At a glance.
- Social Bluebook sustains a breach of influencer data.
- Ryuk attacks hospitals.
- Privacy concerns raised about Zoom teleconferencing platform.
- USB attacks spoof a Best Buy offer.
- Lawyers warn teleworkers to turn off home voice assistants.
Influencer data compromised.
TechCrunch reports that Social Bluebook, a Los Angeles-based platform that matches advertisers with influencers, has suffered a data breach compromising 217,000 user accounts. The database the hackers took included "influencer names, email addresses, and passwords hashed." TechCrunch confirmed, with several of the influencers, that the data were in fact theirs. Social Bluebook is notifying the victims. Influencers have become attractive targets of social media account hijacking.
Ryuk still targeting hospitals.
BleepingComputer says that Ryuk ransomware has continued to hit hospitals and other healthcare providers. Ryuk wasn't one of the two ransomware gangs who responded positively to BleepingComputer's humanitarian appeals last week—they didn't respond at all—and Sentinel One and Sophos have both observed Ryuk in action against medical targets.
Digital Shadows and others who’ve kept an eye on some of the sketchier online meeting places for hoods do note some vague, feebly well-intentioned muttering about taking care not to harm the vulnerable, and so on, but a post on Torum shows a representative slip of the mask. This particular skid wrote, “How can we, on- and off-line, take advantage of the coronavirus and make some real money?”
Since ransomware operators now routinely steal sensitive data before encrypting it, the better to pressure the victims into paying, any ransomware attack should now be regarded as data theft.
Zoom data sharing with Facebook raises privacy concerns.
Vice warns that Zoom’s iOS app shares analytical data with Facebook, whether or not the user has a Facebook account. Privacy Matters says there’s nothing in Zoom’s privacy policies to indicate that this is happening. Vice summarizes the data collection as follows: “The Zoom app notifies Facebook when the user opens the app, details on the user's device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user's device which companies can use to target a user with advertisements.” It goes on to add that this is similar to data the Electronic Frontier Foundation determined the Ring smart doorbell and home security system was sending Facebook’s way.
Zoom has swiftly grown in popularity as an easy-to-use and affordable teleconferencing product, and it's been widely adopted during the current pandemic emergency, with organizations choosing to move to telework wherever possible. The service has, however, been reported as being susceptible to eavesdropping, and according to the Telegraph, British security services are recommending that people who need to discuss sensitive matters use tools with more advanced security.
USB attack installs a snooper in the victim's device.
Trustwave reports an unusual USB attack: the victims receive a letter purporting to be from Best Buy thanking them for being a long-time customer and offering them, as a reward, a $50 gift card. It can be spent on any of the items listed in the conveniently enclosed USB thumb drive. In fact the drive contains a keyboard emulator ready to install a reconnaissance payload that collects information about the infected device and reports it back to a command-and-control server.
Voice assistants as potential informers.
With so many people working from home, some attorneys are recommending that telecommuters turn off those voice assistants they've grown so accustomed to. For more privacy in the home and the workplace, give Alexa a rest. ZDNet summarizes the counselors animadversions, adding in fairness that Amazon Echo and Google Home are less likely to turn stool pigeon than some cheap knockoff, but better safe than sorry.