What got breached this week? Ticket portals, DNA sites, and Atlanta's police cameras

Also, Apple tightens up its certificate requirements

By Shaun Nichols in San Francisco


Roundup This week brought new charges for Marcus Hutchins, a novel way to sneak malware into archives, and shady hotspots for World Cup fans.

There was also plenty of other security bits that didn't quite make the headlines. Here are some of the best.

Apple wants to be cert-ain on certs

Apple is going to make it harder for sites to be trusted on Safari.

The Cupertino phone seller said this week that, come Fall, it will put stricter requirements on sites that want their certificates to be accepted.

"Publicly-trusted Transport Layer Security (TLS) server authentication certificates issued after October 15, 2018 must meet our Certificate Transparency (CT) policy to be evaluated as trusted on Apple platforms," Apple says.

"Certificates that fail to comply will this policy will result in a failed TLS connection, which can break an app’s connection to Internet services or Safari’s ability to seamlessly connect."

This means that certificates will now have to have at least two signed certificate timestamps from a CT log. That was previously only required for Extended Valuation certificates.

Ticketfly falls to hackers

Last week, ticketing site Ticketfly said it was the victim of an attack that left it unable to handle ticketing for some events over the weekend. This week, the site shed more light on the matter when it revealed that information on some 27 million accounts was harvested in the attack.

"In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed," Ticketfly said.

"However, information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed. "

Ticketfly notes that many of its users have multiple accounts with different email addresses, so fewer than 27 million actual people are affected by the breach. Also, no credit card information or passwords were accessed.

Still, anyone who has a Ticketfly account will need to reset their password, and re-used passwords on other sites should also be changed.

Thanks for getting scammed, now tell your friends!

It's bad enough to fall victim to a support scam, but one group is making matters even worse by tricking their marks into recording video endorsements.

Australia's ABC has the story of a group called 'Macpatchers' that uses fake tech support pages to get users to install remote access malware.

From there, the scammers trick the users into paying for unnecessary (and useless) support software and service. Finally, the scammers asked the victims to read a script saying they were satisfied with their experience.

Why? Because unbeknownst to the users, their webcams were turned on and recording them. The video clips were captured by the scammers and used to compile 'testimonial' videos that would make their dodgy support operations seem more legit.

While many Reg readers have no doubt tired of being the unpaid support staff for friends and family, stories like this underscore how important it is to be there to help of the less tech-savvy people in your life when they have problems or questions. The alternative is letting them play right into the hands of scammers.

MyHeritage coughs up user details

It's the notice nobody who uses a geneology site wants to see: MyHeritage has confirmed it suffered a massive breach of user data.

The testing site says a security researcher informed it earlier this week that a file containing the usernames and hashed passwords of every person who signed up for their service through October of last year was out in the wild.

Fortunately, we don't have to run any panicked thinkpieces about people having their "DNA hacked" anytime soon. The database only contained user email addresses and hashed passwords, no other personally identifiable information was accessed, and the site uses third-party services to process card data.

"Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security," the company said in its mea culpa.

"We have no reason to believe those systems have been compromised."

Atlanta ransomware infection worse than feared

Earlier this year, a ransomware outbreak hit the city of Atlanta, GA, taking down a number of the city's central IT services.

Now, it seems the outbreak was even worse than previously thought, and it could have a long-term impact on the city.

In addition to costing more than $2.5m to clean up, the city says the infection resulted in the loss of police dashcam footage. That footage includes evidence the city planned to use for criminal cases.

Police Chief Erika Shields told the Atlanta Journal Constitution that the city will hopefully still be able to proceed with the cases.

"But the dashcam doesn’t make the cases for us. There’s got to be the corroborating testimony of the officer," Shields was quoted as saying.

"There will be other pieces of evidence. It’s not something that makes or breaks cases for us."

Supermicro, semivulnerable

Researchers say that some servers from Supermicro could be vulnerable to firmware attacks, thanks to poorly-guarded hardware settings.

Security firm Eclypsium found that Supermicro boxes are not set to properly limit access to the firmware, potentially leaving the descriptor region vulnerable to being completely re-written.

"In general, the flash descriptor region should be “immutable” once the system completes the manufacturing process and is ready for production use. This helps establish the firmware stored in the SPI flash as a root of trust for the system," Eclypsium explains.

"By insecurely configuring the descriptor, malicious software with administrative privilege in the host OS may be permitted to modify the contents of firmware code and data that the host processor would otherwise never need to directly read or write."

In practice, this means that a malware infection already present on the system could use those vulnerabilities to further embed itself in the firmware layer, allowing the infection to become harder to detect and potentially crippling the entire server.

Eclypsium says it is working with Supermicro to shore up security and fix the vulnerabilities where needed. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Juniper slips out update after hardcoded credentials left in switches

Telemetry Interface blamed for exposed gRPC passwords

Prez Trump to host chinwag with Google, Microsoft, Oracle and Qualcomm – report

And Sundar Pichai heads to grilling on Chocolate Factory's data slurping

Google Play Store spews malware onto 9 million 'Droids

How did these get through the net?

Juniper grabs controller, inserts code, gets ready to play some SONiC Mania on its switch

Welcome to El Reg: Come for the video game references, stay for the open-source networking news

Juniper Networks liberates Contrail SD-WAN from its boxen to frolic among the clouds

aaS version of software promises faster deployments

Malware spotted doing unspeakable, filthy things to infected Macs – injecting Bing results into Google searches

Or so claim these security bods after clocking proxy-installing fake Flash plugin

BT berries Juniper's SDN kit in network architecture refresh

Meet Network Cloud – Brit telco's latest infrastructure play

Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware

DLL or no DLL?

Checkmate, Qualcomm: Apple in billion-dollar bid to gobble Intel’s 5G modem blueprints, staff – new claim

Logical step for the biz that wants to own its supply chain

Qualcomm fined €242m over 'predatory pricing' that helped to knock off British competitor Icera

Too late for chip flinger, but a win for the EU taxpayer