In GOT(IT) #31 we see the importance of having proper data security protocols across all of your company’s infrastructure. We also learn that ransomware is very much alive, and that gaming isn’t an ‘all-secure’ environment, but a rather ‘not-exploited’ one.
Coca-Cola Ex-employee Stole 8,000 Worker’s Data
Coca-Cola announced that they suffered from a data breach caused by an ex-employee who stole the data of around 8,000 workers in an HDD. The event was an odd one, since the company was notified by law enforcement authorities, who found the person in the possession of the hard drive.
The incident happened in September 2017, but due to the ongoing investigation, Coca-Cola held off the announcement until those concluded.
In their notice, the company stated that the breach may have provided Personally Identifiable Information (PII) of the affected workers, and thus identity monitoring services were offered for free for one year as prevention.
Usually, al cameras point to outside threats, but so-called ‘inside-jobs’ hurt the most. Lay-off protocols and proper branching of data privileges go a long way!
Some companies, like banking entities, forbid their ex-employees to work once the lay-off notice has been delivered, blocking access to all internal networks to prevent intentional damages. It may sound harsh, but it is a reality that any organization should watch out for.
Hacker Held Ticketfly’s Data for Ransom, Site Offline
The Eventbrite ticket platform, Ticketfly, has been offline for a week now, after a hacker breached the frontpage, stole its customer database, and held it for ransom. All of the service’s systems went offline as prevention during the investigation.
The event took place during the night of May 30th. It was then that users started reporting the image now present in the portal: the main character of ‘V for Vendetta’, notorious symbol of the Anonymous organization.
The hacker, who identified himself as IsHaKdZ, supposedly made CSV files available with user data, accesible through one of Ticketfly’s URL. But this was taken down as soon as it was made public. isHaKdZ revealed to CNET that he asked for 1 Bitcoin in ransom, or he’d release the portal’s data to the public.
The site remains down, and Ticketfly hasn’t given an update regarding the ransom. In the meantime, all of the portal’s activity remain silent, and users will need to contact each event’s venue locally to get information regarding tickets handled by the online service.
Steam’s 10 Year old Code Execution Vulnerability Patched
A vulnerability in Valve’s Steam has been patched after flying under the radar for 10 years, basically most of Steam’s lifetime!
The gaming platform and online store was reviewed by security researcher Tom Court, who discovered a code-execution bug that could have potentially targeted the platform’s +15 million active user-base.
The issue came from one of Steam’s client libraries. The process which reassembled fragmented datagram delivered through UDP packets could be activated remotely to execute code by sending a modified UDP packet. This way, the attacker could trick the protocol’s registry and cause an exploitable heap corruption.
Even if the vulnerability has been reported and properly patched, its impact remains unknown. According to Court, Steam added ASLR exploit protections in July 2017, which means this bug could only cause the user’s client to crash, at the most, but that solution covered only a year of this bug’s 10-year-long lifespan!
Prior to that, users could have been easily targeted with malicious code, as demonstrated in the proof-of-concept video above.
So what’s the moral of the story? Try to end things in good terms, avoid paying BTC ransoms, and review old code & and protocols.