Tracking President Trump with cellphone location data, Greta-Thunberg-themed malware, SharePoint patch, and more

Including: Nasty Mac malware and gas-pump infections


Roundup Here's a catch-up of security news beyond everything else we've covered.

Nearly 300 million Facebook profiles scraped, dumped online

Once again a huge number of Facebook users have had their details lifted from their profiles, a fact that came to light when security researchers were scanning for open databases online.

Germany-based researcher Bob Diachenko and UK security shop Comparitech found an Elasticsearch cluster online containing the unique Facebook IDs, phone numbers, full names, and other metadata of 267,140,436 users of the antisocial, predominantly in America.

The database has now been taken down, though Diachenko noted that the information was advertised on hacker forums. He suspects it was collected by Vietnamese operators. Facebook data isn't very valuable in and of itself, usually about $3 per account, but Diachenko noted that this kind of material is red meat for phishers and SMS scammers.

Waaa-waaa Wawa

If you've brought groceries from the US chain Wawa in the past nine months you might want to check your bank statements: the biz has admitted card-sniffing malware has been on its payment systems since early March.

Discovered on December 10, the software nasty fed credit and debit card numbers, expiration dates, and cardholder names on payment cards, from in-store checkouts and gas pumps to crooks. The store's ATMs were unaffected, it seems.

"I apologize deeply to all of you, our friends and neighbors, for this incident," said CEO Chris Gheysens this week. "You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa. We take this special relationship with you and the protection of your information very seriously."

Those affected by the infection will get the now-traditional one year of credit monitoring from Equifax (so long as you're a US citizen with a social security number) and won't be liable for false charges on their cards.

Tracking President Trump

The scale of the cellphone-location data market was on show this week when the New York Times obtained a three-year-old database of 50 billion phone location pings for more than 12 million Americans.

The journalists analyzing the data found one phone that appeared to belong to a Secret Service agent on President Trump's team, and showed the course of the agent's progress during a trip to the commander-in-chief's Mar-a-Lago resort, then to a golf course where Trump was playing golf with the Japanese prime minister.

The NYT team were able to track other phones into Congress, the Pentagon, and many other sensitive areas. By following where the phones spent the night, they could also get a good idea of a target's home address and when they were out.

The case highlights the egregious way in which telcos in the US are profiting from selling off location data to almost anyone with the money. The telco-friendly FCC chairman Ajit Pai promised to look into the matter 18 months ago but so far appears to have done nothing.

“We want our people to understand,” a senior Defense Department official told the Times. “They should make no assumptions about anonymity. You are not anonymous on this planet at this point in our existence. Everyone is trackable, traceable, discoverable to some degree.”

Like Greta Thunberg? Then get infected

The Emotet malware is doing the rounds again, this time by exploiting the popularity of climate activist Greta Thunberg.

According to security shop Proofpoint a spam campaign this week was pushed out across Europe and Asia aimed at installing the banking trojan in as many computers as it could find. The malware is contained in a faux Word document and the emails are typically headed with the subject "Support Greta".

Interestingly the campaign is heavily focused on .edu domains used by educational institutions and their pupils. Given Thunberg's popularity with youngsters who will have to deal with adverse climate change, rather than the older generation that helped cause it, the operators know their targets well.

Mac malware surges

So much for the "Macs don't get malware" argument.

MalwareBytes says it saw a significant bump in detections of macOS malware this year. In total, the antivirus maker says Mac infections accounted for 16 per cent of all malware it detected this year.

"Perhaps 16 percent doesn’t sound impressive, but when you consider the number of devices on which these threats were detected, the results become extremely interesting," notes MalwareBytes.

"Although the total number of Mac threats is smaller than the total number of PC threats, so is the total number of Macs. Considering that our Mac user base is about 1/12 the size of our Windows user base, that 16 percent figure becomes more significant."

Microsoft patches SharePoint bug

SharePoint admins will want to be sure they test out and install this out-of-band patch from Microsoft before clocking out for the holidays.

Redmond has cleaned up CVE-2019-1491, an information disclosure flaw in SharePoint Server that would potentially allow an attacker to read arbitrary files. While it's not a massive security risk, the bug is significant enough that it could not wait to January's Patch Tuesday.

Trustwave posts instructions for DIY Magecart scans

In case you find yourself doing some last-minute Christmas shopping and want to be sure you're not stumbling onto websites with card-swiping Magecart code, the team at Trustwave has posted these instructions for checking sites against possible infections.

It's not the most practical, though the process could allow you to spot a malicious script before it swipes your bank card details.

Visa security team dissects gas pump malware

It turns out card skimmers aren't the only game in town when it comes to compromising gas pumps.

Visa has issued a security alert on three different gas pump malware infections. Unlike the physical skimmers that are affixed over the card readers and keypads, these attacks are entirely software-based and are installed over networks, like traditional point-of-sale malware infections.

The report notes a number of security mishaps that allowed hackers to exploit systems, including defective chip readers, disabled encryption, and embedded systems that don't comply with PCI standards. ®


Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022