Inside Security - April 4th, 2019 |

Inside Security (Apr 4th, 2019)

Breaches galore at Facebook (again!), Bayer and Georgia Tech

New blank template
Subscribe | View in browser

If you aren’t a premium subscriber, you missed out on my coverage yesterday about the Kibana bugs that were discovered recently. I examine what happened and what you can learn from the mistakes that many IT shops have made in implementing this tool. Today’s news carries breaches at several companies, including a Mexican third-party supplier to Facebook, the German conglomerate Bayer, and another attack to Georgia Tech.

We want to highlight the efforts of our sponsors and today call attention to NokNok’s work with proliferating FIDO2 standards.. Starting in December 2018 they helped Aflac Japan customers, who have been able to use biometric authentication on their mobile devices to securely request immediate payment service for their cancer treatments.

-- David Strom

1. Researchers found two separate databases filled with Facebook user and plaintext passwords. Both were from third-party providers and found on unsecured online data structures. One had more than 20,000 passwords, the other had millions of records. The researchers had trouble getting in contact with the data owners to lock both of them down. -- UPGUARD

2. Apache has found a bug in which server scripts can execute code with root privileges and take over the underlying web server. This is especially acute for shared tenant web providers. The issue is with Unix v.2.4.17 to v.2.4.38. You’ll want to upgrade to v.2.4.39 with the fix. -- ZDNET

3. Georgia Tech has been hit by a second data breach in less than a year. This time, more than a million records have been leaked. Details are few however. -- ATLANTA JOURNAL AND CONSTITUTION

4. Bayer was hit by the Winnti malware last year and only went public recently about the situation. No actual data theft occurred, and the company was monitoring the Chinese attackers covertly. The malware was removed last month. This group has hit other German businesses recently.  -- REUTERS

5. Researchers have discovered a new XLoader variant. It poses as a security app for Android devices and uses a malicious iOS profile for those devices. It uses Twitter for its command infrastructure and includes new features such as spyware. It spreads via SMS phishing lures. -- TREND MICRO BLOG

6. Equipment owned by the author of the OrcusRAT malware has been seized by federal agents in Toronto. He claims his software has legitimate purposes. Krebs is on the case.

7. Speaking of RATs, beware of tax-themed Trojans and email phishing lures this time of year. Proofpoint has the details of several campaigns it has seen from its telemetry.  

8.Remember the release of the NSA open source hacking toolkit called Ghidra? Here is a post that shows how it is used to examine the Azorult malware, using reverse engineering of its code to explore the various components. The post shows how valuable this tool can be for defenders. -- SECURITY AFFAIRS

9. Analysis of thousands of email spoofing campaigns show that email gateways fail to stop almost all of these messages from being delivered. The tried and true techniques of sender name and domain impersonation do the dirty work.  -- IRONSCALES BLOG

10. As the UK continues to stumble over its Brexit plans, this post examines what this means for cybersecurity there. It isn’t clear if EU cyber standards will apply in the UK and how data sharing governance will happen. UK businesses will need to review their own privacy policies too. -- COMPUTER WEEKLY

This week in 1972: Jon Postel published RFC 318, which presented the nascent Telnet protocol, 13 months before it was adopted. For those of you too young to remember his numerous contributions, read his obituary written by Vint Cerf and, of course, published as RFC 2468. Sadly, I never got to interview Jon before he died, but he has left an enduring legacy and we have much to thank him for too.

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our Managing Editor Kim Lyons (freelancer for the NYTimes and also the editor of Inside Pittsburgh) and Senior Editor Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram.) and David Stegon (senior editor at Inside, whose reporting experience includes cryptocurrency and technology).

Copyright ©, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.