Cybersecurity Alerts: Weekly Update for November 6th
Get an update on this week’s cybersecurity scams.
Using social media and various website forums, a hacker by the name ColdZer0 claimed that he breached the vBulletin.com website and stole the personal information of over 479,000 users. vBulletin is software that enables users to build community forum websites. ColdZer0 is suspected to have accessed customer IDs and encrypted system passwords. As a result, vBulletin has put in place a required password reset for its users, as well as release a new security patch to deal with the breach.
Almost 2,000 Vodaphone customer accounts were accessed by hackers, providing the hackers access to customer names, mobile phone numbers, and bank account information, and with some customers already experiencing fraudulent activity on their accounts. The security breach was shown to have originated from Carphone Warehouse and not Vodaphone itself, as the stolen information was not encrypted and therefore more vulnerable to being stolen.
Google has identified multiple serious security flaws with Samsung Galaxy S6 Edge. The first bug identified by Google causes emails to be forwarded to another account, while two others involve file corruption and Stagefright 1.0, which allows hackers to gain access to infected phones’ pictures and other data by sending users a malicious video message. While the first version of Stagefright was identified and patched beginning this summer, new vulnerabilities have recently emerged in which the only difference is the attack vector. This vulnerability enables remote code execution and privilege escalation, providing attackers with access to personal data, photos, emails, messages, the ability to take photos, record conversations, and download and utilize apps on the compromised device.
A seven year old security bug, called CVE-2015-7835, has been identified by the Xen Security Team. This security flaw has been deemed as the worst bug ever to have affected the hypervisor, and can allow an attacker to gain access to the underlying operating systems from a para-virtualized VM, and impacts Xen version 3.4 and later on x86 systems. Xen is the hypervisor used by Amazon, Rackspace, and IBM clouds. What makes this flaw so frightening is that it directly goes against a core principle of virtualization, which is the belief that virtual machines cannot have direct access to the hypervisor.
A new ransomware program called Chimera targets companies by sending emails that contain links to malicious files hosted on Dropbox. The emails target individual employees and appear as job offers or applications. Once the link is clicked, it begins encrypting local files and displays a ransom note on the victim’s desktop, demanding a hefty payment of almost $700 before providing a decryption key. This threat goes beyond traditional ransomware programs by threatening to publish the user’s files if the payment is not supplied.