56.25M US Residents’ CheckPeople Records Exposed on Chinese Server

Data from CheckPeople, a subscription-based service that allows users to search for certain information of other individuals, was recently exposed on a server with a Chinese IP address. The leaked data includes names, home addresses, phone numbers, ages, names of relatives, criminal records, and more. The archive was stored on a NoSQL database of metadata linking to CheckPeople.com.

Further investigation showed that the archive of data belongs to an IP address utilized by Alibaba’s web hosting company in Hangzhou, China. The data itself is not sensitive; however, having all the information in one place provides easy access for scammers, phishers, and other malicious actors to download it in bulk and conduct nefarious actions with it. The mass amount of data can also have negative consequences in combination with more sensitive information.

Read more here

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability – Over 80,000 Vulnerable to Attacks

For almost a month, Citrix Application Delivery Controllers (ADC) and Citrix Gateways have been vulnerable to a critical path traversal flaw (CVE-2019-1978). The flaw allows an unauthenticated entity to perform arbitrary code execution on vulnerable servers.

It affects all versions of the software, including:

Citrix ADC and Citrix Gateway version 13.0 all supported builds

Citrix ADC and NetScaler Gateway version 12.1 all supported builds

Citrix ADC and NetScaler Gateway version 12.0 all supported builds

Citrix ADC and NetScaler Gateway version 11.1 all supported builds

Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Citrix’s announcement of the flaw did not include any security patches; however, they offered mitigation steps to help system administrators guard their server against attacks.

According to Shodan, and other online-monitoring tools, over 80,000 Citrix ADC or Gateway servers are publicly accessible and exploitable due to the flaw. As multiple groups have released proof-of-concept exploit code (Tool1, Tool2) for the vulnerability, it’s likely that thousands of attackers will begin to exploit vulnerable servers. Read more here Hundreds of Millions of Cable Modems Are Vulnerable to New Cable Haunt Vulnerability Cable Haunt, a new security flaw impacting cable modems that use Broadcom chips, is believed to affect over 200 million cable modems throughout Europe. The flaw resides in a standard component in Broadcom chips, named a spectrum analyzer. A spectrum analyzer protects against signal surges and disturbances coming from a coax cable. According to a team of Danish security researchers, the Broadcom chip spectrum analyzer lacks security in various areas, including default credentials, a programming error in its firmware, and a lack of protection against DNS rebinding attacks. According to the security researchers and ZDNet, an attacker can use Cable Haunt to: Change the default DNS server

Conduct remote man-in-the-middle attacks

Hot-swap code or even the entire firmware

Upload, flash, and upgrade firmware silently

Disable ISP firmware upgrade Change every config file and settings

Get and set SNMP OID values

Change all associated MAC addresses

Change serial numbers

Be exploited in botnet A white paper and a dedicated website were published by the security researchers, which contains further information about Cable Haunt. The researchers have also provided proof-of-concept code that ISP users can implement to test their routers Cable Haunt attack vulnerabilities. Get more information here New York Man Sentenced in ATM Skimming Conspiracy Bogdan Rusu has been sentenced to five years in prison for orchestrating an elaborate ATM skimming campaign, allowing him to gather $390,141 from numerous victims. According to the Department of Justice press release, Bogdan pled guilty to participating in the scheme and stated that he used card-reading devices with pinhole cameras throughout New Jersey, Massachusetts, and New York bank locations. Once Rusu stole customer information and other data, he would then transfer the information to counterfeit payment cards which could steal money from the victims. The case also introduced a larger ATM skimming scheme that involved over 11 individuals. The crooks were able to collect more than $868,000 from multiple accounts. Read more here Nemty Ransomware to Start Leaking Non-Paying Victims’ Data To punish victims who refuse to pay their ransom, Nemty ransomware is implementing a tactic started by the Maze and Sodinokibi ransomware gangs. Traditionally, ransomware groups encrypt files within an organization and demand a ransom to decrypt the data. Recently though, ransomware groups, including Nemty, have been stealing files before they encrypt them. And if a victim doesn’t pay the ransom, the ransomware releases small pieces of stolen data online until the victim makes payment. Nemty plans to develop a blog website that publishes all stolen information from ransomware victims that reject the given ransom.

BleepingComputer