Intimate data of 3 Million Facebook Users Exposed

Personal data of more than three million people were exposed online for four years by a personality app, called as myPersonality.

The app collected the intimate details of the  Facebook users and can be accessed by anyone on the Internet.

Security researchers who designed the app are based at the Psychometrics Centre at the University of Cambridge. They uploaded a sensitive data of Facebook users onto a poorly protected website that contains a million answers to a personality trait questionnaires.

According to information on the Cambridge website, the app "collected data from over 6 million volunteers" during the period it was active. "It created "one of the largest social science research databases in history."

"This data was anonymized and samples of it were shared with registered academic collaborators around the world through the myPersonality project, resulting in over 45 scientific publications in peer-reviewed journals," said the Cambridge website.

While Facebook has confirmed that they are investigating the matter and have temporarily suspended myPersonality app. "If myPersonality refuses to cooperate or fails our audit, we will ban it," said Ime Archibong, Facebook's vice president of product partnerships.

StalinLocker: ransomeware deletes data if correct code is not put in time

A new ransomware has been discovered called StalinLocker, or StalinScreamer, that gives victims of the attack 10 minutes to put in the correct unlock code and if they’re not able to do that, erases all the data on the infected device.

The ransomware does not actually demand any ransom, other than the condition given to unlock the victim’s device.

Named after Joseph Stalin, the late leader of the Soviet Union, the malware pays tribute to him by showing a red screen with a picture of Stalin, along with the USSR anthem playing in the background, when StalinLocker takes over the computer and the 10 minute countdown begins.

The ransomware was discovered by MalwareHunterTeam, which on Twitter explained how the malware worked and how to know the code to unlock your locked device.

According to them, the code can be guessed by subtracting the date the malware was run by 30/12/1922, which is the date that represents the foundation of the USSR.

This ransomware, unlike others, seems to purely focus on destroying user data as it does not demand any ransom in Bitcoin or other ways but simply attempts to erase all data if conditions are not met. If the user correctly enters the code, however, the files are unlocked with no problem.

The malware is similar to a previous one that forced victims to PlayerUnknown’s Battlegrounds game for an hour to get their device unlocked, but unlike StalinLocker, it did not threaten the erasure of the victim’s data.

Currently, StalinLocker is in a testing stage but it could turn out to be a major problem for Windows users once it is out for good.

Cisco warns of critical bugs in DNA center

Cisco released a list of 16 security advisories on May 16, including three critical flaws in Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale platform that could allow an attacker to seize complete administrative control. Cisco Systems patched the bug on Wednesday.

One of the three, logged as CVE-2018-0222, is caused by DNA Center having default and static administrative account credentials, which an attacker could use to log into an affected system and execute commands with root privileges.

One of the critical bugs “Could allow an unauthenticated, remote attacker to bypass authentication and access critical services,” according to Cisco. “The vulnerability is due to a failure to normalize URLs prior to service requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center.”

Cisco also warned of four additional vulnerabilities – each rated high. All of the vulnerabilities have available patches for mitigation.

Each could allow an unauthenticated and remote attacker to bypass Cisco’s authentication checks and attack core functions of the DNA platform, which was introduced in 2016. DNA has been touted as a move away from the company’s hardware-centric business towards one more reliant on software and services; it’s an open, software-driven architecture focused on automation, virtualization, analytics and managed services.

The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. One involves exploiting a hardcoded admin password, one attacks the Kubernetes port, and the third relies on a specially crafted URL not being normalized before DNA Center resolves a service request.

Cisco announced DNA Centre in the summer of 2017, offering customers network automation software and a centralized management interface for its “intent-based networking” system. Admins can use DNA Center to set policies for network segmentation, configure network infrastructure, and monitor network glitches. It ships as part of a dedicated appliance.

RIG EK delivers Grobios trojan

Exploit kit activity has been declining since the latter half of 2016, but we do still periodically observe significant developments in this space and the RIG EK seems to buck the trend. It’s been involved in an ongoing activity involving a wide range of crimeware payloads; and the latest campaign saw RIG dropping the Grobios malware, which is tailored to be a really stealthy backdoor and takes great pains to avoid detection and evade virtual and sandbox environments.

The campaign was first seen on March 10 by FireEye Labs, redirecting victims to a compromised domain, latorre[.]com[.]au, with a malicious iframe injected into it. That iframe, in turn, loads a malvertisement domain, which communicates over SSL and leads to the RIG EK landing page. RIG then loads a malicious Flash file which when opened drops the Grobios trojan.

The Trojan’s main hallmark is an impressive arsenal of evasion and anti-sandbox techniques, according to FireEye researchers. Researchers and blog post co-authors Irshad Muhammad, Shahzad Ahmed, Hassan Faizan, Zain Gardezi, report that the developers clearly tried to impede any attempts to dissect the malware, as it was well-protected with multiple anti-debugging and anti-analysis and anti-VM techniques to hide its behaviour and C2 traffic.

“The main purpose of Grobios malware is to help attacker establish a strong foothold in the system by employing various kinds of evasions and anti-VM techniques,” Ali Islam, director of FireEye, told Threatpost. “Once a strong foothold is established, an attacker can drop a payload of his/her choice, which can be anything from an info stealer to ransomware, etc.”

In an effort to evade static detection, the studied Grobios sample was packed with the Windows executables compression tool PECompact. "The unpacked sample has no function entries in the import table," the blog post states. "It uses API hashing to obfuscate the names of API functions it calls and parses the PE header of the DLL files to match the name of a function to its hash. The malware also uses stack strings."

A Command Injection Critical Vulnerability Discovered In DHCP

The Dynamic Host Configuration Protocol (DHCP) client incorporated in the Red Hat Enterprise Linux has been recently diagnosed with an order infusion vulnerability (command injection ), which is capable enough to  permit a vindictive mime proficient for setting up a DHCP server or generally equipped for satirizing DHCP reactions and responses on a nearby local network to execute summons with root benefits.

The vulnerability - which is denominated as CVE-2018-1111 by Red Hat - was found by Google engineer Felix Wilhelm, who noticed that the proof-of-exploit code is sufficiently little to fit in a tweet. Red Cap thinks of it as a "critical vulnerability", as noted in the bug report, demonstrating that it can be effectively misused by a remote unauthenticated attacker.

DHCP is utilized to appoint an IP address, DNS servers, and other network configuration ascribes to gadgets on a network. DHCP is utilized as a part of both wired and remote systems. Given that the necessities of utilizing this exploit are basically being on a similar network, this vulnerability would be especially concerned on frameworks prone to be associated with distrustful open Wi-Fi systems, which will probably influence Fedora clients on laptops.

Eventually, any non-isolated system that enables gadgets and various other devices to join without explicit administrator approval, which is ostensibly the purpose of empowering DHCP in any case, is at last a hazard.

This bug influences RHEL 6.x and 7x, and in addition to CentOS 6.x and 7.x, and Fedora 26, 27, 28, and Rawhide. Other operating frameworks based over Fedora/RHEL are probably going to be influenced, including HPE's ClearOS and Oracle Linux, as well as the recently interrupted Korora Linux. Since the issue identifies with a Network Manager Combination script, it is probably not going to influence Linux circulations that are not identified with Fedora or RHEL as they aren’t easily influenced.