New Malware Campaign Targets Job Seekers*:
- Scammers tend to be skilled at finding the most vulnerable individuals and turning them into victims.
- Case in point: Researchers at Proofpoint have been tracking campaigns that prey on those looking for work.
- The payoff is not a job: It's a copy of the More_eggs backdoor.
- The criminal (or criminals) conducting these campaigns seems patient and persistent.
- The person targets the potential victim through LinkedIn direct messaging, builds rapport, and then begins follow-up through fake websites stuffed with malicious links, email with malware payloads, or both.
- LinkedIn profiles provide the threat actor with the information required to craft spear-phishing messages.
- The malicious payloads are not unique to the campaign: More_eggs is a JScript downloader, while VenomKit and Taurus Builder are malware builders that have been made available for purchase by their developers.
- There are overlaps between these campaigns and a campaign launched against anti-money laundering officers at various financial institutions.
- In this case, More_eggs seems likely to lead to more_grief for its victims.
*Source: Dark Reading, February 22, 2019
*Source: Analytics Insight, February 18, 2019
Embattled LandMark White Shares Drop 10.6 pc after Data Breach*:
- Shares in LandMark White have plummeted 10.6 per cent to a four-year low after the valuer resumed trading following a massive data breach, which resulted in details of about 100,000 home loan customers being leaked.
- A number of its customers, including the major banks, suspended the company following the breach.
- The company said it was in discussions to get the suspensions lifted after saying it had contained the breach and there was ''no evidence that the data has been misused''.
- However, the banks had not changed their position at the time of writing.
- The NSW government body Property NSW has confirmed the group has contracts with it, but at this stage has taken no action.
- In a statement to the ASX on Monday, LandMark White said the data breach included property valuations and customers' personal information including first and last name, residential and/or business address, email address and telephone number.
- The breach also included "commentary about the property, relevant to its overall valuation,'' the company said.
- LandMark White shares fell to 38¢ on light trade as the register is tightly held by staff but the drop was fuelled by a comment from the company saying it was "assessing the costs of the incident and the subsequent reduction in revenue''.
- The largest shareholder is LandMark White, which is predominantly staff shares held in escrow, followed by Mircoequities Asset Management, which declined to comment when contacted by the Sydney Morning Herald.
- Individual shareholders include Tony Gandel, son of billionaire property developer John Gandel, the Coad and Pratt Super fund, founded by Anthony Pratt, son of the billionaire businessman Richard Pratt, and the Queensland-based Raptis Property group.
- In January the company slashed its earnings forecast for the first half by 25 per cent and the data breach could result in another downgrade.
- LandMark White receives information from the banks and government departments to help assess mortgage applications.
- On a website set up by investors regarding the breach, LandMark White chairman Keith Perrett said on January, 23 2019, the group closed off a security vulnerability which it had identified in one of its valuation platforms.
*Source: Sydney Morning Herald, February 18, 2019
Tax Returns Exposed In TurboTax Credential Surfing Attacks*:
- Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.
- A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to accounts at other sites.
- This type of attack works particularly well against users who use the same password at every site.
- Intuit states that the breach was discovered during a security review of its systems in the TurboTax data breach notification which was filed with the Office of the Vermont Attorney General.
- Following the discovery of the security breach, Intuit decided to temporarily disable the TurboTax accounts which were breached in the credential stuffing attack.
- TurboTax users who had their accounts temporarily deactivated have to contact Intuit using the company's Customer Care department at 1-800-944-8596 and say "Security" when prompted, after which Intuit employees will walk them through an identity verification procedure designed to help them reactivate their accounts.
- The company also provides one year of free identity protection, credit monitoring, and Experian IdentityWorks identity restoration services to customers impacted by the data breach to further protect their TurboTax accounts.
- Intuit's TurboTax was previously breached and customer tax return information was leaked after two other credential stuffing attacks on 02/01/2014 and 02/27/2015 according to a data breach notice filed with the Office of the California Attorney General on 04/06/2015.
- BleepingComputer has reached out to Intuit for further information on the breach dates and the number of accounts impacted in the event but had not heard back at the time of this publication.
*Source: Bleeping Computer, February 22, 2019
New Legislation Builds On California Data Breach Law*:
- California Attorney General Xavier Becerra and Assembly member Marc Levine this week unveiled legislation to close a loophole in the state's existing data breach notification laws.
- AB 1130, introduced by Levine, requires breached organizations to notify consumers if their passport number or biometric data is exposed.
- Becerra said this bill "closes a gap in California law and ensures that our state remains the nation's leader in data privacy and protection."
- California became the first state to pass a data breach notification law in 2003, when it mandated companies inform consumers when they believe an unauthorized party has accessed their information.
- At the time, this personal data was limited to Social Security numbers, driver's license numbers, credit card numbers, and medical and health insurance data.
- Legislation introduced this week will update the law to include passport numbers and biometric data, such as a fingerprint or retina/iris scan, as information protected under the statute.
- The addition was prompted by the 2018 breach of Starwood Hotels' guest database.
- Marriott, which had acquired the company, revealed the incident had exposed more than 327 million records containing travelers' names, addresses, and more than 25 million passport numbers.
- California officials note how passport numbers are unique, government-issued, static identifiers, making them especially appealing to cybercriminals. Indeed, passport scans are hot on the Dark Web.
*Source: Dark Reading, February 22, 2019