Cybersecurity Weekly: Jeff Bezos hacked, DDoS mitigation firm admits to DDoS, TrickBot steals AD credentials

January 27, 2020 by Sam Fay

Saudi prince allegedly hacked Jeff Bezos using WhatsApp. The founder of a DDoS mitigation firm admits to launching DDoS attacks. TrickBot now steals Windows Active Directory credentials. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Saudi prince allegedly hacked Jeff Bezos using WhatsApp

Amazon founder Jeff Bezos’ iPhone was reportedly hacked in May 2018 after receiving a WhatsApp message from Saudi Crown Prince Mohammed bin Salman. A large amount of data was exfiltrated from Bezos’ phone within hours after the attack. The exploit involved a zero-day vulnerability in the WhatsApp platform’s video messaging service.
Read more »

2. DDoS mitigation firm founder admits to DDoS

Last week, a Georgia man who co-founded a service designed to protect companies from DDoS attacks pleaded guilty to paying a DDoS-for-hire service to launch attacks against others. His DDoS-protection firm developed the habit of hijacking internet addresses to prevent attacks, but new evidence emerged of him using this technology against innocent organizations.
Read more »

3. 250 million Microsoft customer support records exposed online

Microsoft admitted a security incident last week that exposed nearly 250 million customer service and support records. This was the direct result of a misconfigured server containing logs of conversations between the support team and customers. Microsoft confirmed that the large majority of records did not contain personal information.
Read more »

4. Researchers earn $280,000 for hacking industrial systems at Pwn2Own Miami

A total of $280,000 was awarded to white hat hackers for uncovering security vulnerabilities in industrial systems at Pwn2Own Miami last week. The prizes for each category ranged from $5,000 to $20,000, with a bonus payout for code execution vulnerabilities. The winning team took home $80,000 for exploiting five different SCADA and ICS systems.
Read more »

5. TrickBot now steals Windows Active Directory credentials

A new module for the TrickBot trojan targets the Active Directory database stored on compromised Windows domain controllers. To compromise a network, TrickBot will download modules that perform specific behaviors such as stealing cookies, browser information and OpenSSH keys.
Read more »

6. Man pleads guilty to running CardPlanet to sell stolen credit cards

A 29-year-old hacker pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. His most famous, called Cardplanet, hosted roughly 150,000 payment card details between the years 2009 and 2013. The marketplace offered card details for anywhere between $2.50 and $10 per card.
Read more »

7. Malware attack took down 600 computers at Volusia County Public Library

600 staff and public access computers were taken down at Volusia County Public Library branches following a cyberattack in early January. Around 50 computers have since been recovered, and the library’s core functions are back online. An incident response investigation concluded that the malware did not spread to the library’s public Wi-Fi.
Read more »

8. Buchbinder car rental company exposes info of over 3 million customers

German car rental company Buchbinder exposed the personal information of over 3 million customers in a ten-terabyte MSSQL backup database that was left unsecure on the internet. The leaked data included customer names, emails, phone numbers, addresses, dates of birth and license numbers, as well as financial information such as bank details and payment info.
Read more »

9. With 600 million downloads, fleeceware remains an issue on Google Play store

A cybersecurity firm discovered several apps charging users an exorbitant amount of money for simple functionality. Their findings included a horoscope app that charges more than $3,600 per year and a GIF-making app that costs $237 per month. With lenient Google Play store seller policies, refunding the payment has proven to be difficult for many victims.
Read more »

10. Dating apps share personal data with advertisers, study says

Unbeknownst to their users, several popular dating apps, including Tinder, OkCupid and Grindr, share detailed personal data on their subscribers with third parties for advertising purposes. The exact data shared to third parties varies by app, but could include detailed location history, sexuality, political views and drug use.
Read more »

Posted: January 27, 2020
Sam Fay
View Profile