9-Month Data Breach Affects Millions of Wawa Customers
Last week, Wawa announced that millions of customers might have had their credit or debit card information stolen in a data breach impacting almost all of their store locations. According to the report, malware, which originated on March 4, was discovered on Wawa’s payment processing servers on December 10. As a result of the breach, Wawa is offering enrollment in a credit monitoring service, Experian Identity Works, free of charge.
Wawa’s CEO Chris Gheysens states that stolen information includes:
-
credit and debit card numbers,
-
expiration dates,
-
and cardholder names on payment cards.
Potentially all Wawa in-store payment terminals and fuel dispensers became compromised at different points.
If you have been to a Wawa sometime between March and December, monitoring your payment card account statements and checking your credit reports will help mitigate any potential fraudulent activity.
Read more here
LifeLabs Data Breach Exposes Personal Info of 15 Million Customers
LifeLabs recently experienced a data breach, exposing the sensitive information of almost 15 million Canadian clinical laboratory customers. Of those 15 million customers, around 85 thousand had their lab results exposed as well.
The stolen information includes:
-
Customer names
-
Addresses
-
Emails
-
Logins
-
Passwords
-
Dates of birth
-
Health card numbers
You can find the data breach announcement here.
Read more here
Cryptocurrency-Mining Botnet Uses a Taylor Swift Image to Hide Malware Payloads
A botnet, named MyKingz (also known as DarkCloud, Smominru, or Hexmen), is currently using an image of Taylor Swift to hide malware payloads which infect various devices over the internet.
MyKingz utilizes an internet scanning module that targets vulnerable hosts to gain an initial foothold on a victim’s device. Typically, the botnet abuses unpatched vulnerabilities in Telnet, SSH, RDP, and other software related programs; however, it’s now using steganography-based attacks.
Steganography is a tactic to hide malicious files inside of legitimate ones. According to Sophos, a UK-based security firm, MyKingz is hiding malicious EXE files inside of JPEG images of Taylor Swift. MyKingz uses this technique with the hopes of tricking security software on enterprise networks into only detecting a JPEG file download, rather than a malicious EXE file.
Cybercriminals have used other steganography-based attacks in the past, such as hiding EXE files in WAV audio files. The MyKingz attacks have proved successful as Sophos estimates it currently makes $300 a day, totaling over $3 million as of this writing.
You can read more about MyKingz here.
Get more information here
Apple Opens Its Invite-Only Bug Bounty to the Public, $1M Payout Included
Apple has officially announced its private bug bounty program, providing rewards from $25,000 to $1 million. The bug bounty encompasses a variety of products, including Macs, iPhones, iPads, and Apple TVs.
The substantial $1 million bounty requires security researchers to provide a reliable exploit for a zero-click remote chain with full kernel execution and persistence on Apple’s latest hardware as well as a bypass for Apple’s kernel Pointer authentication code.
According to Apple, vulnerability types include:
-
Unauthorized iCloud account access
-
Physical access to device
-
Lock screen bypass
-
User data extraction
-
User-installed app: unauthorized access to sensitive data
-
User-installed app: kernel code execution
-
User-installed app: CPU side-channel attack
-
Vulnerabilities that can be exploited using a malicious application
-
And much more
Read more here
CVE-2019-19781 Citrix Flaw Puts 80,000 Companies at Risk
A critical vulnerability in Citrix’s Application Delivery Controller (NetScaler ADC) and Citrix Gateway has put over 80,000 companies at risk. The vulnerability, CVE-2019-19781, affects all supported versions of the product on all supported platforms.
According to the security researcher who discovered the vulnerability, the flaw allows “attackers [to] obtain direct access to the company’s local network from the Internet,” and it “does not require access to any accounts,” allowing it to be performed by any external attacker.
SecurityAffairs