Cybersecurity Weekly: Citrix backdoor, Amazon data leak, Equifax to spend on data security

January 21, 2020 by Sam Fay

Hackers patch Citrix servers to deploy their own backdoor. Amazon fires employees for leaking customer data. Equifax commits to spending $1 billion on data security under data breach settlement. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Maze ransomware operators leak 14GB of files stolen from Southwire

The operators behind the Maze ransomware set up a website where they published the names of eight companies that refused to pay the ransom. After their latest victim, Southwire, refused to pay a $6 million ransom, Maze released an additional 14GB of the total 120GB they stole from the cable manufacturer.
Read more »

2. Hackers set up site selling temporary Social Security numbers

A group of hackers set up a scam site claiming to offer financial compensation to users whose personal data appeared in data leaks. Despite posing as the Federal Trading Commission, this scheme accepts victims from any country and offers to sell “temporary Social Security numbers” to those who don’t have one.
Read more »

3. Amazon fires employees for leaking customer data

Last week, Amazon sent an email to affected customers that an employee had been terminated for sharing their email addresses and phone numbers to a third party. Amazon confirmed the incident but did not disclose how many customers were affected. The company is supporting local law enforcement in an investigation into the breach.
Read more »

4. FBI to warn state officials of election infrastructure cyber threats

The new internal policy was prompted by the need to make sure that security incidents can be mitigated quickly. That mitigation directly depends on delivering cyber incident notifications as soon as possible to the right people after a threat is detected.
Read more »

5. Hacker lists 49 million user records for sale from U.S. data broker

49 million user records from U.S. data broker LimeLeads were available for sale on a hacking forum last week. The company failed to configure its Elasticsearch server and accidentally exposed it online, allowing anyone to access its content. A threat actor could launch an elaborate spearphishing attack using the stolen data.
Read more »

6. FBI seize for selling info from data breaches

Last week, the FBI seized the domain for selling subscriptions to data exposed in breaches. We Leak Info compiled almost 12.5 billion records stolen from data breaches and allowed users to pay to access it. To access this data, visitors could subscribe to various plans ranging from a $2 trial to a $70 three-month, unlimited access account.
Read more »

7. Hackers patch Citrix servers to deploy their own backdoor

Security experts are monitoring a spike in attacks against Citrix servers after researchers uncovered exploits for a recent vulnerability. The attack involves patching the vulnerable Citrix servers, installing their own backdoor and locking out any other threats. Estimates project 80,000 companies to be at risk of this attack.
Read more »

8. Equifax will spend $1 billion on data security under data breach settlement

On January 13, a federal court approved the proposed settlement for the class action suit filed against Equifax. Part of this settlement included the commitment “to spend a minimum of $1 billion for data security and related technology over five years and to comply with comprehensive data security requirements.”
Read more »

9. More Health Quest patients added to phishing attack victims

New York-based Health Quest recently began another round of breach notification letters after discovering more patient data was compromised during a 2018 phishing attack. Health Quest has since implemented multi-factor authentication on its email system and provided employees with additional phishing-related training.
Read more »

10. Phishing for apples, bobbing for links

Security researchers have noticed a rise in iPhone-specific phishing campaigns in the wild over the past few months. These scams have taken the form of emails as well as text messages, both with hyperlinks to fraudulent Apple-related websites. Most of the observed campaigns invoked a sense of urgency or warned of dire consequences if no action was taken.
Read more »

Posted: January 21, 2020
Sam Fay
View Profile