News for September 19, 2022

Glasses Can Reflect Information To Webcams
by Artie Kaye

What is displayed on your screen can be picked up and reflected to people in a Skype or Zoom call.  Text can be reflected off the lenses and potentially be deciphered by anyone that has the video.  The capability of the camera doesn’t have to be that great.  Research was done using a 720p camera, which had a 75% success rate in correctly getting the information.  As cameras get more powerful this type of data leaking will tick up.  Zoom has functions to mask the eye region, Skype and Google’s products do not have any such filter.

Free Decryptor for LockerGoga Ransomware
by Artie Kaye

The NoMoreRansom project and Bitdefender have released a decryptor to help victims of the LockerGoga ransomware.  Due to arrests and seizures of hardware and software in 2021, the groups have developed a decryption program for use.  The MegaCortex decryption program is also being developed, as code for that was also obtained from the raid. 

If you have need of decryption software, please check the NoMoreRansom link below.

Uber Hack Highlights An MFA Weakness
by Artie Kaye

Uber was hacked again.  This attack was carried out using social engineering and MFA fatigue.  MFA fatigue occurs when a user is sent many login verification messages.  The hacker posed as tech support and contacted the user whom they were trying to login as over WhatsApp, suggesting that they accept the login to stop the spam.  The user did so, and the hacker gained access to Uber’s network, where they found means to elevate their privilege to administrator.  The attacker posted evidence of their time spent on the servers.  Uber states that no financial, location, or trip data was accessed.

The use of multi-factor authentication is meant to increase security, and in some instances it does.  However, the SMS one time token, or notifications on a linked device to login can be leveraged, as was the case with Uber.  Treat every instance of a login notification that you are not involved with as a potential attack.  Change the password as soon as you can from a secure device.  If you get targeted with an MFA fatigue attack, getting messages over and over when you’re not trying to log in to anything, contact your tech support as soon as you can.  This will help protect your data, your company’s data, and keep you safer.