Weekly Cyber Reports

This Week in Cyber 6th January 2023

Latest news & views from our Cyber Analysts

Written by

Team Nucleus

Written on

6th January, 2023


Google to Pay $29.5 Million in Lawsuits over Location Tracking

Google has recently agreed to pay $29.5 million to settle 2 lawsuits by the US state of Indiana and Washington D.C. in relation to a 2018 discovery that Google was tracking users on Android and iOS devices without consent, through the Web and App Activity setting, even if location tracking was turned off. This activity is said to have begun in at least 2014. They are paying $9.5 million to Washington D.C. and $20 million to Indiana, and as part of the settlement, Google have been ordered to notify users whether location data is being collected and show steps to disable the setting and delete location data. Furthermore, all location data will be automatically deleted from the device within 30 days of collecting it. The internet giant is still facing 2 lawsuits from Texas and Washington state.


APT Hackers Have Been Sighted Using Excel Add-Ins as Initial Intrusion Vector

Microsoft recently made the decision to disable VBA (Macros) as default for all office files. This is widely seen as a positive move as macros were an extremely popular initial intrusion vector for many low level and advanced hacking groups. However, hacking groups are smart and persistent which has led them to find a new method using Excel add-in files (.XLL). Cisco Talos have stated ‘XLL files can be sent by email, and even with the usual anti-malware scanning measures, users may be able to open them not knowing that they may contain malicious code’. Fortunately, the user would still have to open this file for the attack to initiate which means that phishing awareness training is crucial to help mitigate this new attack method. Interestingly, this attack method was used by ‘StonePanda’ back in 2017 who used it to install a backdoor payload.


235 Million Twitter User's Details Leaked on Hacker Forum

Earlier on this week, CTO for Hudson Rock and security expert Alon Gal, had seen that a large database was being heavily circulated before its eventual leak. He was then able to verify the data as being legitimate Twitter user information. He has claimed its one of the largest leaks he has ever seen and has described the database as containing "235,000,000 unique records of Twitter users and their email addresses" which also includes their follower counts and account creation date. He follows on to say that this "will, unfortunately, lead to a lot of hacking, targeted phishing, and doxxing.". According to Ron Scott-Adams, VMware's product marketing manager, the data is at least 2 years old and consists of mainly publicly accessible information, except for the email addresses.


The Irish Data Commission has Fined Facebook $414 Million for Forcing Users to Accept Ads

The Irish Data Commission (DPC) has fined Meta for serving personalized ads to its users based off breaching GDPR regulations. Meta included ‘allow targeted ads’ in its terms of service which is mandatory to accept if users would like to use the platform which essentially forces users to accept this privacy breach. Including contracts within a terms of service is not explicitly a breach of GDPR however the DPC argued ‘that its processing of users' data to date, in purported reliance on the 'contract' legal basis, amounts to a contravention of Article 6 of the GDPR’. This is the second large fine Meta has received in the last 3 months which have both been related to privacy issues.

  CircleCI Suffers Security Breach And Urges Immediate User Action

The DevOps company CircleCI has issued a security statement to its users’ which references a security breach that occurred over Christmas. CircleCI have stated ‘Immediately rotate any and all secrets stored’ whilst the investigation is still ongoing. The information points to an attacker gaining access on the 21st of December who maintained access until the 4th of January. CircleCI have assured users that their systems are no longer compromised however all users should replace their API keys out of caution. As the investigation is still ongoing there is little information around the breach and how it came about, CircleCI have released a malicious IP attached to the attack which may benefit security teams 54[.]145[.]167[.]181


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus