[Security Weekly] Chicago’s Cook County Exposes 323,000 Court Case Records
4th Week of January 2021
1. Metropolitan Chicago’s Cook County exposes 323,000 court case records
Over 323,000 detailed records of criminal, immigration, and domestic cases from the courts of Cook County were exposed in a publicly accessible database for at least four months. With a population of 5.1 million, Cook County is the second-largest county in the US, and home to Chicago, the third-largest city in the country.
The misconfigured database was first discovered by security researchers at Website Planet back on September 26, 2020. The researchers then notified Cook County immediately, only to have the database set to private on January 25, 2021. It is not clear how long the database had been exposed prior to the initial discovery.
Exposed data were detailed records of Cook County’s court cases from 2012 to 2020. These included cases of criminal offense, immigration dispute, and domestic abuse. All records contained the personally identifiable information (PII) of the accused and the victims.
Such information, when ended up in the wrong hands, could be used to blackmail the victims for ransom payments. Especially given that many of the victims belong to vulnerable groups such as new immigrants and sufferers of domestic abuse.
Sources: Threatpost, Infosecurity
2. Hezbollah’s cyber unit Volatile Cedar hacks into telecom companies worldwide
Volatile Cedar, the cyber unit of Lebanon-based militant group Hezbollah, was discovered to have hacked into 254 servers belonging to telecom companies around the world in an ongoing hacking campaign. Hezbollah is widely regarded as the world’s most powerful non-state political party and militant group.
The current hacking campaign, dubbed BeardStache, began in early 2020 and had kept itself off the radar for nearly a year, until discovered recently by Israeli cybersecurity firm ClearSky. The victims were a number of telecommunications companies from the US, Britain, Israel, Saudi Arabia, the UAE, Egypt, and Lebanon. These included US-based Frontier Communications, Saudi Arabia’s SaudiNet, and Vodafone Egypt.
The hackers targeted these companies’ servers by using a vulnerability scanner to scan for outdated Oracle and Atlassian servers. They then exploited several known vulnerabilities to gain access to the internal IT systems, followed by the deployment of the Explosive remote access trojan (RAT) to exfiltrate the databases. The Explosive RAT had been used exclusively by Volatile Cedar.
Experts suggest that the campaign was most likely an espionage attempt. Sensitive information such as personal details and call records were likely exposed.
Sources: ZDNet, Bleeping Computer
3. SonicWall suffers cyberattack exploiting zero-day flaws in its remote access solutions
Network security giant SonicWall announced on January 22 that it had suffered a sophisticated cyberattack that exploited zero-day vulnerabilities in its remote access products. SonicWall is well known for its lineups of network firewalls, VPNs, and network access solutions.
According to a statement posted by SonicWall, the cyberattack exploited zero-day vulnerabilities in its Secure Mobile Access (SMA) version 10.x running on a number of SMA 100 Series appliances. Affected devices include the SMA 200, 210, 400, 410 appliances, and the SMA 500v virtual appliance. The SMA is a popular remote access solution used by organizations for remote work, allowing employees to access internal files from remote locations.
SonicWall added that the SMA 1000 Series appliances were not affected by the attack. In order to protect its clients from supply chain attacks, SonicWall provided a temporary fix by setting up a firewall to control access to the SMA appliances. The company also asked all its clients to deploy two-factor authentication (2FA) for their admin accounts.
4. Dating site MeetMindful hacked, 2.28 million user details posted online
The personally identifiable information (PII) of 2.28 million users of MeetMindful, a popular dating site, was published on a hacking forum and available for free download.
The ShinyHunters hacking group claimed responsibility for the data leak. Even though it is unclear how these hackers got their hands onto the data, experts believe that it was likely due to a misconfiguration in the cloud databases.
The published data contained highly sensitive information, such as full names, dates of birth, email addresses, IP addresses, home locations, physical characteristics, marital status, dating preferences, as well as hashed passwords, Facebook IDs, and Facebook authentication tokens. Such information makes it very easy for malicious actors to identify the individuals and launch all kinds of attacks such as phishing scams, identity thefts, blackmailing, and even sextortion.
The thread where the file was posted received more than 1,500 views, making it very likely that the file may have been downloaded multiple times.
Sources: ZDNet, Threatpost
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security