At a glance.
- What was the T-Mobile hacker thinking?
- EU cautions against using browser histories in credit assessments.
- IoT security camera bug.
- EskyFun data exposure.
- FBI describes Hive ransomware.
Alleged T-Mobile attacker reveals himself.
A hacker is claiming responsibility for the massive recent T-Mobile data breach, and his review of the cell phone provider’s security systems is less than favorable. John Binns, an American man living in Turkey, told the Wall Street Journal that he used a simple, publicly available tool to penetrate T-Mobile’s “awful” defenses. He scanned T-Mobile’s websites for vulnerabilities then sussed out an unprotected T-Mobile router where he found credentials that granted him access to one hundred of the company’s servers. Binns has not disclosed whether he was paid to carry out the hack or whether he successfully sold the data, but he claims his motivation was not monetary. He says his goal was to “make noise” in order to draw attention to his purported mistreatment by the US government, including an alleged kidnapping that landed him in a “fake” mental institution.
EDPS advises against using internet histories for credit assessment.
The European Data Protection Supervisor (EDPS) has declared that an individual’s personal internet history data should not be used in assessing credit scores, The Record by Recorded Future reports. “[T]he EDPS considers that inferring consumers’ credit risk from data such as search query data or online browsing activities cannot be reconciled with the principles of purpose limitation, fairness and transparency, as well as relevance, adequacy or proportionality of data processing,” the agency asserts. The EDPS also advised against using health data or any other special category of personal data under Article 9 of the General Data Protection Regulation, as it could lead to unfair treatment of consumers. The advisory was in response to a blog post published by the International Monetary Fund last year that claimed examining this sort of data could lead to more accurate credit assessments.
Bug detected in IoT security cameras.
Nozomi Networks Labs has disclosed the discovery of a critical Remote Code Execution vulnerability in the web service of the Annke N48PBB network video recorder (NVR) that would allow an intruder to access or delete footage, reconfigure alarms, or even shutdown the system completely. NVRs are prime targets for bad actors seeking to gain access to company surveillance systems. Once notified of the issue, Annke promptly released a firmware patch.
Data leak makes player data fair game.
vpnMentor details the data breach at EskyFun, a China-based developer of Android role-playing and fantasy games. An unsecured server was discovered containing over 360 million records of sensitive user data including IP addresses, IMEI numbers, device models, and event logs. The impact of the leak was heightened by EskyFun’s seemingly unnecessary tracking of player actions as well as extremely broad permissions settings, and in the wrong hands, the data could be used to hijack gamer accounts, conduct brute force attacks, or even fuel corporate espionage against the developer.
We heard from Niamh Muldoon, Senior Director of Trust and Security at OneLogin, who sees such incidents as, at base, a cultural phenomenon:
“Enterprises need to focus on their security culture, setting the tone from the top of the organization. Build high-performing teams which include the security voice and input at the design and architecture stages. Organizations should measure, monitor and reward teams for implementing security requirements throughout their project development lifecycles, and recognize those who have security-conscious mindsets.”
FBI warns of Hive ransomware attacks.
The US Federal Bureau of Investigation has issued a warning detailing the risks of Hive ransomware attacks, Bleeping Computer reports. The advisory highlights why Hive attack techniques, which include termination of backup processes, deletion of shadow copies, and deployment of a hive.bat script that removes itself after deleting the Hive malware executable, make them extremely difficult to detect and defend against. Only first observed in late June, Hive has executed attacks against over thirty organizations this summer alone.