header image

Cyber Intelligence Briefing: 13 August 2021

Billy Gouveia, Kyle Schwaeble 13 August 2021
13 August 2021    Billy Gouveia, Kyle Schwaeble

CHALLENGING INSECURITY: A ROADMAP TO CYBER CONFIDENCE

In our latest report, we demystify the drivers of insecurity among cyber security professionals, in so doing, mapping a path to cyber confidence.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.


Apple criticised for new feature

Apple’s new iOS15 feature to combat child sexual abuse imagery has been criticised as an invasion of privacy. Critics also argue it could be abused by authoritarian governments as a new form of surveillance – Apple disputes this, maintaining that the feature preserves user privacy.  

The new control will use hash technology to compare photos on the device with known images of child sexual abuse. However, only if a photo is a match and subsequently uploaded to iCloud will Apple interpret it as an image. Once a single account receives a certain number of matches, it will be reviewed by Apple.

 

 SO WHAT?  This new system seems to contradict Apple’s long-standing reputation as a proponent for user privacy. However, the method through which it works, using hash technology, is actually less invasive than many of the existing measures to combat child sexual abuse imagery used by other email and cloud storage platforms.


Plaid agrees to pay USD 58 million for data privacy violations

Fintech company Plaid reached a USD 58 million settlement with plaintiffs who alleged it used their banking information without their consent. Additionally, Plaid was ordered to improve its data security and processing practices.


The fintech company connects users’ bank accounts to online trading platforms such as Robinhood. Amongst other things, the plaintiffs alleged that Plaid harvested and sold users’ banking transaction histories, a claim the company denies.

 SO WHAT?  Data protection laws and regulations have become increasingly onerous on organisations. It is important that companies are aware of and comply with their obligations and responsibilities or risk facing large fines and/or lawsuits.


One million credit cards leaked on an underground card shop

One million credit cards have been leaked for free by a representative of AllWorld.Cards, an underground card shop. The leak was advertised on numerous underground forums including XSS and Club2crd.

The leak contains credit card numbers, expiration dates, CVVs, names, countries, addresses, zip codes, and contact information. The affected cards were stolen between 2018 and 2019. Some researchers assess that as many as 50% of the leaked cards may still be valid.

 SO WHAT?  AllWorld.Cards appeared in May 2021, just three months after Joker’s Stash (formerly the largest stolen credit card marketplace) shut down. Leaking these credit cards for free is likely an attempt to attract customers as AllWorld.Cards looks to replace Joker’s Stash as a leading carding market.


Authentication-bypass vulnerability places millions of home routers at risk

Attackers are actively exploiting an authentication-bypass bug that could affect millions of home routers. The security flaw affects routers from firmware provider, Arcadyan.

Attackers are exploiting the bug to add hijacked routers to a Mirai-variant botnet. This botnet has previously been leveraged to launch distributed denial of service (DDoS) attacks on network devices affected by critical security vulnerabilities.

 

 SO WHAT?  Ensure you have updated your router’s firmware to the latest version.


Cryptocurrency heist secures millions for hackerS

Hackers managed to steal over USD 600 million worth of cryptocurrency from user accounts on Poly Network, a decentralised finance provider. After a public outcry, and a security firm reportedly identifying them, the attackers have since returned over half of the stolen funds to Poly Network.

 

 SO WHAT?  Cryptocurrency stored with an exchange or broker could be stolen if an attacker is able to compromise their systems. For extra security, consider using hardware wallets kept offline to protect your digital assets.


Patch Tuesday!

Relative to last month, 63% fewer vulnerabilities were addressed in this month’s Patch Tuesday. Of the 44 vulnerabilities, seven are rated critical, one of which is being actively exploited in the wild.

Affected software include Microsoft Windows and various Windows components, Office, .NET Core and Visual Studio, Windows Defender, and Windows Update, among others.

 SO WHAT?  Find further detail on the patches on Microsoft’s website.

 

Cyber Threat Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Billy Gouveia
Billy gouveia Senior Managing Director Email Billy
Kyle Schwaeble
Kyle schwaeble Analyst Email Kyle

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report