Friday Five 9/2
Data privacy concerns were at the forefront of this week’s cybersecurity news but phishing and ransomware attacks are still making waves. Read about these stories and more in this week’s Friday Five!
1. FTC SUES DATA BROKER THAT TRACKS LOCATIONS OF 125M PHONES PER MONTH BY DAN GOODIN
After Idaho-based data broker Kochava elected to sue the Federal Trade Commission two weeks ago, the FTC has counter-sued and released a formal complaint, claiming that Kochava sold location data pulled from roughly 125 million phones. According to the complaint, in the data made available by Kochava, "it is possible to identify a mobile device that visited a women's reproductive health clinic and trace that mobile device to a single-family residence." The complaint also alleges that this data can be used to track people's visits to homeless shelters, domestic abuse shelters, and places of worship, among other sensitive locations. Read the full story from Ars Technica for a more detailed look into the FTC's complaint and to see how Kochava has responded to the lawsuit.
2. OVER 1,000 IOS APPS FOUND EXPOSING HARDCODED AWS CREDENTIALS BY BILL TOULAS
Security researchers found this past week that over 1,800 mobile applications, most running on iOS, contain hard-coded AWS credentials that could allow bad actors to access private databases or lead to data breaches. According to the researchers, over three-quarters of those applications contained valid AWS access tokens, which could be used for direct access to private cloud services, while over 800 applications contained valid AWS tokens that could help bad actors access live-service databases that hold millions of sensitive records. Read the full story from BleepingComputer to find out what could be causing this issue and to learn about a few real world examples.
3. JAMES WEBB TELESCOPE IMAGES USED TO HIDE MALWARE BY PIETER ARNTZ
Bad actors have been running an unorthodox phishing campaign to spread malware involving the use of James Webb telescope images in malicious Microsoft Office attachments. According to Securonix’s threat research team, once the victim opens the attachment and the malicious template file is downloaded, a command will download a .jpg file—which in this case is an image from the James Webb telescope—that is hiding malicious Base64 code. Pieter Arntz of Malwarebytes Labs provides more details on how such an attack is possible in his full story.
4. MOST TOP MOBILE CARRIERS RETAIN GEOLOCATION DATA FOR TWO YEARS ON AVERAGE, FCC FINDINGS SHOW BY TONYA RILEY
According to recent information published by the Federal Communications Commission, 10 of the 15 top mobile carriers collect and retain consumers’ sensitive geolocation data for roughly two years on average. FCC chairwoman Jessica Rosenworcel says "[this information is] a record of where we’ve been and who we are. That’s why the FCC is taking steps to ensure this data is protected.” Read more about which providers responded to the FCC inquiry and why those providers often don’t give consumers an option to opt out of such invasive data collection.
5. RANSOMWARE ATTACKS JUMP AS NEW MALWARE STRAINS PROLIFERATE, RESEARCH FINDS BY AJ VICENS
According to cybersecurity firm NCC Group, ransomware cases rose by 47% this past July compared to the month before, 62 cases of which were linked to LockBit ransomware group. Hive and BlackBasta, which are both affiliated with Conti, were responsible for the next most attacks, respectively.