GOT(IT) #5: Yahoo’s record breach grows, Russian hackers stole NSA data, plus new Dnsmasq flaws

Yahoo Breach 3 Billion Accounts

What’s worse than holding the record for the biggest data breach of all time? Well… Realizing it was actually three times bigger. October’s certainly not good news for Yahoo!

GOT(IT) #5 comes with not-so good news, like all Yahoo’s 2014 accounts were compromised or that Dnsmasq reported critical vulnerabilities; plus another strike for Kaspersky: a report claims an NSA contractor has been hacked through their Antivirus software.

Yahoo’s 1 Billion Account Leak Actually 3 Billion

yahoo-purple-56a2899f5f9b58b7d0cbe69d.jpgRemember Yahoo’s iconic breach? Nope, not the 500 million users one. I’m talking about the 2013 one billion user data leak. Well, according to Verizon Communications, recent owner of Yahoo, the attack actually affected all three billion of Yahoo’s accounts.

The record hack compromised the names, phone numbers, passwords, and birthdays of all users, after the simply encryption security was bypassed by the attackers. That information has recently appeared on the Eastern Europe market, according to InfoArmor; their report also disclosed that three buyers successfully acquired the database, including to known spammers.

The threat this breach generates is naturally fraud, since what hackers look for in huge databases like these are people who re-utilize their credentials in all of their logins.

However there’s a bigger scope that involves both corporate and state espionage: the 2013 and 2014 breaches might not be related, but two Russian intelligence officers were accused of the latter. Apparently their objective was to spy several U.S. targets.


Russian Hackers Stole U.S. Cyber Defense Data

GettyImages-56667887-feature-hero.jpg A report is spreading about state-sponsored Russian hackers that might have compromised an employee of the National Security Agency (NSA) in 2015, utilizing Kaspersky’s antivirus to infiltrate his computer.

The security company has denied its any ties with the alleged attack, which reportedly stole classified material regarding in-development tools that were to replace those compromised by Edward Snowden’s exposure.

The affected contractor was an U.S. citizen born in Vietnam and was part of the Tailored Access Operations team, known for their work in undisclosed intelligence-gathering exploits. It seems that the use of Kaspersky’s software triggered an alert that notified the Russian attackers, who then compromised the computer to access the confidential data.

Eugene Kaspersky, the firm’s founder, implied that the antivirus “didn’t played any active role in the breach, but the problem might have been that the software detected NSA’s hacking tools as malware”. The question at hand: was Kaspersky a mere tool for the hackers, also compromised, or did they provide access to them?


Google Found Dnsmasq Flaws with Wide Impact

Let’s begin with the good news: Google found the vulnerabilities and patched them correctly. Sigh in relief, and let’s get on with it! The open-source network utility program Dnsmasq (used in Android devices, IoT gadgets, and Kubernetes) suffered a number of exploits: Three remote code executions, one data leak, and three DDoS vulnerabilities.

One of this vulnerabilities, code CVE-2017-14491, is a heap-based buffer overflow in dnsmasq that allows the remote execution of arbitrary code via carefully crafted DNS responses.

As of the 2.78 release, available since the 2nd of October, the issues have been solved; what’s more, there’ll be a future release that will provide an improved Sandboxing for the program, thus upgrading the security in Android’s media frameworks.

All seven exploits have been detailed in Google’s blog, together with the patch required to fix the specified exploits. If you utilize dnsmasq, the need for an update is certainly crucial.


Hope you never have to experience a last-minute Friday emergency patch. That said, it’s always best to stay alert and solve the issue before you end up in the Guinness World Records for a massive security breach.


Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.