BTH News 08May2020
This Week In Cybersecurity
This week Between the Hacks reports on a data breach of 28,000 GoDaddy accounts, Firefox alerts you if you use a leaked password, a new IoT botnet, and a critical vulnerability in all Samsung phones for the past 6 years. Also, to stay up to date on cybersecurity news daily, try out our tip of the week, the Cyberwire podcast.
28,000 GoDaddy Accounts Compromised in Breach
The world’s largest web hosting and domain name registration company, GoDaddy, disclosed that it discovered a data breach that impacts approximately 28,000 of its customers. With more than 19 million customers and a history of controversial TV commercials, almost everyone has heard of GoDaddy.
According to BleepingComputer, who broke this story, “ The security incident that took place on October 19, 2019, was discovered on April 23, 2020, after the company's security team discovered an altered SSH file in GoDaddy's hosting environment and suspicious activity on a subset of GoDaddy's servers.”
GoDaddy reports that they immediately reset the usernames and password for affected accounts and contacted the impacted customers. The letter to customers states, "On behalf of the entire GoDaddy team, we want to say how much we appreciate your business and that we sincerely regret this incident occurred. We are providing you one year of Website Security Deluxe and Express Malware Removal at no cost."
Firefox Alerts You If You Use A Leaked Password
ZDNet reports that with this week’s release of Firefox 76 for Windows, macOS and Linux, three new security features were made available for users of the Firefox Lockwise password manager that is built into the Firefox browser.
Firefox will require a user’s operating system password to be entered before showing a password.
Firefox will scan all of the user’s password to see if they match passwords that are known to have been compromised. If it does find a match, Firefox will show a warning to the user, recommending that they change that password.
Firefox will warn users if they have an account stored in Lockwise that has experienced a recent password security breach.
Mozilla, the creator of Firefox, shared that Firefox cannot see your passwords but it can compare them to know breach lists, “by creating an encrypted list of your breached passwords, then checking it against all saved passwords. Firefox does not keep logs of your plaintext passwords or know them.”
These are good updates to a great browser. Between The Hacks highly recommends that everyone use a password manager. While using a third-party password manager has some distinct advantages, like usability with multiple browsers, using a built in password manager is much better than using none at all.
New IoT Botnet
Kaiji is the name of a new IoT botnet that targets Linux-based systems including servers and IoT devices in an effort to create a botnet that could be used as an Internet weapon by launching a distributed denial-of-service (DDoS) attack.
Unlike Mirai, that targeted video surveillance cameras, DVRs and home routers with default passwords, Kaiji is targeting, “Internet-connected devices via SSH brute forcing, taking advantage of administrators who are using weak or recycled passwords” according to Graham Cluely.
This is another reminder that you should always use complex passwords and limit the number of devices that are facing the Internet. It’s a very dangerous place.
Samsung Smartphone Critical Vulnerability
Last week we covered a new “word of death” vulnerability for iPhones. This week, Samsung has patched a critical vulnerability in all Samsung Android phones since 2014. If exploited, an attacker could, “run malicious code on a targeted device, without alerting the user” and “gain access to o a wide variety of information – including a user’s call logs, address book, SMS archive, and so forth” according to Tripwire.
On a positive note, this is not a trivial vulnerability to exploit. You can read more details in the Tripwire blog, but if you have an Android device and have not yet installed that patch yet, now is the time.
Tip of the Week
The Cyberwire Podcast
Stay up to date on cybersecurity news by listening to the daily Cyberwire podcast. According to their website, The Cyberwire podcast provides, “The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also included interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
The podcast is free and in fact, Cyberwire creates over 10 podcasts on topics such as Cyber Law & Policy, Privacy, Research and the Hacking Humans podcast about social engineering. Most of their podcasts are free but a few are included with the Cyberwire Pro option for those who want more.
If you work in, or are just passionate about infosec/cybersecurity, listening to Dave Bittner every day can keep you informed.