Cybersecurity Weekly: Hacker reveals black market credit cards, Linux Sudo flaw discovered, RDP honeypot experiment

October 21, 2019 by Sam Fay

An anonymous hacker reveals 30% of the stolen credit cards on the black market. A Sudo flaw has been discovered that allows all Linux users run commands as root. A cybersecurity blogger experiments with an RDP honeypot. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. Expansion on the horizon for girls’ cyber security competition

The United Kingdom’s National Cyber Security Centre announced that its popular CyberFirst Girls Competition will expand in 2020. Since launching in 2017, the program aimed at attracting young women into cybersecurity has seen over 24,000 registrants.
Read more »

2. When card shops play dirty, consumers win

Last month, an anonymous source announced he had the full database of 26M cards stolen from a carding site known as BriansClub. The stolen database included cards added to the site between mid-2015 and August 2019. Experts estimate the total number of stolen cards leaked from BriansClub represent almost 30% of the cards on the black market today.
Read more »

3. Sudo flaw lets Linux users run commands as root even when they’re restricted

A new vulnerability has been discovered in Sudo — one of the most important, powerful, and commonly used utilities in Linux and UNIX-based systems. This vulnerability is a security policy bypass issue that could allow a malicious user to run commands as root even when the configuration explicitly disallows it.
Read more »

4. An experiment with RDP honeypotting

As part of a honeypotting experiment, a cybersecurity blogger who goes by the name JW set up a vulnerable Windows machine with a traffic monitor to capture attacking techniques. After several attempted attacks, he wrote a full report on the tools that were used and the information that was targeted.
Read more »

5. Fake Tor browser has been spying and stealing Bitcoin for years

Hackers have been distributing a compromised version of the official Tor Browser that’s packed with malicious tools used to both spy on users and steal their bitcoin. The trojanized Tor has apparently resulted in a relatively small amount of bitcoin being lost to date, with funds taken by address swapping when users make payments on darknet markets.
Read more »

6. Zappos offers users 10% discount in 2012 breach settlement

Zappos gave customers a 10% discount to its online store as settlement for a 2012 data breach that affected 24 million customers, while lawyers in the case won $1.6 million in fees. The news shows customers once again getting the short end of the stick when it comes to financial restitution for data breaches.
Read more »

7. Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone

Samsung acknowledged a new security flaw allowing any fingerprint to unlock the Galaxy S10 phone. It promised a software patch that would fix the problem. The issue was spotted by a British woman whose husband was able to unlock her phone with his thumbprint when it was stored in a certain case.
Read more »

8. Cryptocurrency miners infected more than 50% of the European airport workstations

Security experts at Cyberbit uncovered a crypto mining campaign that infected more than 50% of European airport workstations. European airport systems were infected with a Monero cryptocurrency miner linked to the Anti-CoinMiner campaign discovered this summer by Zscaler researchers.
Read more »

9. 600 million UC Browser Android users exposed to MiTM attacks

The UC Browser and UC Browser Mini Android apps, with a total of over 600 million Play Store installs, exposed their users to man-in-the-middle attacks by downloading an Android Package Kit from a third-party server — a direct violation of Google’s Play Store rules.
Read more »

10. Cozy Bear Russian hackers spotted after staying undetected for years

Cyber-espionage operations from Cozy Bear, a threat actor believed to work for the Russian government, operated undetected for the past few years by using malware families previously unknown to security researchers. These operations likely started in 2013, collectively named “Operation Ghost.”
Read more »

Posted: October 21, 2019
Sam Fay
View Profile