Android exploit code emerges, ransomware goes south, Citrix calls off hack probe, and more

Roundup Here’s a quick summary of what’s been happening in the infosec world lately, beyond what we’ve already reported.

Louisiana declares state of emergency over ransomware

A massive ransomware infection spreading among Louisiana school districts has caused the governor to declare a state of emergency – a designation usually reserved for natural disasters or widespread civil unrest.

The declaration was made by Louisiana governor John Bel Edwards after three different districts reported having their data encrypted by ransomware infections.

In addition to declaring the emergency, the governor has called in the state’s Cyber Security Commission to address the problem.

“The state was made aware of a malware attack on a few north Louisiana school systems and we have been coordinating a response ever since,” Edwards said.

“This is exactly why we established the Cyber Security Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat.”

PoC shows how Android gear gets pwned by a video

One of the Android remote code execution flaws patched by Google earlier this month now has a partial proof-of-concept to go with it.

Researcher Marcin Kozlowski says that his PoC shows how a video file can be embedded with code that causes Android to crash.

But it’s only a partial attack; Kozlowski purposely only sets up the crash so that script-kiddies couldn’t just drag and drop the attack and start spreading it.

“You can own the mobile by viewing a video with payload,” he explains, “in my example I didn’t include real payload.”

Rather, anyone who wants to actually weaponize the bug will have to go the extra mile and add their own RCE instructions.

Citrix wraps up hack probe

Enterprise software giant Citrix is putting an end to its investigation of the 2019 network breach that saw hackers steal 6TB worth of corporate data.

The report doesn’t have much in the way of new information. Rather, Citrix confirms the earlier reports that the attackers were on Citrix’s network for five months and were able to collect massive amounts of data as well as access some employee email accounts.

“Importantly, we found no compromise or exfiltration beyond what has been previously disclosed. The cyber criminals have been expelled from our systems. There is no indication that the security of any Citrix product or customer cloud service was impacted,” Citrix said.

“Finally, we determined that the cyber criminals did not discover or exploit any vulnerabilities in our products or services to gain entry.”

iSynq still trying to clean up attack

Last week we mentioned the ransomware attack that caused accounting software cloud company iSynq to temporarily shut down service. In the days since the outbreak, the provider is working to get everything back online, but many customers are still unable to log in.

As of Wednesday, iSynq estimated that 1,000 customers were back online, but the rest might have to wait until the weekend.

“Our work isn’t done, and we’ll work over the coming days until we get ALL of our customers online safely and securely,” iSynq said.

Apple devices invaded by Bluetooth BLE attack

A set of PoC scripts emerged on Thursday showing how Apple devices can be tricked into handing over personal information via Bluetooth Low Energy (BLE) connections.

The scripts show how, among other things, the devices can be prompted to turn over the device’s phone number, ask for Wi-Fi network passwords, or even send a message to the targeted phone.

RobinHood cops to plaintext password buffoonery

Financial services site RobinHood has admitted to a serious lapse in security.

The online investment site told some customers that some of their their passwords had been erroneously stored in plain text, rather than hashed. This meant that employees, and in theory hackers, would have been able to see credentials that should never have been exposed.

While no unauthorized people were able to get to the passwords, RobinHood said it was going to reset all of the exposed credentials out of an abundance of caution. ®

Sponsored: Balancing consumerization and corporate control

READ MORE HERE