Spying through Push Notifications

Read Time:1 Minute, 8 Second

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands.

Sen. Wyden is trying to get to the bottom of this:

In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.

“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”

Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”

The Department of Justice did not return messages seeking comment on the push notification surveillance or whether it had prevented Apple of Google from talking about it.

Wyden’s letter cited a “tip” as the source of the information about the surveillance. His staff did not elaborate on the tip, but a source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.

Read More

curl-8.0.1-6.fc38

Read Time:10 Second

FEDORA-2023-2121eca964

Packages in this update:

curl-8.0.1-6.fc38

Update description:

fix HSTS long file name clears contents (CVE-2023-46219)
fix cookie mixed case PSL bypass (CVE-2023-46218)

Read More

USN-6522-2: FreeRDP vulnerabilities

Read Time:32 Second

USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides
the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:

It was discovered that FreeRDP incorrectly handled drive redirection. If a
user were tricked into connection to a malicious server, a remote attacker
could use this issue to cause FreeRDP to crash, resulting in a denial of
service, or possibly obtain sensitive information. (CVE-2022-41877)

It was discovered that FreeRDP incorrectly handled certain surface updates.
A remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2023-39352, CVE-2023-39356)

Read More

Las Vegas casinos targeted by ransomware attacks

Read Time:5 Minute, 13 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Introduction:

Ever since the invention of internet browsers for personal computers came about in the 1990s, cybercrime has been on the rise. Almost 30 years after the invention of the Worldwide Web, cybercriminals have a variety of different methodologies and toolkits that they use on a daily basis to leverage vulnerabilities and commit crime. One of the most popular types of attacks that is used by threat actors is a ransomware attack. Most recently, several Las Vegas Casinos fell victim to a series of ransomware attacks.

Las Vegas hacks:

In mid-September 2023, two of the biggest Las Vegas casino and hotel chains found themselves to be victims of ransomware attacks. The two organizations that were targeted were Caesars Entertainment and MGM Resorts International.

MGM Resorts International:

The attack against MGM was first reported on September 11, 2023, when MGM personnel put out a public statement stating that a “cyber security incident” had affected some of its systems. On the days following this statement many guests reported numerous problems with the casino and the hotel operations of the company. On the casino side, many guests reported problems with slot machines and payout receipts. The slot machines in some of the MGM casinos were completely inoperable and, in the casinos, where they were operational, the machines were not able to print out the cash-out vouchers. On the hotel side, many of the organization’s websites were inaccessible for a while after the attack. Guests across multiple MGM hotels reported issues with their mobile room keys not functioning, and new arrivals reported wait times of up to six hours to check in.

A hacking group known as Scattered Spider has taken credit for the ransomware attack against MGM Resorts International. Scattered Spider first appeared in the cyber threat landscape in May 2022 and is thought to be individuals ages 19-22 and based out of the UK and USA. The attackers carried this attack out in three phases. The first phase was reconnaissance, in which they stalked the company’s LinkedIn Page and the employees that work there. The second phase of the attack was a vishing attack against MGM’s IT help desk. A vishing attack is when someone uses phone calls or voice communication to trick the victim into sharing personal information, credit card numbers, or credentials. Using the information  they gathered on LinkedIn; the attackers were able to impersonate an MGM employee and tricked the help desk into giving them credentials into MGM systems. The attack’s third phase was launching ransomware developed by another hacker group, ALPHAV.

Scattered Spider rendered multiple systems throughout the organization useless unless the ransom is paid. Currently it is not known if MGM paid the ransom, but all casinos are once again fully operational.

Caesars Entertainment:

Days after MGM reported it had been hacked, Caesars Entertainment group disclosed to the SEC that they were also victims of a cyberattack around the same time as MGM. In a statement to the SEC, Caesar’s reported that confidential information about members of its customer loyalty program was stolen. Caesar’s representatives stated that the hackers were able to break into computer systems through a social engineering attack on an IT support contractor.

Not much information is available about the execution of this attack. The use of a social engineering attack has led many people to believe that Scattered Spider was also behind this attack. The hackers demanded that Caesar’s pay a ransom of $30 million. It is reported that the organization paid $15million to the hackers and the company has “taken steps to ensure the stolen information is deleted by the hacker but cannot guarantee this result”.

What can be learned from these attacks?

Almost 98% of cyberattacks worldwide rely on some form of social engineering to act as a gateway to launch a much more sophisticated attack. In the cases of MGM and Caesars, both organizations were infiltrated by social engineering and allowed attackers to gain initial access to the systems. Social engineering targets the weakest link of all cybersecurity operations and that is humans.

This is why it is ever so important to have proper training to help reduce the chances of your organization becoming a victim of one of these attacks. Many organizations spend thousands of dollars every year to have employees take part in phishing training. However, training for phishing alone is not enough. As we have seen in these two attacks, there are other forms of social engineering attacks such as vishing, smishing, whaling, and watering hole attacks just to name a few. It would be more beneficial to organizations to focus on a more holistic set of social engineering training rather than to just focus on phishing.

Conclusion:

The attacks against MGM and Caesars began with simple social engineering tactics where employees of the victim organization were tricked into giving information to the hackers. Although the hacking group known as Scattered Spider is new, being formed in 2022, it has already begun to make headlines. It will be interesting to see how this group evolves over the next couple of years. The attacks against two of the biggest casino and hotel chains in America should serve as warning that even the biggest are susceptible to cyberattacks. More importantly, these ransomware attacks show the importance of proper social engineering training to keep organizations better protected from threats.

About Perimeterwatch

PerimeterWatch gives you total control and management over your data. The rate of change on the internet, mobile, distributed processing, and other technologies is- simply staggering. Failing to keep up can doom even a well-established organization, but bringing in these new capabilities without fully effective security procedures and systems can be equally disastrous.

What PerimeterWatch offers is a truly secure IT infrastructure. Whether that means a completely managed IT and security function or co-managing with your in-house people, we provide the security intelligence, the technical expertise, and the implementation experience necessary to make sure your solutions solve your business problems – without simply creating new ones. www.perimeterwatch.com:

Read More

Smashing Security podcast #351: Nuclear cybersecurity, Marketplace scams, and face up to porn

Read Time:18 Second

Hacking fears are raised at Western Europe’s most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.

Read More