Weekly Security News – 18th December 2023

Welcome to this week’s Security News. 

If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

Kraft Heinz investigates hack claims, says systems ‘operating normally’

Kraft Heinz has stated that their systems are functioning normally, denying any evidence of a breach after being listed by the Snatch extortion group on a data leak site on August 16th. The group threatened to leak stolen data unless a ransom is paid, but as of now, no proof of the alleged breach, such as screenshots of stolen data, has been provided by Snatch.

Ubiquiti users report having access to others’ UniFi routers, cameras

Users of Ubiquiti networking devices have reported privacy issues since yesterday, encountering unauthorized access to other people’s devices and notifications through the company’s UniFi cloud services. Ubiquiti, a well-known networking device manufacturer, provides a cloud-based UniFi platform for centralized device management. The first report emerged around 8 AM ET yesterday, with a customer receiving a notification from someone else’s security camera through UniFi Protect. The nature and extent of this privacy breach are currently under investigation.


Ten new Android banking trojans targeted 985 bank apps in 2023

In the current year, ten new Android banking malware families have surfaced, collectively focusing on 985 banking and fintech/trading applications from financial institutions spanning 61 countries. Banking trojans, a type of malware, aim to compromise individuals’ online bank accounts and financial transactions. They achieve this by stealing credentials and session cookies, circumventing two-factor authentication (2FA) protections, and in some instances, executing transactions automatically. This trend highlights an ongoing threat to the security of users’ financial information and underscores the importance of robust cybersecurity measures on mobile devices.

Discord adds Security Key support for all users to enhance security

Discord has expanded its security measures by making security key multi-factor authentication (MFA) accessible to all of its 500+ million registered users. This move aims to enhance security and counter phishing attempts on the popular social platform. The WebAuthn feature, initially introduced for employee accounts in August 2023, is now available for all users. This allows users to replace the older MFA system, which relied on time-based one-time passwords, 8-digit one-time backup codes, and SMS messages carrying a 6-digit verification code. Discord users can activate WebAuthn by navigating to Settings > My Account > Register a Security Key, enabling them to configure authentication through options like Windows Hello, Apple’s Face ID or Touch ID, and hardware security keys.

Microsoft disrupts cybercrime gang behind 750 million fraudulent accounts

Microsoft’s Digital Crimes Unit has taken action against a Vietnam-based cybercrime group known as Storm-1152. The group, identified as a significant cybercrime-as-a-service provider, has been involved in registering more than 750 million fraudulent accounts. They have generated substantial profits by selling these accounts online to other cybercriminals. Storm-1152 holds the dubious distinction of being the leading seller of fraudulent Outlook accounts. Additionally, the group offers illegal services, such as an automatic CAPTCHA-solving service, enabling the bypass of Microsoft’s CAPTCHA challenges and facilitating the creation of more fraudulent Microsoft email accounts. The seizure of multiple domains used by Storm-1152 reflects efforts to disrupt their illicit activities and protect users from online threats.