[Cybersecurity News] 1 Jul - 8 Jul

July Patches for Android Devices Have Been Released
Of the 33 vulnerabilities patched this month, 9 of these are considered critical and 3 could be used for remote code execution (RCE) on a device. Remember, laptops and workstations aren’t the only things that need to be patched. Mobile devices and tablets also have patches that should be applied on a monthly, or as needed basis, depending on the operating system.

7-Eleven Payment App Used to Steal ~$500,000 USD
Attackers used weak password reset functionality to steal over half a million USD (JPY55 million) from individuals. The password reset for 7-Pay required only an individual’s mobile number and birthdate, as well as a valid email address, to reset a password. The email address did not have to be one already tied to the account, allowing criminals to send the reset to their own address. Furthermore, if a birthdate had not been entered, a default value of 1/1/2019 was used. Once the password was reset, attackers had access to bank account information stored via the app.
While it is important to make account self-recovery as easy as possible, it is also important to make sure that only the correct individual can recover an account, and consider how recovery can be used by criminals.

Hacker Lexicon: What Is Credential Dumping?
Not really news, but a good article explaining credential dumping. Several of the methods mentioned in this article (reading memory and SAM database) are mitigated by the removal of local administrator rights. This also highlights the importance of a strong password, should the hashed password representations be stolen. While two-factor authentication does help protect a large number of important systems, there are numerous others that cannot or do not have the ability to be protected by two-factor.

Georgia Court System Hit by Ransomware
Georgia court systems took multiple environments offline on Monday following a ransomware attack. While not all of their systems were affected, many were “taken offline to prevent the ransomware from spreading.”. Overall, it sounds like only a small number of systems were impacted. There is no word yet on whether the Administrative Office of the Courts had proper backups in place, and will be able to restore from these.

Iran-government Backed Campaign Targets 2017 Outlook Flaw
US Cyber Command has issued a warning that Iran backed attackers are targeting Outlook using CVE-2017-11774.

Five-year Old Facebook Malware Campaign Shut Down
While the malware highlighted here primarily seems to target Libya, or those that are looking for Libyan news, I wanted to point this out for several reasons. This campaign serves as an example of how long lived some malware campaigns can be, and that it isn’t always enough to look at how long a person, app, or software has been around (or how popular it is) to determine its trustworthiness. It is also a great example of how attackers don’t have to be high-tech or use the latest exploits to trick people into running malware. In this case, there was nothing advanced or impressive about the campaign.

Miami Police Body Cam Videos up for Sale on the Darkweb
Body camera footage from several police departments (Miami being only one among them) was found being sold on the “darkweb”. “[Jason Tate, CEO of Black Alchemy Solutions Group] said that the data is coming from five different cloud service providers. Besides Miami Police, there’s video leaking from city police departments “all over the US”, he said.” This could have far reaching privacy implications for any individuals who had a run in, even an incidental one, with law-enforcement. Just like any other kind of data, there are many positive aspects to body-camera footage being collected, however, there is also the possibility that this data could fall into the wrong hands.

Other “Stories of the Week”