Squeeze Volume 6 - Airline Cyber Attack, Hornet's Nest Malware, Twitter Android App Flaw & More

Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.

Squeeze Volume 6 - Airline Cyber Attack, Hornet's Nest Malware, Twitter Android App Flaw & More

Welcome to the sixth edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This week's volume was created by Mike Peterson, Manmeet Singh Bhatia and Miguel Calles. Have a safe and happy new year!

Airline Grounds Flights in Alaska After Cyber-Attack

A small local airline in Alaska, RavnAir Group, grounded flights over the weekend due to a "malicious cyber-attack on our company's network." While details are sparse, RavnAir did note that the attack targeted certain turoboprop airplanes, forcing it to disconnect maintenance and backup sytems – and, yes, ground all flights set to take place on Saturday.

https://www.infosecurity-magazine.com/news/cyberattack-grounds-flights-in/

Cyber-Attack Grounds Flights in Alaska
RavnAir cancels flights after malicious cyber-attack

MasterCard to Acquire RiskRecon to Bump Up InfoSec Suite

Mastercard this week announced the pending acquisition of data analytics and security vendor RiskRecon. The financial institution said it would use RiskRecon's tech to complement its existing security infrastructure. While it isn't clear how much the acqusition is going to cost Mastercard, the deal should close in early 2020.

https://www.darkreading.com/risk/mastercard-announces-plan-to-purchase-riskrecon/d/d-id/1336694

Mastercard Announces Plan to Purchase RiskRecon
The acquisition is expected to close in the first quarter of 2020.

U.S. Military Bans TikTok Because it's a 'Cybersecurity Threat'

The U.S. Navy and Army have both banned TikTok on government-issued smartphones. This is, not surprisingly, not the first time that U.S. officials have expressed security concerns over the viral app. TikTok denies any close ties to Beijing, even though it's in the middle of a broader national security review in the U.S.

https://www.pcmag.com/news/372673/us-navy-bans-tiktok-citing-cybersecurity-threat

US Navy Bans TikTok, Citing ‘Cybersecurity Threat’
Both the United States Navy and the Army are instructing service members to avoid ByteDance’s TikTok on government-issued smartphones. Lawmakers suggest the popular app poses a threat to national security. ByteDance, however, denies any close relationship with the Chinese government.

https://www.nytimes.com/2019/11/01/technology/tiktok-national-security-review.html

New Six-in-One Malware Dropper uncovered.

A relatively uncommon "dropper" was discovered by the researchers at cybersecurity firm Deep Instinct. The malware is being tagged as "Hornet's Nest" due to the nature of the malware while the dropper associated with it is dubbed as "Legion Loader".

The six-in-one malware found is a union of information stealer, backdoor, cryptostealers, and crypto miners. The elements comprising the dropper: Vidar, Predator the Thief, Racoon Stealer, Crypto-currency stealer and miner and an RDP Backdoor.
The full analysis and dissection of the malware can be found on Deep Instinct's blog post.

https://www.deepinstinct.com/2019/12/18/untangling-legion-loaders-hornet-nest-of-malware/

Untangling Legion Loader’s Hornet Nest of Malware

Update Your Twitter Android App Now

Older versions of the Twitter Android app have a vulnerability allowing malicious code execution. If exploited, a hacker can control a user's account and access private imformation. The Twitter blog stated it knows of no attempted exploits.

https://www.reuters.com/article/us-twitter-cyber/twitter-fixes-glitch-in-its-android-app-idUSKBN1YO21N

Twitter fixes glitch in its Android app
Twitter Inc said on Friday it had fixed a vulnerability in its app for Android d...

Maze Ransomware Victim's Data in Public Website

Victims who chose not to pay the ransom from the recent Maze ransomware attacks had their stolen information listed in a public website. The business names, their corresponding websites, date of infection, several gigabytes of data, server names, and IP addresses are among the data listed in this website.

https://statescoop.com/maze-group-pensacola-ransomware-published-city-files/

'Maze' group behind Pensacola ransomware published city files online


The awesome image used in this article is called Hacker Floor and was created by Juan Casini.