Information Security News
The World Anti-Doping Agency confirmed Tuesday that hackers accessed a database of confidential medical data and released the drug regimens of gymnast Simone Biles and three other top US Olympians. The agency went on to say the Russian government was behind the move.
The organization, which screens Olympic athletes for performance-enhancing substances, said the attack was carried out by "Fancy Bear," one of the same Russian government-sponsored hacking groups that security experts say broke into Democratic National Committee servers and made off with confidential documents. Fancy Bear members used a technique known as spear phishing to gain access to the Anti-Doping Administration and Management System (ADAMS) database through an account that was created by the International Olympic Committee, the agency said in a statement.
"WADA has been informed by law enforcement authorities that these attacks are originating out of Russia," agency Director General Olivier Niggli said in the statement that also named Fancy Bear as the group. "Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report." The McLaren investigation refers to an inquiry into allegations of Russian government-sponsored doping at the 2014 Sochi Olympics. The investigation has been a major source of controversy between Russia and Olympics organizers.
Plaintext passwords, usernames, e-mail addresses, and a wealth of other personal information has been published for more than 2.2 million people who created accounts with ClixSense, a site that claims to pay users for viewing ads and completing online surveys. The people who dumped it say they're selling data for another 4.4 million accounts.
Troy Hunt, operator of the breach notification service Have I Been Pwned?, said he reviewed the file and concluded it almost certainly contains data taken from ClixSense. Besides unhashed passwords and e-mail addresses, the dump includes users' dates of birth, sex, first and last names, home addresses, IP addresses, account balances, and payment histories.
A post advertising the leaked data said it was only a sample of personal information taken from a compromised database of more than 6.6 million ClixSense user accounts. The post said that the larger, unpublished data set also includes e-mails and was being sold for an undisclosed price. While the message posted over the weekend to PasteBin.com has since been removed, the two sample database files remained active at the time this post was being prepared. The Pastebin post, which was published on Saturday and taken down a day or two later, read in part:
The Microsoft Patch Tuesday updates are out, our analysis is here:
If you consume these using an API, the link for that is here: https://isc.sans.edu/api/getmspatchday/2016-09-13
(or if you prefer json https://isc.sans.edu/api/getmspatchday/2016-09-13?json )
=============== Rob VandenBrink Metafore(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
On top of today being Patch Tuesday, Apple has released IOS 10 sometime today as well. They also released 10.0.1, with not a lot of detail behind that release (maybe something was missed?)
Security details for 10.0 : https://support.apple.com/en-ca/HT207143
Security details for 10.0.1: https://support.apple.com/en-ca/HT207145 (an almost empty page)
MiTM attacks on Apple Updates
Autocorrect pulling sensitive data from cache (again)
Issues with Certificate Trust in Mail app allows MiTM
Airprint Temp file sanitization
SMS directory exposed to malicious apps
None of these Apple or Microsoft updates are what youd call small - lets hope we dont break the internet today (just kidding, I think).
Happy Patching everyone!