Security Information (January 28, 2020)

Posted on 2020-01-29 by guenni

[English]Within this blog post I would like to pick up some security information that came to my attention during the last hours. From documents of Maze ransomware victims, that has been published to data leaks, everything is included.

Advertising

Maze hackers publish further user data

The masterminds of the Maze ransomware threaten their victims, if they do not pay, with the publication of the captured documents. I hadn't discussed it on the blog before, but the colleagues from Bleeping Computer have reported here and here about the publication of data.  

From the above tweet I gather that the Maze group are diligently publishing more data on victims.

Exploit for newly patched RDP vulnerability

In Windows there is a vulnerability in the RDP protocol, which was closed by Microsoft on January 14, 2020. Meanwhile there is an exploit to exploit it, which is known. Bleeping Computer has here more on that topic.

30 million Wawa credit card data offered online

In December 2019 the US company Wawa announced a major security breach. Hackers had injected malware into the company's cash register systems that could swipe skim credit card data. Wawa reported that the malware had collected card data from all customers who used credit or debit cards to make purchases at its grocery stores and gas stations. The company said this affected all of its 860 retail stores, 600 of which included gas stations. Now these credit card details are on the market, as the following tweet reveals.

Advertising

On Monday, hackers offered for sale the payment card data of more than 30 million Americans and over a million foreigners in Joker's Stash, the largest fraud forum for card payments on the Internet. This new "card depot" was advertised under the name BIGBADABOOM-III, but according to experts from the Gemini Advisory intelligence service, the card data was traced back to Wawa.

Cinema chain loses millions of user data

The Safety Detective Research Team has discovered that there was a data leak at the Peruvian cinema chain Cineplanet. There were millions of records with users' personal data accessible via the Internet. The data included users' personal details, login data with unencrypted passwords, payment-related data, etc.

Azure-Host

The company had hosted its databases on a Microsoft Azure server in Virginia, USA. About 14 million login records and over 205 million data logs were found. The leak was closed on 24 January 2020. The details can be read in this article.

Magento 2.3.4 fixes critical vulnerability

Just a note for people who run an online shop with Magento. With Magento 2.3.4 a critical remote execution vulnerability is closed.

Details can be read up with the colleagues from Bleeping Computer. At this point you might also want to note that a number of Magento versions will reach the end of life this year. The following tweet from Catalin Cimpanu points this out.

BSD/Linux: RCE vulnerability in OpenSMTPD library

There is a remote code execution vulnerability (CVE-2020-7247) in the OpenSMTPD library used by BSD and Linux, as the following tweet discloses.

You can find a safety guide on GitHub. First confirmations of patching (Debian, AlpineLinux) are already available.

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).