Financial management app hacked, stolen data giveaway, warning for QNAP users and Garmin attack update
Welcome to Cyber Security Today. It’s Wednesday July 29th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
For security reasons organizations must monitor the password access they give partner companies to their computer systems, particularly when the partnership ends and the access should be revoked. Here’s another example why: A personal financial management app called Dave.com has acknowledged its subscribers are at risk from the hack of a company it dealt with. Someone hacked into a former service provider partner called Waydev and used that to get into and copy some of Dave.com’s customer database. Stolen information included names, email addresses, birth dates, physical addresses and phone numbers, scrambled social security numbers and scrambled passwords. What was not accessed were bank account numbers, credit card numbers or records of financial transactions. All Dave.com subscribers have to reset their passwords. According to the news site Bleeping Computer, the hacker sold a database of 7. 5 million Dave.com users to someone, who then released all the information for free on a hacker forum.
That person or group who released that Dave.com data goes by the nickname ShinyHunters. According to Bleeping Computer, ShinyHunters is now flooding a hacker forum with free stolen data claiming to be from 18 hacks — some of them from this year — and totaling 386 million user records. One of the biggest was the hack of 15 million user records from Chatbooks, which I told you about in May. Another was the hack of an online Brazilian travel agency called Hurb that included 20 million customer records. It’s common for hackers to give away stolen personal data once it’s no longer profitable. Often that’s because over time people change email passwords or get new credit cards to make stolen data less valuable. Bleeping Computer asked ShinyHunters why they were giving away stolen data and they replied: “I just thought: ‘I’ve made enough money now’ so I leaked for everyone’s benefit.”
Cybersecurity agencies in the U.S. and United Kingdom are warning users of QNAP network-attached storage devices to install the latest security patches. This is because a strain of malware called QSnatch continues to be found in these devices despite warnings being issued months ago. I mentioned this in a podcast last November. As of the middle of last month there were an estimated 62,000 infected QNAP devices around the world. About 7,600 of them were in the U.S. Almost half of them were in Western Europe. Once a device is compromised the attackers try to make it impossible for updates to run, so IT administrators — or home users — should make sure the latest updates are installed. QNAP has issued an advisory with instructions on protecting these devices.
Users of drones made by a company called DJI should know a few security-related concerns about the Android version of the GO 4 app the device needs for remote control. They were raised by a security company called Synactiv, which did an analysis of the app. One problem: The app can force an update or install new software on smartphones without going through the Google Play store. That could give DJI almost full control over phones, Synactiv said. It also notes that the app collects some information about smartphones such as the serial number of the SIM card, which isn’t needed for drone flights. The Apple iOS version of the app doesn’t have the hidden update capability.
Finally, I told you last week that Garmin, which makes smartwatches, fitness trackers and navigation devices, suffered a cyber attack that knocked many of its systems offline late last week. Well, it’s recovering. The company said Monday that some systems were encrypted, which sounds like ransomware. It says there is no indication any customer payment information or data was accessed or stolen.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.