Welcome to the first-fortnight edition of Nov 2020 CF bytes. In this edition, we witnessed the surge in fake COVID-19 negative tests being sold openly to circumvent the travel formalities required as per international travel guidelines issued by various governments. The nuisance of SIM Swap attacks has pushed the emergence of App authenticators as a preferred mode of multi-factor authentication to thwart account takeover attacks. Due to Pandemic, new scams have emerged targetting heavy shopping days such as Singles Day and Black Friday deals taking advantage of the heavy rush of the holiday season. Insecurity breaches, medical records have been exposed in eyecare healthcare leading to more than 800k patients. Capcom, a Japanese game developer recently suffered a breach by hackers in its internal systems. Insecurity attacks, new attack such as SAD DNS was discovered by security researchers. NAT Slipstreaming is a new technique by which an attacker can remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s firewall.
Security News
Inrupt, the company founded by World Wide Web inventor Sir Tim Berners-Lee, released its personal data management platform “Solid” for enterprises. Read more.
Tourists are buying fake covid-19 test results on the black market to travel internationally. Read more.
Microsoft urges users to stop using SMS and voice calls for multi-factor authentication and opt for a smartphone authentication app instead. Read more.
Scammers cash in to loot people, as holiday shopping fairs go virtual due to pandemic. Read more.
Researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait which tied back to the known xHunt threat group. Read more.
Attacks / Breaches
Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. Read more.
Japanese game developer Capcom has revealed that it suffered a security breach which saw malicious hackers access its internal systems. Read more.
Researchers from UC Riverside and Tsinghua University announced a new attack against the Domain Name System (DNS) called SAD DNS. Read more.
A breach at an insurance software company Vertafore has resulted in the compromise of 27.7 million personal and driver’s license details in Texas. Read more.
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. Read more.