Proof-of-Concept Exploits Published for Microsoft-NSA Crypto Bug

Security researchers have released proof-of-concept (PoC) code for a recently disclosed vulnerability in the Windows operating system. The vulnerability, CVE-2020–0601, was initially reported to Microsoft by the U.S National Security Agency (NSA) and affects Windows CryptoAPI, a significant component that handles cryptographic operations.

According to cybersecurity researcher Tal Be’ery, “the root cause of this vulnerability is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.”

According to the disclosures by the NSA, the DHS, and Microsoft, CVE-2020–0601 (also known as CurveBall) can be exploited to:


56.25M US Residents’ CheckPeople Records Exposed on Chinese Server

Data from CheckPeople, a subscription-based service that allows users to search for certain information of other individuals, was recently exposed on a server with a Chinese IP address. The leaked data includes names, home addresses, phone numbers, ages, names of relatives, criminal records, and more. The archive was stored on a NoSQL database of metadata linking to CheckPeople.com.

Further investigation showed that the archive of data belongs to an IP address utilized by Alibaba’s web hosting company in Hangzhou, China. The data itself is not sensitive; however, having all the information in one place provides easy access for scammers…


Sodinokibi Ransomware Hits Travelex, Demands $3 Million

On December 31, Travelex, an international foreign currency exchange company, fell victim to a cyberattack that temporarily affected several services within the organization. As a precaution to protect data and reduce the spread of the virus, Travelex had to shut down all of its computer systems, causing issues for the 1,500+ stores across the world.


Data Breach at Wyze Labs Exposes Information of 2.4 Million Customers

Last week, Wyze, a cost-effective home-security system company, experienced a large-scale breach impacting 2.4 million customers. Cybersecurity consulting firm Twelve Security notified Wyze about the breach, stating that Wi-Fi network details and email addresses of customers had been exposed for a total of 23 days. The unsecured database was connected to an Elasticsearch cluster from December 4, 2019, to December 27, 2019.

Wyze placed the cause of the data leak on an employee mistake that persisted due to a lack of security protocol enforcement. A new employee created a “flexible database to quickly pull user analytics, such as camera…


9-Month Data Breach Affects Millions of Wawa Customers

Last week, Wawa announced that millions of customers might have had their credit or debit card information stolen in a data breach impacting almost all of their store locations. According to the report, malware, which originated on March 4, was discovered on Wawa’s payment processing servers on December 10. As a result of the breach, Wawa is offering enrollment in a credit monitoring service, Experian Identity Works, free of charge.

Wawa’s CEO Chris Gheysens states that stolen information includes:

Potentially all Wawa in-store payment terminals and…


New Orleans Declares State of Emergency Following Ransomware Attack

Another ransomware attack has claimed a new victim; this time New Orleans has been forced to shut down its computers after a cyberattack. According to a press conference by Kim LaGrue, the city’s head of IT, suspicious activity was discovered around 5 a.m. last Friday. Once the city confirmed it was under attack, officials shut down its servers and computers.

Even though ransomware was detected throughout the organization, no ransom requests were made. According to BleepingComputer, the ransomware attack on the city of New Orleans was likely conducted by the Ryk Ransomware cybercriminals.

Memory dumps uploaded from a US…


Data of 21 Million Mixcloud Users up for Sale on the Dark Web

Online music streaming service Mixcloud confirmed last Saturday that it had experienced a data breach affecting 21 million users. And the hacker behind the breach has contacted several journalists, providing data samples to prove its legitimacy.

The stolen data includes usernames, email addresses, hashed passwords, registration dates, IP addresses, and more. Mixcloud has stated that the hashed passwords should remain safe as they are salted and encrypted using SHA256; however, they have advised users to reset their passwords for additional protection.

The person(s) behind the breach goes by the name A_W_S and has previously worked with other hackers such…


Extensive Hacking Operation Discovered in Kazakhstan

Last Friday, Qihoo 360, a Chinese cybersecurity vendor, published a report exposing an extensive hacking operation focusing on people in Kazakhstan. Targets include government agencies, foreign diplomats, researchers, journalists, and government dissidents, among others. The malicious actors are said to have extensive resources and could develop “private hacking tools, buy expensive spyware off the surveillance market and even invest in radio communications interception hardware.”

Qihoo 360 researchers named the group behind the campaign as Golden Falcon or APT-C-34. However, according to Kaspersky, Golden Falcon is another name for DustSquad, a hacking group that has been active for the past…


New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware on Your Device

Yet again, WhatsApp is experiencing troubles related to the security infrastructure of its messaging platform. Last month, the company quietly patched another critical vulnerability which allowed a malicious actor to compromise devices remotely.

The vulnerability, CVE-2019–1193, is a stack-based buffer overflow issue that resides in the way WhatsApp parses the stream data of an MP4 file. This vulnerability results in denial-of-service or remote code execution attacks in which an attacker can steal secure chat messages and files you store in the application.

To exploit the vulnerability, an attacker first develops a malicious MP4 file and sends it to a…


Amazon’s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password

Bitdefender security researchers have disclosed a high-severity vulnerability in Amazon’s Ring Video Doorbell Pro devices that allows nearby criminals to steal your Wi-Fi password, among other cyberattacks. The popular wireless home security doorbell cameras are used by millions of individuals around the world to see and speak to anyone in front of the camera.

For the device to work, you need to connect it to your Wi-Fi network, and during the setup steps, you must enable configuration mode from the doorbell. While the device is in configuration mode, it produces an access point with no password. And when you…

LedgerOps

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store