The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.
City of Atlanta Faces Ransomware Roadblock
In the past week, the city of Atlanta has been dealing with the aftermath of a ransomware attack that effectively halted the police department’s Special Operations Section, which monitors non-emergency city functions. In a surprising twist, however, the ransomware author’s contact portal was leaked through several media outlets, prompting the author to remove the portal entirely and leaving the city with no means of paying the ransom. While the city was able to quickly return to normal operations for most employees, the recovery process will likely be ongoing for some time.
Facebook’s Data Collection Larger Than First Thought
Over the past week or so, researchers have been taking a deeper look into the data being collected by Facebook, with or without users’ permission. It was revealed that, due to lax API permissions for the Facebook installation on older versions of Android, Facebook was allowed to gather both call and SMS logs without user opt-ins. For some, extensive details of calls made by users were meticulously stored for up to several years. Details included call duration, recipient, and the date and time of the call. While Facebook claims any stored data is deleted if the user chooses to revoke permissions, users have been able to download their own data after removing the app, as the opt-in feature is the default setting when installing Facebook for the first time.
UK Anti-Doping Agency Hit By Cyber Attack
Recently, the UK’s anti-doping agency was targeted by an attack attempting to access drug testing and medical records for athletes. A Russian hacking group is believed to be responsible, as the attack comes not long after a doping scandal that affected several Russian athletes. Fortunately, the anti-doping agency has confirmed that no data was compromised in the attack and a simple reboot of their servers was all the remediation necessary.
Facebook Boosting Bounty Hunter Program After Data Handling Debacle
Following the latest scandal regarding the misuse of user data by third-party apps, Facebook has begun a complete overhaul of their bug bounty hunter program. In addition, they are reworking the company’s app review system to better determine permissions needed by apps that request access to a user’s friends list. Finally, any apps running on the Facebook platform that have been found to misuse customer data will be permanently blocked from accessing the development platform.
Sanny Malware Receives Multi-Step Delivery System
While Sanny has been well known and documented for several years, a new update has completely changed the delivery method of the malware. By portioning out the steps in the attack, rather than deploying everything in one drop, Sanny is capable of bypassing any UAC prompts and making multiple checks for the operating system version. Once the malicious macro is launched from within the email attachment, it checks for the specific OS and begins downloading additional files to bypass any OS security checks and executes its final payload.