Cybersecurity Weekly: Hacker reveals black market credit cards, Linux Sudo flaw discovered, RDP honeypot experiment
An anonymous hacker reveals 30% of the stolen credit cards on the black market. A Sudo flaw has been discovered that allows all Linux users run commands as root. A cybersecurity blogger experiments with an RDP honeypot. All this, and more, in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Expansion on the horizon for girls' cyber security competition
The United Kingdom’s National Cyber Security Centre announced that its popular CyberFirst Girls Competition will expand in 2020. Since launching in 2017, the program aimed at attracting young women into cybersecurity has seen over 24,000 registrants.
Read more »
2. When card shops play dirty, consumers win
Last month, an anonymous source announced he had the full database of 26M cards stolen from a carding site known as BriansClub. The stolen database included cards added to the site between mid-2015 and August 2019. Experts estimate the total number of stolen cards leaked from BriansClub represent almost 30% of the cards on the black market today.
Read more »
3. Sudo flaw lets Linux users run commands as root even when they're restricted
A new vulnerability has been discovered in Sudo — one of the most important, powerful, and commonly used utilities in Linux and UNIX-based systems. This vulnerability is a security policy bypass issue that could allow a malicious user to run commands as root even when the configuration explicitly disallows it.
Read more »
4. An experiment with RDP honeypotting
As part of a honeypotting experiment, a cybersecurity blogger who goes by the name JW set up a vulnerable Windows machine with a traffic monitor to capture attacking techniques. After several attempted attacks, he wrote a full report on the tools that were used and the information that was targeted.
Read more »
5. Fake Tor browser has been spying and stealing Bitcoin for years
Hackers have been distributing a compromised version of the official Tor Browser that’s packed with malicious tools used to both spy on users and steal their bitcoin. The trojanized Tor has apparently resulted in a relatively small amount of bitcoin being lost to date, with funds taken by address swapping when users make payments on darknet markets.
Read more »
6. Zappos offers users 10% discount in 2012 breach settlement
Zappos gave customers a 10% discount to its online store as settlement for a 2012 data breach that affected 24 million customers, while lawyers in the case won $1.6 million in fees. The news shows customers once again getting the short end of the stick when it comes to financial restitution for data breaches.
Read more »
7. Samsung: Anyone's thumbprint can unlock Galaxy S10 phone
Samsung acknowledged a new security flaw allowing any fingerprint to unlock the Galaxy S10 phone. It promised a software patch that would fix the problem. The issue was spotted by a British woman whose husband was able to unlock her phone with his thumbprint when it was stored in a certain case.
Read more »
8. Cryptocurrency miners infected more than 50% of the European airport workstations
Security experts at Cyberbit uncovered a crypto mining campaign that infected more than 50% of European airport workstations. European airport systems were infected with a Monero cryptocurrency miner linked to the Anti-CoinMiner campaign discovered this summer by Zscaler researchers.
Read more »
9. 600 million UC Browser Android users exposed to MiTM attacks
The UC Browser and UC Browser Mini Android apps, with a total of over 600 million Play Store installs, exposed their users to man-in-the-middle attacks by downloading an Android Package Kit from a third-party server — a direct violation of Google's Play Store rules.
Read more »
See Infosec IQ in action
10. Cozy Bear Russian hackers spotted after staying undetected for years
Cyber-espionage operations from Cozy Bear, a threat actor believed to work for the Russian government, operated undetected for the past few years by using malware families previously unknown to security researchers. These operations likely started in 2013, collectively named “Operation Ghost.”
Read more »
In this Series
- Cybersecurity Weekly: Hacker reveals black market credit cards, Linux Sudo flaw discovered, RDP honeypot experiment
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
