More on Booking.com compromises
Welcome to Cyber Security Today. It’s Friday, December 1st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
In previous podcasts In previous podcasts I’ve reported on abuse of the booking.com hotel reservation platform. Here’s the latest news: Researchers at Secureworks last month found a mistake made by an employee led to a hacker stealing the business’ Booking.com credentials. From there the hacker sent emails from Booking.com to people who made reservations at the hotel. The messages, of course, looked official. Unfortunately somehow the attacker then stole money from the guests’ accounts. The employee’s mistake? Responding to an email from a so-called former hotel guest who wanted help finding a lost passport. The initial email didn’t have an attachment or a link, so the employee wasn’t suspicious and trusted the message. However, a follow-up email did have a link to a supposed photo of the missing passport to help the hotel employee. Clicking on that link allowed malware to be downloaded that could copy passwords on the hotel employee’s computer. The hacker used those credentials to log into the Booking.com reservation system for the hotel, and then send phishing messages to hotel guests. It helped — and you know what’s coming — that the hotel didn’t enable multifactor authentication for employee logins to Booking.com.
The U.S. has seized the website of a cryptocurrency mixer called Sinbad used by North Korea and others to launder stolen digital currency. At the same time the U.S. sanctioned the service, meaning no one in the U.S. can use it. Sinbad is used by North Korea’s Lazarus group for exchanging stolen digital currency for cash. Others use Sinbad to hide drug trafficking and child abuse materials.
Remember the Stuxnet attack of 2010? That’s when attackers were able to compromise Siemens internet-connected programmable logic controllers to damage centrifuges processing uranium at a nuclear plant in Iran. Siemens altered the coding of the software to prevent that from happening again. But researchers at Enlyze say they found a way to bypass the fixes. For the past 12 months Siemens has been saying users of its S7 PLCs should be running on version 17 or later for better security.
Fake virus warnings are popping up on the screens of people going to popular websites like the Associated Press, ESPN and CBS. You’ll be on the site and suddenly what looks like an anti-virus scanner is checking your computer — and lo and behold there are three viruses found and a recommendation you take action — like downloading a file or buying a security product. This is a scam. An infected ad on the page triggers the so-called scanner, which is a video that looks like it’s scanning something. Researchers at Malwarebytes say the gang behind this is called ScamClub.
Finally, Apple has released updates for the iPhone iOS and iPadOS operating systems to close vulnerabilities. Your devices should be running versions 17.1.2.
Later today the Week in Review podcast will be available. I’ll talk with Terry Cutler of Cyology Labs about ransomware, the latest explanation from Okta about a data theft from its customer support system and a survey of information security officers whose firms were hacked.
Links to details about news in every podcast episode are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.