[English]Within this blog post I would like to pick up some security information that came to my attention during the last hours. From documents of Maze ransomware victims, that has been published to data leaks, everything is included.
Advertising
Maze hackers publish further user data
The masterminds of the Maze ransomware threaten their victims, if they do not pay, with the publication of the captured documents. I hadn't discussed it on the blog before, but the colleagues from Bleeping Computer have reported here and here about the publication of data.
#MazeTeam updates its site, dumps more victims' data: https://t.co/3xV5NuSNPD One of them is a #HIPAA-covered entity, one of them is a community college, and one is a famous brewery.
— Dissent Doe, PhD (@PogoWasRight) January 28, 2020
From the above tweet I gather that the Maze group are diligently publishing more data on victims.
Exploit for newly patched RDP vulnerability
In Windows there is a vulnerability in the RDP protocol, which was closed by Microsoft on January 14, 2020. Meanwhile there is an exploit to exploit it, which is known. Bleeping Computer has here more on that topic.
30 million Wawa credit card data offered online
In December 2019 the US company Wawa announced a major security breach. Hackers had injected malware into the company's cash register systems that could swipe skim credit card data. Wawa reported that the malware had collected card data from all customers who used credit or debit cards to make purchases at its grocery stores and gas stations. The company said this affected all of its 860 retail stores, 600 of which included gas stations. Now these credit card details are on the market, as the following tweet reveals.
Advertising
Per Gemini Advisory, the Wawa card dump appears to contain:
– 30 million US card records for users across 40 states
– 1 million international cards from 100 countriesUS cards are sold for $17/card
International cards are sold for $210/cardhttps://t.co/NUjN1qYS7W pic.twitter.com/PRg6zXsRIa— Catalin Cimpanu (@campuscodi) January 28, 2020
On Monday, hackers offered for sale the payment card data of more than 30 million Americans and over a million foreigners in Joker's Stash, the largest fraud forum for card payments on the Internet. This new "card depot" was advertised under the name BIGBADABOOM-III, but according to experts from the Gemini Advisory intelligence service, the card data was traced back to Wawa.
Cinema chain loses millions of user data
The Safety Detective Research Team has discovered that there was a data leak at the Peruvian cinema chain Cineplanet. There were millions of records with users' personal data accessible via the Internet. The data included users' personal details, login data with unencrypted passwords, payment-related data, etc.
The company had hosted its databases on a Microsoft Azure server in Virginia, USA. About 14 million login records and over 205 million data logs were found. The leak was closed on 24 January 2020. The details can be read in this article.
Magento 2.3.4 fixes critical vulnerability
Just a note for people who run an online shop with Magento. With Magento 2.3.4 a critical remote execution vulnerability is closed.
Magento 2.3.4 Fixes Critical Code Execution Vulnerabilities – by @Ionut_Ilascuhttps://t.co/QkJ58QZj5U
— BleepingComputer (@BleepinComputer) January 29, 2020
Details can be read up with the colleagues from Bleeping Computer. At this point you might also want to note that a number of Magento versions will reach the end of life this year. The following tweet from Catalin Cimpanu points this out.
Between 200,000 and 240,000 Magento online stores will reach EOL next year
> Magento 1.x EOL is June 2020
> Magento 1.x accounts for ~80% of all Magento stores
> Adobe already posted EOL from Nov 2018
> Why update? One word: Magecart!https://t.co/SRdLDADn8x pic.twitter.com/F6EsSqucmh— Catalin Cimpanu (@campuscodi) November 6, 2019
BSD/Linux: RCE vulnerability in OpenSMTPD library
There is a remote code execution vulnerability (CVE-2020-7247) in the OpenSMTPD library used by BSD and Linux, as the following tweet discloses.
Nun BSD und Linux dran https://t.co/FssLfcm4sP
— Günter Born (@etguenni) January 29, 2020
You can find a safety guide on GitHub. First confirmations of patching (Debian, AlpineLinux) are already available.
