Online Children's Playground Animal Jam Breached

27.7M Texas drivers' data exposed, TikTok gets reprieve, CostaRicto mercenary hacking group is for hire, WHO hit by cyberattacks after spurning Taiwan, Cobalt Strike source code allegedly leaked, more

Nov 13

(Check out our special report from this morning on the report that CISA’s chief Chris Krebs believes that the Trump administration will fire him, and the agency’s push, along with other groups, to get out the word that this past U.S. election has been the most secure one in recent history.)

Hackers Breached Popular Online Children’s Playground Animal Jam, 46 Million Accounts Impacted

Highly popular online playground Animal Jam has suffered a data breach impacting 46 million accounts. The breach became apparent after a threat actor shared two databases belonging to Animal Jam for free on a hacker forum that they stated were obtained by ShinyHunters, a well-known website hacker. The threat actors gained access to 46 million player usernames, which are human moderated to make sure they do not contain a child's proper name, 46 million SHA1 hashed passwords, approximately 7 million email addresses of parents whose children registered for Animal Jam account, IP addresses, and other data. WildWorks, which created Animal Jam, just learned yesterday of the breach and is investigating. (Lawrence Abrams / Bleeping Computer)

27.7 Million Texas Drivers’ Data Exposed After Insurance Software Company Breach

Vertafore, a provider of insurance software, disclosed this week a data breach that occurred on March 11, saying that a third-party accessed the details of 27.7 million Texas drivers after files were left inadvertently stored in an unsecured external storage service. The files contained information on driver's licenses issued before February 2019, which the company used for its insurance rating software solution. The files included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories. Vertafore is investigating after alerting authorities and is notifying Texas drivers whose data was exposed in the breach. (Catalin Cimpanu / ZDNet)

TikTok’s Demise in the U.S. Delayed by Commerce Department

The U.S. Commerce Department said it would abide by an October 30 temporary injunction that prevented the government from effectively shutting down TikTok, thereby delaying the popular video app’s demise in the U.S. for an unknown period. TikTok attempted to force the government’s hand by filing a petition in the US Court of Appeals for the D.C. Circuit seeking clarity on its future. The court did not address a related Commerce Department mandate demanding TikTok sell its U.S. assets. (Alex Sherman / CNBC)

CostaRicto Hacker-for-Hire Mercenary Group Strikes Diverse Victims in Varying Locations

A new hacker-for-hire mercenary group named CostaRicto that attacks victims around the world, including in South Asia, India, Bangladesh, and Singapore, has been discovered by BlackBerry. The victims vary widely across the world. BlackBerry believes a particular nation-state does not sponsor CostaRicto due to the diversity of the victims and geography. (Catalin Cimpanu / ZDNet)

WHO Says Its Under ‘Onslaught’ of Cyberattacks After Rejecting Taiwan

The World Health Organization (WHO) said it had faced an "onslaught" of cyberattacks by activists using keywords like "Taiwan" after the government complained posts in support of the self-ruled island were being censored on Facebook. Its lack of access to WHO has angered Taiwan because China, which claims Taiwan as its own, is not part of the organization. WHO recently rejected Taiwan’s bid to get into the World Health Assembly, the WHO's decision-making body. (Stephanie Nebehay and Ben Blanchard / Reuters)

Related: RT News, Straits Times, Channel News Asia

Alleged Cobalt Strike Source Code Leaked on GitHub

The source code of commercial penetration testing software Cobalt Strike has been leaked in a GitHub repository, making it easier for hackers, particularly ransomware attackers, to launch assaults. The repository has been forked 172 times, making it hard to contain the source code's spread. Cobalt Strike hasn’t confirmed that the leaked code belongs to the company. (Lawrence Abrams / Bleeping Computer)

Related: Didier Stevens, SiliconANGLE

Share Metacurity

Binance Pays Researchers $200,000 for Identifying One Culprit Behind 2018 Attempted Breach

Cryptocurrency exchange company Binance said it had awarded $200,000 to a team of unidentified investigators after finding one of the criminals behind a 2018 cyberattack against the company. Soon after the attempted break-in, Binance announced a $250,000 reward leading to the attackers' arrest. Once the identified attacker is arrested, the team will receive the remaining $50,000. (Jessica Haworth / The Daily Swig)

Related: Binance

Menlo Security Raises $100 Million in Series E Funding Round

Endpoint-free cloud security solutions provider Menlo Security raised $100 million in a Series E funding round led by Vista Equity Partners, with participation by Neuberger Berman, General Catalyst, JP Morgan, American Express Ventures, HSBC, and Osage University Partners. Over the past several months, Menlo claims to have identified a credential phishing campaign targeting the hospitality industry and stopped an HTML smuggling campaign called Duri that delivered malicious files to devices. (Kyle Wiggers / Venture Beat)

Researchers Find New Method for Conducting DNS Cache Poisoning Attacks

Researchers from Tsinghua University and the University of California identified a new method that can be used to conduct DNS cache poisoning attacks. The method the researchers discovered takes advantage of a side-channel attack to deduce the source port number of the DNS client. Although solutions to the problem exist, its discovery puts extra pressure on internet engineers to step up DNS security. (Ax Sharma / Bleeping Computer)

Related: ZDNet, Slashdot

Global Cybersecurity Worker Shortage Drops for the First Time Ever

For the first time, the global cybersecurity workforce gap saw a reduction, shrinking from 4 million to 3.1 million, according to the International Information System Security Certification Consortium, or (ISC)². The gap narrowed in the U.S., too, from roughly 498,000 open jobs to just 359,236, with 879,157 cyber professionals actively employed. (Bradley Barth / SC Magazine)

Other Infosec Developments

U.S. Cyber Command has been working with a graphics company to illustrate foreign government hackers in ways that embarrass them or belittle them. For example, Cyber Command decided that the best way to illustrate Russia’s FSB hackers was to depict them as an endearing if bumbling, bear. (Shannon Vavra / Cyberscoop)

Popular stock photo service 123RF suffered a data breach, which became apparent after a hacker began selling a database containing 8.3 million user records on a hacker forum. The stolen data includes full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. (Lawrence Abrams / Bleeping Computer)
The Internet Service Providers’ Association (ISPA) is warning South Africa’s 11 million gamers to increase their security as the industry increasingly becomes a target for hackers. South Africa’s gaming market is arguably the biggest in Africa. (Sibahle Malinga / IT Web)
Kenenty Kim, aka Myung Kim, of Firecrest, Washington, has been sentenced to prison for 108 months, plus three years probation after that, after he admitted to conspiring to commit money laundering for his role in a $700,000 complex email fraud scheme. He was further ordered to pay restitution of $745,540.70. (Justice.gov)

Photo by Alexander Dummer on Unsplash