Squeeze Volume 6 - Airline Cyber Attack, Hornet's Nest Malware, Twitter Android App Flaw & More
Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.
Welcome to the sixth edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This week's volume was created by Mike Peterson, Manmeet Singh Bhatia and Miguel Calles. Have a safe and happy new year!
Airline Grounds Flights in Alaska After Cyber-Attack
A small local airline in Alaska, RavnAir Group, grounded flights over the weekend due to a "malicious cyber-attack on our company's network." While details are sparse, RavnAir did note that the attack targeted certain turoboprop airplanes, forcing it to disconnect maintenance and backup sytems – and, yes, ground all flights set to take place on Saturday.
https://www.infosecurity-magazine.com/news/cyberattack-grounds-flights-in/
MasterCard to Acquire RiskRecon to Bump Up InfoSec Suite
Mastercard this week announced the pending acquisition of data analytics and security vendor RiskRecon. The financial institution said it would use RiskRecon's tech to complement its existing security infrastructure. While it isn't clear how much the acqusition is going to cost Mastercard, the deal should close in early 2020.
https://www.darkreading.com/risk/mastercard-announces-plan-to-purchase-riskrecon/d/d-id/1336694
U.S. Military Bans TikTok Because it's a 'Cybersecurity Threat'
The U.S. Navy and Army have both banned TikTok on government-issued smartphones. This is, not surprisingly, not the first time that U.S. officials have expressed security concerns over the viral app. TikTok denies any close ties to Beijing, even though it's in the middle of a broader national security review in the U.S.
https://www.pcmag.com/news/372673/us-navy-bans-tiktok-citing-cybersecurity-threat
https://www.nytimes.com/2019/11/01/technology/tiktok-national-security-review.html
New Six-in-One Malware Dropper uncovered.
A relatively uncommon "dropper" was discovered by the researchers at cybersecurity firm Deep Instinct. The malware is being tagged as "Hornet's Nest" due to the nature of the malware while the dropper associated with it is dubbed as "Legion Loader".
The six-in-one malware found is a union of information stealer, backdoor, cryptostealers, and crypto miners. The elements comprising the dropper: Vidar, Predator the Thief, Racoon Stealer, Crypto-currency stealer and miner and an RDP Backdoor.
The full analysis and dissection of the malware can be found on Deep Instinct's blog post.
https://www.deepinstinct.com/2019/12/18/untangling-legion-loaders-hornet-nest-of-malware/
Update Your Twitter Android App Now
Older versions of the Twitter Android app have a vulnerability allowing malicious code execution. If exploited, a hacker can control a user's account and access private imformation. The Twitter blog stated it knows of no attempted exploits.
Maze Ransomware Victim's Data in Public Website
Victims who chose not to pay the ransom from the recent Maze ransomware attacks had their stolen information listed in a public website. The business names, their corresponding websites, date of infection, several gigabytes of data, server names, and IP addresses are among the data listed in this website.
https://statescoop.com/maze-group-pensacola-ransomware-published-city-files/