Security Leftovers

posted by Roy Schestowitz on Jul 18, 2023

• Analysis Method for Custom Encoding, (Wed, Jul 5th) [Ed: Windows TCO]

  In diary entry "Deobfuscating a VBS Script With Custom Encoding", I decoded a reader submitted VBS script with custom encoding of the payload.

• Security updates for Monday [LWN.net]

  Security updates have been issued by Debian (gpac, iperf3, kanboard, kernel, and pypdf2), Fedora (ghostscript), SUSE (bind, bouncycastle, ghostscript, go1.19, go1.20, installation-images, kernel, mariadb, MozillaFirefox, MozillaFirefox-branding-SLE, php74, poppler, and python-Django), and Ubuntu (cups, linux-oem-6.1, and ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1).

• City of Odessa dealing with data breach

  According to the City of Odessa, mayor Joven was advised that the city dealt with a serious data breach.

  It was discovered that accounts assigned to a terminated high-ranking employee have been recently accessed, and sensitive information was transferred.

• Two California plastic surgery practices suffer cyberattacks and embarrassing patient data leaks

  On June 21, BlackCat (AlphV) threat actors added Beverly Hills Plastic Surgery to their leak site. “We have lots of PII and PHI, including a lot of pictures of patients that they would not want out there,” the listing read. “It be in your best interest to reach out before we release all data. Leak to follow if no contact made.”

  On July 8, that text was replaced with a different message: “Dr. David Kim and Dr. Eugene Kim does not care about patient privacy. Only fill they pockets with money,” BlackCat claimed in their usual insulting manner.

• No Need to Hack When It’s Leaking, Monday edition: Dating App That Claims 50 Million Users Suffered a Data Breach

  A majority of the records referred to an application called 419 Dating – Chat & Flirt. However, inside the database, I also saw information related to other dating apps called Meet You – Local Dating App by Enjoy Social App, and Speed Dating App For American by MyCircle Network Corp. The presence of what appeared to be logos and development files pertaining to these apps in the same database may be suggestive of the likelihood that all three dating apps are owned or developed by the same company using different names. There were also documents related to a couple of location-tracking applications found in the database, though we can’t assure they are related in any way to 419 Dating due to the lack of information available online that the companies are connected. According to multiple listings of software download sites, 419 Dating – Chat & Flirt is developed by a Chinese company called SILING APP (also visible in the web archive). I immediately sent a responsible disclosure notice and although the database was quickly secured no one ever replied. The app used to be available on the Google Play Store but was removed shortly after my notification. However, the app is still available on many other websites. Per its own advertisement campaign, the 419 Dating app claims to have 50 million users worldwide.

  The database appears to contain a massive number of user records that include customer names, account numbers, emails, passwords, and more. In total, the database contained more than 600 compressed server logs.