Bitglass Security Spotlight: Apple, Cryptocurrency, and Mass Breaches

This post was originally published here by Will Houcheime.

Here are the top cybersecurity stories of recent weeks: 

  • Apple app developers advised to reveal and remove screen recording code
  • 60% of cryptocurrency public hacks claimed by two major hacker groups
  • 617 million user accounts placed for sale on dark web
  • South Africa’s main electricity provider experiences data leak
  • Chinese hacking group exposes Norway’s cloud software provider Visma
    Apple app developers advised to reveal and remove screen recording code

    Apple is advising app developers to either remove or disclose their analytics codes that detail how users interact with applications on their phones. An apple spokesperson recently sent out an email that read, “Protecting user privacy is paramount in the Apple ecosystem.” Applications such as Hotels.com, Expedia, and Hollister were found using this activity monitor without user permission – and without any mention of it in their privacy policy agreements. Developers that were violating privacy terms have been informed and further action will follow if necessary, according to the spokesperson.

    60% of cryptocurrency public hacks claimed by two major hacker groups

    According to a report by blockchain analysis firm, Chainalysis, two hacker group are responsible for 60% of public cryptocurrency hacks, equating to about $1 billion of stolen cryptocurrency. Chainalysis reports, “On average, the hacks we traced from the two prominent hacking groups stole $90 million per hack.” The two hacking groups, codenamed Alpha and Beta, have been monitored for years and have been withdrawing the stolen funds tactfully, taking between 40 and 168 days, hiding behind thousands of fraudulent transactions.

    617 million user accounts placed for sale on dark web

    The Register, a popular hub for science and tech news, recently reported that a dark web marketplace has sold stolen data from approximately 617 million user accounts. Online services such as the video messaging app ‘Dubsmash’ had 162 million accounts exposed on this marketplace. In addition, the healthapplication ‘MyFitnessPal’ had 151 million breached accounts. The seller has reportedly sold some data for as much as $20,000. Sensitive information sold includes passwords, emails, IP addresses, as well as security questions and their answers.

    South Africa’s main electricity provider experiences data leak

    South Africa’s largest electricity provider experienced a public exposure of customer data after disregarding advice from a researcher who foresaw the possibility of a leak of information. Eksom, the company exposed, is South Africa’s state-owned electricity company that delivers roughly 95% of the country’s electricity as well as about 45% of all electricity consumed by the African continent. Devin Stokes, cybersecurity researcher, was quick to show frustration, targeting the company in a public tweet showing images of exposed customer data. Stokes highlighted the company’s inability to properly prevent and communicate about this highly sensitive security issue.

    Chinese hacking group exposes Norway’s cloud software provider Visma

    Norwegian software provider Visma was recently exposed by APT10, a notorious hacking group from China. The software provider currently offers cloud-based software solutions for various European companies. Visma’s security breach occurred in August 2018, as detailed by a pair of US cybersecurity firms. The report claims that the company’s internal network was exposed by stolen credentials to a Citrix remote-access client that Visma employees were using to access proprietary information.

Photo:IT Pro

Ad

No posts to display