Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

More than Half a Billion Facebook Users Exposed as Hackers Give Free Access to Personal Data. Over the weekend the news site Insider reported that information for some 533 million Facebook users, originally stolen in 2019,  had now been posted on a popular hacker forum for free. The Washington Post quotes security expert Alon Gal, who discovered the release as saying: “Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.” Gal said the compromised data included Facebook IDs, full names, locations, some email addresses, relationship statuses, phone numbers, birth dates, biographical and other details. Bleeping Computer reports that “Included in the data leak are the phone numbers for three of Facebook’s founders—Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz, which are the 4th, 5th, and 6th members first registered on Facebook.” Facebook downplayed the posting of data, as the original hack had occurred in 2019, but this didn’t go over well with some Facebook users, as reflected in a BGR headline reading: “Facebook’s Response to Saturday’s News of a Huge Data Leak Was So Awful.”

“22-Year-Old Charged with Hacking Water System and Endangering Lives.” That’s a recent headline in The Hacker News, though the arrest didn’t involve the Oldsmar, Florida Water Treatment Plant attack as may have first come to mind. This attack was against the Post-Rock Rural Water District in Kansas. The hacker, identified as Wyatt A. Travnichek, is charged with breaking into a protected computer system and using it to shut down the cleaning and disinfecting processes at the facility. “By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, Special Agent in Charge of the Environmental Protection Agency (EPA) Criminal Investigation Division in Kansas. The Hacker News reports that if Travnichek is found guilty, he faces up to 25 years in federal prison and a total fine of $500,000.

Beware of Android “System Update” Messages … Might Be a RAT. BankInfoSecurity reports that Android device users are being targeted by a sophisticated spyware app that disguises itself as a “system update” application. Citing a report from Zimperium zLabs, the fake update is actually a remote access trojan (RAT) that  “can steal data, messages and images and take control of phones. Once in control, the hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages and more.”

“One in Five Healthcare Files is Open to All Employees.” That’s the shocking headline in a recent BetaNews story on a report from security company Varonis. The report found almost 20 percent of files open to all employees in an organization, and that over 31,000 files—including those that contain HIPAA-protected information, financial data, and proprietary research—are open to everyone. The percentage of files open to all is greater in small and medium organizations (25 percent and 23 percent) than in larger ones (16 percent). BetaNews reports: “On their first day at work, new employees at small companies may have instant access to over 11,000 exposed files, and nearly half of them contain sensitive data. This creates a massive attack surface and increases the risk of non-compliance in the event of a data breach.”

“Malware Attack is Preventing Car Inspections in Eight US States.” That’s the headline for Bleeping Computer’s report on a malware cyberattack on emissions testing company Applus Technologies that is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. The story quotes Darrin Greene, CEO of the US entity, Applus Technologies, Inc., as saying: “Unfortunately, incidents such as this are fairly common and no one is immune.”

A Good Reason Not to Cheat. Threatpost carries the headline: “Call of Duty Cheats Expose Gamers to Malware, Takeover” for its story about Activision warning users that cyber attackers are disguising malware—a remote-access trojan (RAT)—in cheat programs. The scam was first floated in March when a cyber attacker posted in hacking forums that they had a free, “newbie-friendly” method for spreading a RAT: Convince victims the malware is a video game cheat, Activision said in its warning. “It is common practice when configuring a cheat program to run it the with the highest system privileges,” Activision reported. “Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code-signing, etc.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.