9-Month Data Breach Affects Millions of Wawa Customers

Last week, Wawa announced that millions of customers might have had their credit or debit card information stolen in a data breach impacting almost all of their store locations. According to the report, malware, which originated on March 4, was discovered on Wawa’s payment processing servers on December 10. As a result of the breach, Wawa is offering enrollment in a credit monitoring service, Experian Identity Works, free of charge.

Wawa’s CEO Chris Gheysens states that stolen information includes:

credit and debit card numbers,

expiration dates,

and cardholder names on payment cards.

Potentially all Wawa in-store payment terminals and fuel dispensers became compromised at different points.

If you have been to a Wawa sometime between March and December, monitoring your payment card account statements and checking your credit reports will help mitigate any potential fraudulent activity.

Read more here

LifeLabs Data Breach Exposes Personal Info of 15 Million Customers

LifeLabs recently experienced a data breach, exposing the sensitive information of almost 15 million Canadian clinical laboratory customers. Of those 15 million customers, around 85 thousand had their lab results exposed as well.

The stolen information includes:

Customer names

Addresses

Emails

Logins

Passwords

Dates of birth

Health card numbers

You can find the data breach announcement here.

Read more here

Cryptocurrency-Mining Botnet Uses a Taylor Swift Image to Hide Malware Payloads

A botnet, named MyKingz (also known as DarkCloud, Smominru, or Hexmen), is currently using an image of Taylor Swift to hide malware payloads which infect various devices over the internet.

MyKingz utilizes an internet scanning module that targets vulnerable hosts to gain an initial foothold on a victim’s device. Typically, the botnet abuses unpatched vulnerabilities in Telnet, SSH, RDP, and other software related programs; however, it’s now using steganography-based attacks.

Steganography is a tactic to hide malicious files inside of legitimate ones. According to Sophos, a UK-based security firm, MyKingz is hiding malicious EXE files inside of JPEG images of Taylor Swift. MyKingz uses this technique with the hopes of tricking security software on enterprise networks into only detecting a JPEG file download, rather than a malicious EXE file.

Cybercriminals have used other steganography-based attacks in the past, such as hiding EXE files in WAV audio files. The MyKingz attacks have proved successful as Sophos estimates it currently makes $300 a day, totaling over $3 million as of this writing.

You can read more about MyKingz here.

Get more information here

Apple Opens Its Invite-Only Bug Bounty to the Public, $1M Payout Included

Apple has officially announced its private bug bounty program, providing rewards from $25,000 to $1 million. The bug bounty encompasses a variety of products, including Macs, iPhones, iPads, and Apple TVs.

The substantial $1 million bounty requires security researchers to provide a reliable exploit for a zero-click remote chain with full kernel execution and persistence on Apple’s latest hardware as well as a bypass for Apple’s kernel Pointer authentication code.

According to Apple, vulnerability types include:

Unauthorized iCloud account access

Physical access to device

Lock screen bypass

User data extraction

User-installed app: unauthorized access to sensitive data

User-installed app: kernel code execution

User-installed app: CPU side-channel attack

Vulnerabilities that can be exploited using a malicious application

And much more

Read more here

CVE-2019-19781 Citrix Flaw Puts 80,000 Companies at Risk

A critical vulnerability in Citrix’s Application Delivery Controller (NetScaler ADC) and Citrix Gateway has put over 80,000 companies at risk. The vulnerability, CVE-2019-19781, affects all supported versions of the product on all supported platforms.

According to the security researcher who discovered the vulnerability, the flaw allows “attackers [to] obtain direct access to the company’s local network from the Internet,” and it “does not require access to any accounts,” allowing it to be performed by any external attacker.