What got breached this week? Ticket portals, DNA sites, and Atlanta's police cameras

Also, Apple tightens up its certificate requirements

18 Got Tips?

Roundup This week brought new charges for Marcus Hutchins, a novel way to sneak malware into archives, and shady hotspots for World Cup fans.

There was also plenty of other security bits that didn't quite make the headlines. Here are some of the best.

Apple wants to be cert-ain on certs

Apple is going to make it harder for sites to be trusted on Safari.

The Cupertino phone seller said this week that, come Fall, it will put stricter requirements on sites that want their certificates to be accepted.

"Publicly-trusted Transport Layer Security (TLS) server authentication certificates issued after October 15, 2018 must meet our Certificate Transparency (CT) policy to be evaluated as trusted on Apple platforms," Apple says.

"Certificates that fail to comply will this policy will result in a failed TLS connection, which can break an app’s connection to Internet services or Safari’s ability to seamlessly connect."

This means that certificates will now have to have at least two signed certificate timestamps from a CT log. That was previously only required for Extended Valuation certificates.

Ticketfly falls to hackers

Last week, ticketing site Ticketfly said it was the victim of an attack that left it unable to handle ticketing for some events over the weekend. This week, the site shed more light on the matter when it revealed that information on some 27 million accounts was harvested in the attack.

"In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed," Ticketfly said.

"However, information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed. "

Ticketfly notes that many of its users have multiple accounts with different email addresses, so fewer than 27 million actual people are affected by the breach. Also, no credit card information or passwords were accessed.

Still, anyone who has a Ticketfly account will need to reset their password, and re-used passwords on other sites should also be changed.

Thanks for getting scammed, now tell your friends!

It's bad enough to fall victim to a support scam, but one group is making matters even worse by tricking their marks into recording video endorsements.

Australia's ABC has the story of a group called 'Macpatchers' that uses fake tech support pages to get users to install remote access malware.

From there, the scammers trick the users into paying for unnecessary (and useless) support software and service. Finally, the scammers asked the victims to read a script saying they were satisfied with their experience.

Why? Because unbeknownst to the users, their webcams were turned on and recording them. The video clips were captured by the scammers and used to compile 'testimonial' videos that would make their dodgy support operations seem more legit.

While many Reg readers have no doubt tired of being the unpaid support staff for friends and family, stories like this underscore how important it is to be there to help of the less tech-savvy people in your life when they have problems or questions. The alternative is letting them play right into the hands of scammers.

MyHeritage coughs up user details

It's the notice nobody who uses a geneology site wants to see: MyHeritage has confirmed it suffered a massive breach of user data.

The testing site says a security researcher informed it earlier this week that a file containing the usernames and hashed passwords of every person who signed up for their service through October of last year was out in the wild.

Fortunately, we don't have to run any panicked thinkpieces about people having their "DNA hacked" anytime soon. The database only contained user email addresses and hashed passwords, no other personally identifiable information was accessed, and the site uses third-party services to process card data.

"Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security," the company said in its mea culpa.

"We have no reason to believe those systems have been compromised."

Atlanta ransomware infection worse than feared

Earlier this year, a ransomware outbreak hit the city of Atlanta, GA, taking down a number of the city's central IT services.

Now, it seems the outbreak was even worse than previously thought, and it could have a long-term impact on the city.

In addition to costing more than $2.5m to clean up, the city says the infection resulted in the loss of police dashcam footage. That footage includes evidence the city planned to use for criminal cases.

Police Chief Erika Shields told the Atlanta Journal Constitution that the city will hopefully still be able to proceed with the cases.

"But the dashcam doesn’t make the cases for us. There’s got to be the corroborating testimony of the officer," Shields was quoted as saying.

"There will be other pieces of evidence. It’s not something that makes or breaks cases for us."

Supermicro, semivulnerable

Researchers say that some servers from Supermicro could be vulnerable to firmware attacks, thanks to poorly-guarded hardware settings.

Security firm Eclypsium found that Supermicro boxes are not set to properly limit access to the firmware, potentially leaving the descriptor region vulnerable to being completely re-written.

"In general, the flash descriptor region should be “immutable” once the system completes the manufacturing process and is ready for production use. This helps establish the firmware stored in the SPI flash as a root of trust for the system," Eclypsium explains.

"By insecurely configuring the descriptor, malicious software with administrative privilege in the host OS may be permitted to modify the contents of firmware code and data that the host processor would otherwise never need to directly read or write."

In practice, this means that a malware infection already present on the system could use those vulnerabilities to further embed itself in the firmware layer, allowing the infection to become harder to detect and potentially crippling the entire server.

Eclypsium says it is working with Supermicro to shore up security and fix the vulnerabilities where needed. ®

Sign up to our NewsletterGet IT in your inbox daily


Keep Reading

Remember that backdoor in Juniper gear? Congress sure does – even if networking biz wishes it would all go away

US lawmakers demand answers in quest against Feds-only access points

Fragging hell: Qualcomm rolls out mid-tier 5G gaming chipset

768G SoC supports upgradeable drivers, claims 15% performance boost

Microsoft uses its expertise in malware to help with fileless attack detection on Linux

Aw, how generous

Juniper slips out update after hardcoded credentials left in switches

Telemetry Interface blamed for exposed gRPC passwords

Contacts-slurping Android malware sneaked onto Google Play store – twice

Could a simple automated scan have picked up open-source nasty? Hmm

EU we go again: Commission takes aim at Qualcomm over 5G antitrust concerns for radio frequency front end chips

Regulator sends Request for Information to processor producer over abuse of position

Qualcomm looks to hook the masses to 5G... if it arrives: Snapdragon 690, X51 modem to power mid-range gear

That's Sub-6GHz 5G alongside octa-core processor, GPU and AI units

Prez Trump to host chinwag with Google, Microsoft, Oracle and Qualcomm – report

And Sundar Pichai heads to grilling on Chocolate Factory's data slurping

Download this update from Oh, sorry, that was malware on a hijacked sub-domain. Oops

Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites

Qualcomm to appeal against another antitrust whopper: This time it's $873m courtesy of South Korea

Eh, at least it doesn't need to renegotiate patent deals

Tech Resources

Islamic Republic of Iran Cybersecurity Profile from Anomali Threat Research

Iran’s regional influence has been operationalized through the use of proxy military activity, information operations as well as offensive cyber activity.

Latency is the New Outage

More organizations are tying their future success to digital and online business.

Ransomware Realities for Small and Medium-Sized Businesses

All organizations can be the target of ransomware, where users’ files or computers are taken hostage or system access is hindered until a ransom demand is met.

SANS Report: Factoring Enterprise IoT into Detection and Response

In this report, learn about the growth of IoT devices inside corporate networks