Weekly Magazine - 02.07.2020

Cyber News JULY 2th, 2020 | #7 HIGHLIGHTS Brazilian federal police investigate data breach relating to government senior officials American Homeland Security Department concerns: are police drones transmitting information to foreign Country? Twitter: data leak of business accounts enabled access to personal information Apple: 16 API interfaces rejected due to fears of breach of privacy “CardPlanet” operator sentenced to 9 years jail time for selling stolen credit card information Anti-Israel Hackers breached a security camera and claimed: “We’ve carried out a cyber attack.” France TV activities compromised due to cyber attack DATA LEAKS Brazilian government top brass data leaked Brazil’s federal police reported on progress in investigations into the cybercrime network allegedly responsible for exposing personal details of senior government officials, including President Jair Bolsonaro. The investigation was opened as a result of a data leak in June linked to the “Anonymous Brazil” hackers group. Among other details, leaked data included personal information relating to Bolsonaro, his sons and supporters, as well as other government ministers. In addition to the online data leak, the investigation discovered that the group obtained data on more than 200,000 members of the military and government officials, allegedly for the purpose of scare mongering and embarrassing the individuals and organizations whose details were leaked. www.helena-sec.com Helena-sec Helenasec [email protected]

DATA LEAKS Third party drone? America’s Homeland Security warned the US Police that drones produced by the Chinese firm DJI “are at risk.” The drone’s specs include: live broadcast from drone cameras, geological location, and the ability to eavesdrop on speech around the drone, which can be intercepted. The Department for Cybersecurity and Infrastructures expressed concern in a letter it sent this week to the House Judiciary Committee chairman Jerry Nadler in New York. DJI spokesman Adam Lisberg responded: “While some people have tried to use DJI as a political football to score points against China, there is absolutely no evidence that any of their worst fears have any basis in reality.” Twitter reports business accounts data leak The massive social network, Twitter, reported that debit data belonging to business customers was accidentally stored in its browser cache and may have been accessed by other users. The data included email addresses of business customers, telephone numbers and the last four digits of credit cards registered with Twitter accounts. Twitter further reported to users that the problem was first discovered on May 20, a month after Twitter found a similar bug that caused Twitter users data to be stored incorrectly, such as messages lodged in the Firefox cache. www.helena-sec.com Helena-sec Helenasec [email protected]

CYBER NEWS Apple refuses to implement 16 API interfaces in the Safari browser, fearing penetration into user privacy Apple reported refusing to implement 16 new API internet technologies in Safari due to their concern that they consolidate threats to user privacy and enable new avenues for collecting users’ digital fingerprinting. The rejected APIs include: Web MIDI API which enables sites to enumerate, manipulate and access MIDI devices. Magnetometer API which allows websites access to data on local magnetic fields around a user through the device’s main magnetometer sensor. Web NFC API which allows websites to communicate with NFC tags through the device’s inherent NFC reader. Device Memory API which enables websites to access the approximate amount of device memory in GB. The full list can be found in the article at: https://www.zdnet.com/article/apple-declined-to-implement-16-web-apis- in-safari-due-to-privacy-concerns/?&web_view=true 9 year prison sentence for stolen credit card data sales Aleksei Burkov, a Russian citizen operated “CardPlanet,” a website which sold hundreds of thousands of credit and debit card data hacked chiefly from US citizens. The “merchandise” took the form of digital card data encoded onto a blank card with a magnetic strip, used for making fraudulent payment cards. The American Department of Justice revealed that the sales data translated into $20 million of fraudulent purchases via American credit cards. Burkov was sentenced to 9 years in prison. www.helena-sec.com Helena-sec Helenasec [email protected]

WORLDWIDE CYBER ATTACKS France Television groups is a victim of a cyber attack. The France Television group M6, advised yesterday that it was the victim of a cyber attack directed at one of its broadcasting stations. “One of our dissemination sites was infected with a virus,” the notice announced. Additionally, the group confirmed that its “France 3” channel would be transferred to the France Television HQ. Addressing the event, the company activated its backup site. This is not the first time that hackers have targeted French media outlets. In 2019, the ransomware hackers hit the M6 group, one of the largest of France’s TV outlets. OUR WEEKLY RECOMMENDATION: Are you using the default password? That’s a huge mistake! Using default password? Beware! Many users do not update default passwords to various devices such as home router, FW, WIFI. Using default passwords may expose you to various attacks. This is what you should do: - Define your user name, and a separate different password. Use the first to define Administrator, and the second one for Wi-Fi use. - Change your network name so that it cannot indicate the router’s properties, such as model, manufacturer, owner and location. - Avoid installing software updates that did not come from the device manufacturer - Be sure to run software and firmware updates in accordance with the manufacturer's recommendations.