlocks the device.

This feature is enforced by the operating system, not the secure hardware because the secure hardware has no way to know when the screen is locked and is available to any device running Android Pie.

Google will also add secure key import to facilitate secure key use while protecting key material from the application or operating system. Keys will be encrypted in transit and remain opaque to the application and operating system, meaning they’re only available inside the secure hardware into which they are imported.

This feature will help prevent key interception when leaving the device where an application intends to share a secret key with an Android device.

The post Google Keystore feature looks to improve Android Pie security appeared first on SC Media.

Go to Source
Author: Robert Abel

SNDBOX: AI-Powered Online Automated Malware Analysis Platform

Israeli cybersecurity and malware researchers launches SNDBOX, an artificial intelligence-powered free online automated malware analysis platform…

Taylor Swift’s Facial Recognition, the Year’s Worst Passwords, and More Security News This Week

Chinese hackers targeting the Navy, charity scammers, and more security news this week.

8 Popular Android Apps Caught Up In Million-Dollar Ad Fraud Scheme

Cheetah Android Apps With More Than 2 Billion Downloads Accused of Running Massive Ad Fraud Scheme…

WordPress Appliance - Powered by TurnKey Linux