Squeeze Volume 9 - NSA Discloses Windows Flaw, Cellebrite Buys BlackBag, P&B Bank Hacked, & More

Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.

Squeeze Volume 9 - NSA Discloses Windows Flaw, Cellebrite Buys BlackBag, P&B Bank Hacked, & More

Welcome to the ninth edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This week's volume was created by k4b00m (Hozaifa Owaisi), Miguel Calles, Mike Peterson, and Bhumish Gajjar.

How US Businesses Can Prepare for An Iranian Cyberattack

The probability of a Cyberattack on The United States is very high, especially from Iran. The US recently killed one of there top-ranking military generals, Qassem Soleimani. Iran is probably also coming after the US in the 2020 elections by trying to interfere with them. The next attack can be anything from just a symbolic attack like government websites or the power grid, for which Iran openly claims responsibility. Or attacks could be much more subtle — damaging, but not immediately apparent. 80% of US critical infrastructure is in the hands of private companies, and they do not have a fantastic track record of keeping their systems secure. These critical infrastructure's are banks, energy, telecommunication and transport companies. When asked Mark Rasch, a cybersecurity consultant, what's the worst-case scenario here. His response was, "Typically in the past when Iran has been attacked, it has responded in a way that directly counters the attack. When US banks impose sanctions on Iran, the Iranian government attacked those financial institutions specifically. When there were questions about Saudi oil, embargoes, or failure to buy oil from Iran, they attacked those particular institutions. These were relatively targeted attacks and identifiable institutions rather than a broad-based disruptive attack." As we can see, the failure of even one of these critical infrastructures will make the economy go down rapidly, also if it lasts for a short amount of time. You can read the full conversation with Mark Rasch and more here on the original article.

Link: https://www.fintechnews.org/how-us-businesses-can-prepare-for-an-iranian-cyberattack/

How US businesses can prepare for an Iranian cyberattack

NSA Alerts Microsoft of Software Flaw

Before 2017, the NSA discovered a Microsoft Windows flaw and chose not to disclose it to the Microsoft Corporation so it could weaponize it for five years before it was patched. The weaponize EternalBlue hacking tool was eventually discovered outside the agency by Russian and North Korean hackers. This time around, the NSA voluntarily disclosed a vulnerability rather than weaponizing it for years to come. Microsoft released a patch on January 14, 2020.

Link: https://www.washingtonpost.com/national-security/nsa-found-a-dangerous-microsoft-software-flaw-and-alerted-the-firm--rather-than-weaponize-it/2020/01/14/f024c926-3679-11ea-bb7b-265f4554af6d_story.html

Organizations Lag on Security Despite it Being Their 'Top' Focus

A Society for Information Management (SIM) study revealed that among 1,033 IT executives, cybersecurity has ranked as their No. 1 concern from 2017 to today. The ironic part? Those same respondents only said that they were, at best, moderately ready to deal with cybersecurity incidents.

Link: https://www.informationweek.com/government/cybersecurity/sim-study-points-to-lax-focus-on-cybersecurity/a/d-id/1336743

SIM Study Points to Lax Focus on Cybersecurity - InformationWeek
Despite ranking at the top of respondents’ concerns, organizations still show gaps in acting on cybersecurity.

Cellebrite Buys Computer Forensics Firm BlackBag Technologies for $33M

Israel-based Cellebrite, known for allegedly being the company that helped the FBI unlock an iPhone belonging to one of the San Bernardino shooters, has purchased BlackBag Technologies. Notably, BlackBag is the creator of the tool that can extract data from T2-equipped Macs, suggesting Cellebrite may continue to expand its focus on Apple products.

Link: https://www.reuters.com/article/us-blackbag-m-a-sun-idUSKBN1ZD0VZ

Israeli digital forensics firm Cellebrite buys BlackBag Technologies
Israel’s Cellebrite, whose software can unlock and extract data from mobile...

Consumer Reports Calls on IoT Device Makers to Strengthen Security

Consumer Reports, the magazine, has penned a letter to 25 smart camera manufacturers urging them to adopt stronger privacy and security mechanisms. It added that it would update its product ratings to reflect security standards and practices. Which, based on the vulnerability of the target market for many of those companies, is undoubtedly a good step.

Link: https://www.darkreading.com/endpoint/consumer-reports-calls-for-iot-manufacturers-to-raise-security-standards/d/d-id/1336798

Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.

Adult Site Leaks 20GB Sensitive Data of Cam-models

Security researchers at vpnMentor have uncovered a leaking S3 Bucket with 19.95GB of visible data on a Virginia-based Amazon server, belonging to PussyCash and its network. PussyCash is an explicit 'cam' affiliate network that owns the brand ImLive and other similar adult-oriented websites. This leak has exposed the personal data and likeness of over 4,000 models among more than 875,000 files. It has high-risk, real-life implications for said models.

There are at least 875,000 keys, which represent different file types, including videos, marketing materials, photographs, clips and screenshots of video chats, and zip files. These files include very sensitive details like full name, DoB, Photographs of Passports and other IDs, Signatures, Parents' names, and Fingerprints.

Link: https://www.vpnmentor.com/blog/report-pussycash-leak/

Report: Adult Site Leaks Extremely Sensitive Data of Cam Models
The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking S3 Bucket with 19.95GB of visible data on a Virginia-based

Hackers Breach P&B Bank, Access PII of 100k Individuals

P&N‌ Bank in Australia is informing its customers that hackers may have accessed personal information stored on its systems following a cyber attack. The breach notification says that the compromised system contained the following information: names, addresses, emails, age, customer and account numbers, as well as the account balance. Funds, social security numbers, and data in identification documents (driver’s license, passport) were stored on a different system and are safe.

The attack did not target P&N‌ Bank directly. Still, it occurred during a server upgrade around December 12, 2019, at a third-party that was offering hosting services to the organization.

Link: https://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/

Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII
P&N‌ Bank in West Australia (WA) is informing its customers that hackers may have accessed personal information stored on its systems following a cyber attack.
The awesome image used in this article is called Jai Wolf and was created by Vinicius Gut.