CYBERSECURITY NEWS V. 27.08 – Freepik data leak, new FritzFrog Botnet
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts
News for discussion
Freepik data leak
Freepik, a popular website with free graphic resources, has suffered from a data leak. Through a SQL vulnerability, attackers gained access to the credentials of 8.3 million users. At the moment, the company is notifying the affected users. After the incident, Freepik has decided to use bcrypt to hash all user passwords.
Yet another leak of user data. Did it involve any advanced hacking techniques? Of course not, just a good old SQL injection. Will anyone be held accountable for the leak? That's highly unlikely (remember GDPR?). How can users protect themselves from such leaks? Do not use the same password on different websites; use password managers instead. Today, this is basic hygiene, just like using hand rub sanitizer before you eat. Get used to it.
Google fixes critical bug affecting Gmail and G Suite
The bug could allow attackers to send spoofed emails as any Google user. The exploitation has two steps. First, attackers need to rent a mail server on Gmail and G Suite to allow this email through and then exploit another bug and resend the message through an inbound email gateway from the Google backend. Thus, all other mail servers would trust it as an email from an existing Gmail or G Suite user. Google has already deployed its server-side protections so, the users don’t have to do anything.
New FritzFrog Botnet Targets SSH Servers
FritzFrog is both a worm and a botnet that targets government, educational, and financial organizations. Since early January 2020, it has infected at least 500 servers. The botnet's invulnerability lies in its decentralized governance and proprietary fileless P2P implementation. Once launched, FritzFrog unpacks the malware and listens to port 1234. Its main purpose is Monero mining. In the target machine’s memory, it spawns multiple threads, which allows it to adapt and operate more efficiently.
The University of Utah attacked by ransomware
The University of Utah paid a ransom of $ 457,059 to prevent hackers from leaking student information online. Hackers managed to encrypt only 0.02% of the data stored on the university servers. Most of the records were restored from backups; however, the wanted to have access to the encrypted data too. All students and staff are recommended to carefully monitor their credit history for fraud and change online passwords.