Today: Twilio suffers major security incident, Microsoftoffice becomes most targeted platform for attacks, Garmin is knocked out by ransomware attack, news from North Korea and the latest on the Twitter hack.

Twilio suffers a major Security Incident thanks to a Misconfigured S3 Buckets.

Twilio, the cloud communications platform-as-a-service, has confirmed a security incident in which attackers accessed a misconfigured Amazon AWS S3 bucket. The hackers were able to inject code “that made the user’s browser load an extraneous URL. The attack  has been associated with the Magecart group of attacks,” the company says.
Magecart attacks are when hackers are able to skim personal information including credit cards by using malicious Javascript.

The incident happened on July 19 and was discovered several hours later, with the modified file being replaced within an hour.

Twilio doesn't believe this was targeted at the company. Rather, it seems to be an opportunistic attack related to a campaign to exploit open S3 buckets for financial gain.

Microsoft Office becomes the most targeted platform to carry out attacks

The number of attacks carried out using the popular suite has increased in the past two years as browsers become harder targets.

In 2017 it was Web-browser vulnerabilities that had the largest number of attacks accounting for 45% share, while Microsoft Office had a 16% share. Now 70% of all the attacks Kaspersky Lab caught targeted Microsoft Office, and only 14% took advantage of browser vulnerabilities.

Researchers said that this is because hacking browsers has become more expensive, as browser security has improved.

A new report from SonicWall released in July 2020 shows this trend is growing. Office files have overtaken now PDF documents as a delivery mechanism for malware.

Garmin knocked out by ransomware attack

Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame.

Not only is it currently impossible for Garmin customers to log into Garmin Connect to record and analyse their health and fitness data, but also the company’s call centres are unable to answer telephone calls, receive emails, or participate in online chats.

In short, Garmin’s infrastructure has suffered a massive failure – and, although the company has not officially confirmed it, the finger of suspicion points strongly in the direction of a ransomware attack.

Florida Tax Office Data Breach due to malware

A Florida Tax Collector's Office has blamed malware found on an employee's computer for a data breach that affected around 450,000 residents of Polk County.

The breach occurred in June at the Tax Collector’s Office for Polk County (TCPC). Information exposed in the attack included Social Security numbers and driver's license numbers.

Currently there is no evidence of any misuse of data from the breach.

Latest on Twitter hack

Twitter is now facing pressure from american politicians including senator Ron Wyden and celebrities to provide end to end encryption on their messaging services following the latest attack which  saw multiple high profile accounts breached including Kanye West and Barack Obama.

“It’s been nearly two years since meeting Jack Dorsey [sic] and discussing encrypting data, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access.”
Senator Ron Wyden

North Korean Hackers Spotted Using New Multi-Platform Malware Framework

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.

Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors' reference to the infrastructure as "MataNet" — comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.