Cybersecurity Weekly: Card details listed for sale, new phishing attack spotted, Sprint support conversations exposed

February 3, 2020 by Sam Fay

Hackers list 30 million stolen payment card details for sale from the recent Wawa attack. Microsoft detects a new phishing attack that uses HTML attachments. Sprint exposed private customer conversations to the web. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Hackers list 30 million stolen payment card details for sale

Last December, Wawa convenience stores announced a breach that affected an unknown number of customers who shopped there in 2019. Hackers uploaded 30 million credit cards to Joker’s Stash, one of the largest dark web marketplaces for cybercriminals to buy and sell payment card data.
Read more »

2. Microsoft detects new TA505 malware attacks

Microsoft detected an ongoing TA505 phishing campaign delivering malicious Excel documents. This is the first time Microsoft has seen threat actors adopt an HTML attachment redirection technique. This attack looks like an HTML attachment that automatically downloads the infected Excel document.
Read more »

3. Sprint exposed private customer conversations to web

Shortly after Microsoft leaked internal customer support data to the Internet, Sprint exposed posts in a private customer support community to the internet. A configuration error allowed search engines to crawl through private sections of the community, some of which contained minimal customer data.
Read more »

4. Collating hacked data sets

As part of a project, two Harvard undergraduates obtained several stolen datasets from the dark web. Then they correlated the information and combined it with additional, publicly available information to build an even richer database — including data on individuals’ net worth and password reuse habits.
Read more »

5. Hackers blitz social media accounts of 15 NFL teams

Fifteen NFL teams had their social media accounts hacked last week. After This attack was performed by the same group of attackers that breached the social media accounts of Google CEO Sundar Pichai and Twitter co-founder Jack Dorsey.
Read more »

6. Mozilla banned hundreds of malicious Firefox add-ons over the last few weeks

Over the past two weeks, Mozilla banned 197 Firefox add-ons for executing malicious code and stealing user data. Mozilla also disabled malicious add-ons in the browsers that already had them installed. Most of the add-ons used obfuscation to hide their source code and downloaded and executed code from a remote server.
Read more »

7. City of Potsdam offline following a cyberattack

The German City of Potsdam suffered a major cyberattack that took down its servers earlier this week. Emergency services and payments were not affected, but the rest of the city’s operations were shut down to contain and mitigate the damage. City officials announced that email will not flow in or out while they recover from the attack.
Read more »

8. TrickBot launches quietly using new Windows 10 UAC bypass

The TrickBot trojan recently switched to a new Windows 10 UAC bypass. This will allow it to execute itself with elevated privileges without showing a User Account Control prompt. Since this is not considered a high priority to Microsoft, it could be several weeks or months before the bypass is fixed.
Read more »

9. 97% of airports show signs of weak cybersecurity

Security researchers examined 100 of the world’s largest airports, and only found three that passed their web and app security assessment. The vast majority of web apps used outdated software and were not GDPR-compliant. The only airports that passed were Schiphol Airport in Amsterdam, Helsinki-Vantaa Airport in Finland and Ireland’s Dublin Airport.
Read more »

10. Microsoft invites gamers and researchers to new Xbox bug bounty program

Microsoft invited gamers, security researchers and technologists to identify and report security vulnerabilities in Xbox networks and services. Bounty rewards will range from $500 to $20,000 depending on the severity of the issue. Included in the program are remote code execution, privilege escalation, security bypass and information disclosure vulnerabilities.
Read more »

Posted: February 3, 2020
Sam Fay
View Profile