At a glance.
- Kwampirs information-stealer is out, again.
- Marriott data breach affects up to 5.2 million guests.
- Zoom's privacy and security policies receive scrutiny.
- Houseparty isn't malicious (and Houseparty would like to know who started the rumor).
- Australian database of asylum-seekers leaked.
- User database of a Telegram unofficial fork exposed online.
Kwampirs is in the supply chain, and stealing information from enterprises.
The US FBI warned yesterday that the advanced persistent threat group behind the Kwampirs malware has been using the remote access Trojan to establish itself in a wide range of enterprises. The Bureau says the healthcare sector is particularly at risk. Kwampirs gains access to its targets via their supply chains. While it appears to be an information collector and not functioning as a wiper, the FBI notes that "several code-based similarities exist with the data destruction malware Disttrack (commonly known as Shamoon)." ZDNet observes that this is the third supply-chain warning the FBI has issued in as many months. The supply chains affected include hardware supply chains.
Marriott discloses data breach.
Marriott International today disclosed that it has sustained a data breach affecting as many as 5.2 million guests. No paycard, passport, or other identification document data were taken, but the hospitality company says that the following information was compromised:
- "Contact Details (e.g., name, mailing address, email address, and phone number)
- "Loyalty Account Information (e.g., account number and points balance, but not passwords)
- "Additional Personal Details (e.g., company, gender, and birthday day and month)
- "Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
- "Preferences (e.g., stay/room preferences and language preference)"
The company's investigation has persuaded it that "login credentials of two employees at a franchise property" were used to access the data. The improper access is thought to have begun in January, and was discovered at the end of February. Guests whose information was compromised were notified by email earlier today.
Zoom's privacy and security policies.
The Intercept reports that the Zoom teleconferencing platform does not, as had been widely believed, in fact use end-to-end encryption, strictly speaking. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users' traffic.
The FBI's Boston Field Office has issued a detailed warning about the ways in which criminals have been able to meddle with Zoom sessions. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California's Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act.
The New York Times writes that all of this news has prompted New York State's Attorney General to ask Zoom for an explanation of its privacy and security policies.
False alarm: there's no serious reason to think Houseparty malicious.
Houseparty's online hangout has also seen usage spike during the current period of enforced isolation and social distancing. Panicky users, mostly in the UK, have been telling one another that the service is unsafe, a threat to privacy and sensitive information. According to Naked Security it's a false meme: the only thing the claims lack are evidence. Houseparty itself immediately and consistently denied that anything was going on. “All Houseparty accounts are safe - the service is secure, has never been compromised, and doesn’t collect passwords for other sites,” the service tweeted.
Houseparty suspects it's the victim of paid commercial conspiracy to do it reputational damage.The company tweeted, “We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1,000,000 bounty for the first individual to provide proof of such a campaign to bounty@houseparty.com.”
Database of asylum-seekers exposed online.
The Australian Broadcasting Corporation reports that a data leak from the country’s Federal Courts exposed the names and related information of at least four-hundred refugees seeking protective asylum. The leak, not the first to come from the Federal Courts, is troublesome because of the way in which governments from which the refugees wish to flee could use the data to identify members of disfavored groups.
"Telegram" (as opposed to Telegram) user data exposed in Iran.
Comparitech reports finding a database that contains usernames and phone numbers for a third-party unofficial fork of the Telegram messaging app. The users whose data were exposed are in Iran, where Telegram is banned.