At a glance.
- Exposed MongoDB reveals millions of online shoppers' data.
- Volusian card data skimmed in 2019 for sale on the dark web.
- Cookie-stealing Android Trojan compromises user privacy.
- Reporters Without Borders publishes its list of "digital predators."
Another misconfigured online database exposes millions of e-commerce shoppers' data.
Researchers at Comparitech report finding a MongoDB database exposed on an unsecured AWS server. Most of the records--some eight-million of them--belong to people in the UK. The data include customer names, shipping and email addresses, phone numbers, items purchased, payments, transaction records, links to invoices, and partial, redacted credit card numbers. The affected platforms were Amazon UK, eBay, Shopify, PayPal, and Stripe, but none of these were responsible for the exposure. Instead, as Naked Security reports, the unnamed company that left the data exposed was "a third party conducting cross-border value-added tax (VAT) analysis."
Card data from the Volusian Magecart incident are up for sale on the dark web.
In late 2019 the e-commerce platform Volusian was hit with a Magecart card-skimming incident, and ZDNet says that data taken from the site have turned up on the dark web. Trend Micro at the time attributed the theft to the FIN6 gang, which is also believed responsible for other Magecart capers. Gemini Advisory has tracked the stolen card numbers and arrived at an estimate of the effects of the theft: "As of this writing, fraudsters have generated $1.6 million USD in revenue from these stolen payment cards. The average CNP breach affecting small to mid-sized merchants compromises 3,000 records; scaling this figure to the 6,589 merchants using Volusion affected by this breach, the potential number of compromised records is up to nearly 20 million. Given this figure, the maximum profit potential would be as high as $133.89 million USD."
Cookiethief enables cybercrime (especially impersonation and identity theft).
Researchers at Kaspersky report finding a new Android Trojan, "Cookiethief." As the name implies, the malware's "main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server." This is useful for impersonation and other forms of fraud, and Kaspersky's report stresses that there's no Facebook or browser vulnerability the malware is exploiting. Another use case, as the report indicates, is suggested by Cookiethief's command-and-control server also containing an offer of criminal spamming services. The number of victims is still relatively low--under a thousand--but Kaspersky expects it to grow. Tech Republic passes on two recommendations for staying safe, or at least safer: only download apps from trusted, authorized stores, and enable Private Browsing on your device. Neither countermeasure is foolproof.
"Digital predators," in four varieties.
Reporters Without Borders has published its selection of bad cyber actors, “digital predators,” it calls them. These range from companies to gangs, to government agencies, to intelligence services, to semi-official political units. Infosecurity Magazine notes the announcement was made in conjunction with yesterday's World Day Against Cyber-Censorship. Reporters Without Borders divides the bad action into four categories: harassment, state censorship, disinformation, and spying or surveillance.
Some of the actors are state intelligence services and their contractors (these are Russian, Iranian, Algerian, Venezuelan, Saudi, Egyptian, and Chinese agencies). Others are political groups, often affiliated with current incumbents. And some represent organized criminal groups, like the Mexican drug cartels.
The companies mentioned in dispatches tend to be either lawful intercept vendors or exploit brokers whose wares Reporters Without Borders say have found their way into the hands of repressive regimes. The offenses alleged against them fall into the fourth category, spying or surveillance. A number of journalists, particularly in Southwest and South Asia, have complained of being afflicted by spyware the vendors provided.