Cyber Victor – a leading blog on cyber security

The Village of Key Biscayne, Florida, was hit by a ransomware attack hit, shutting down its computer systems.

Village Manager Andrea Agha said a “data security event” occurred Sunday, June 23, 2019. She said that some permitting operations were handled manually, while some systems were kept off-line “in an abundance of caution.”

A special council meeting to discuss the issue was held, where it was decided to spend $30,000 on hiring a data recovery firm.

Read more about it here.

The city of Riviera Beach, Florida, agreed to pay $600,000 in ransom to decrypt its data, after a ransomware attack hit its computer systems.

The City Council board authorized its insurer to pay 65 bitcoins, valued at approximately $592,000. An additional $25,000 would come out of the city budget, to cover its policy deductible. “Without discussion on the merits, the board tackled the agenda item in two minutes, voted and moved on.”

The insurance company negotiated the payment on the city’s behalf.

The attack began on May 29, 2019, when an employee at the Riviera Beach police department opened a malicious email containing a link that once clicked, has allowed infecting the PC. The ransomware quickly spread inside the city infrastructure, causing several problems. The email system was disabled, employees and vendors couldn’t be paid by direct deposit and had to be issued checks manually, and 911 dispatchers were unable to accept calls.

Read more about it here.

Millions of Quest Diagnostics and LabCorp records have been breached

American Medical Collection Agency (AMCA), a billing processor for Quest Diagnostics and LabCorp, suffered a breach, compromising records of 12 million patients of Quest Diagnostics and 7.7 million records of LabCorp.

A June 3, 2019 filing with the U.S. Securities and Exchange Commission (SEC) by Quest, and a similar June 4 SEC filing by LabCorp, revealed that between August 1, 2018 and March 30, 2019 an unauthorized user had access to AMCA’s system that contained information that AMCA had received from various entities, including Quest Diagnostics, and information that AMCA collected itself. The information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers).

In response to this incident, both Quest Diagnostics and LabCorp suspended sending collection requests to AMCA.

Read more about it here.

Apple’s new Find My app will find your devices even if they are offline

At the company’s Worldwide Developer Conference keynote on on June 3, 2019, Apple executive Craig Federighi described a new location-tracking feature. The interaction is end-to-end encrypted and anonymous, even to Apple itself. The trick? You need to own at least two Apple devices.

Here is how the new system works:

• When you first set up Find My on your Apple devices, it generates a private key that is shared, communicated encrypted, among all your devices.
• Each device also generates a public key. This is the “beacon” that your devices will broadcast out via Bluetooth to nearby devices.
• That public key frequently changes, “rotates” to a new number.
• When someone steals your device, even if it is disconnected from the internet, it emits its rotating public key via Bluetooth.
• A nearby stranger’s Apple device, with no interaction from its owner, will pick up the signal, check its own location, encrypt that location data using the public key it picked up from your device, and upload to Apple’s servers.
• When you want to find your stolen device, you turn to your second Apple device, which contains both the same private key and has generated the same series of rotating public keys.
• Apple returns the encrypted location of your stolen device to your other device, which can use its private key to decrypt it and tell you the stolen device’s last known location.

Read more about it here.

Code hosting service GitHub announced it is offering new tools and security features to secure code:

-Security vulnerability alerts with business partner WhiteSource data
-Dependency insights: A tool showing code dependencies, security vulnerabilities and open source licenses.
-Token scanning: Scanning of tokens from AWS, Azure, GitHub, Google Cloud and more.

Read more about it here.

A massive database containing the contact information of over 49 million Instagram influencers, celebrities and brand accounts has been found online. The news was first reported by the TechCrunch website. The database was left unprotected on an AWS (Amazon Web Services) bucket, allowing anyone to access it without authentication.

Each exposed record contained public data scraped from influencer Instagram accounts, including their bio, profile picture, the number of followers they have, whether they are verified, and their location by city and country, but also contained their personal contact information, such as the Instagram account owner’s email address and phone number.

TechCrunch traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts. In the meantime, Chtrbox pulled the database offline.

Read more about it here.

Japan will develop its first ever malware as a defense mechanism against cyber attacks

The Defense Ministry of Japan is considering malware that can break into an opponent’s computer system, hoping that such a computer virus will work as deterrence against cyberattacks.

The virus to be developed by private companies will be used only for defense purpose, not for pre-emptive attack, a ministry source said. The government allows cyberattacks only against a country or an organization equivalent to a country.

Read more about it here.

Researcher Sanyam Jain at GDI foundation discovered 8 unsecured databases, exposing approximately 60 million records of LinkedIn users.

Most of the data is publicly available on LinkedIn, so this isn’t a LinkedIn breach per se.

Records included LinkedIn public profile information, including IDs, profile URLs, work history, education history, location, listed skills, other social profiles, and the last time the profile was updated. Emails that were used for the initial account registration on LinkedIn, despite having privacy to be not available to the public, was also included.

The databases were appearing each day on a different IP address.

In total, 229 GB of data was leaked.

Read more about it here.

A ransomware attack knocked the Weather Channel off the air for at least 90 minutes on April 18, 2019. The broadcaster confirmed via Twitter that the incident was the result of “a malicious software attack on the network.” The Weather Channel was well prepared. IT staff were able to restore normal operations using backups.

Federal law enforcement are investigating the incident.

Read more about it here.

UpGuard, an Australian cybersecurity startup company, discovered two datasets stored on unprotected Amazon cloud servers.

“One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more… A separate backup from a Facebook-integrated app titled “At the Pool” was also found exposed to the public internet via an Amazon S3 bucket.” It contains information about users’ friends, likes, groups, and checked-in locations, as well as names, plaintext passwords for “At the Pool” accounts, and email addresses for 22,000 people.

Both datasets were stored in unsecured Amazon S3 buckets, that were secured on April 3, 2019 after Bloomberg notified Facebook, who worked with Amazon to secure them.

Read more about it here.