December 23, 2019 By David Bisson 3 min read

Last week in security news, a researcher found that malicious actors had abused the details of a test credit card just two hours after he posted the information online. The security community also learned of a survey in which three-quarters of respondents said that they had required a password reset after forgetting one of their personal passwords in the previous three months. Finally, researchers tracked several new malware samples along with a now-fixed WhatsApp vulnerability.

Top Story of the Week: The Spread of Exposed Credit Card Data

David Greenwood, a security researcher on the ThreatPipes team, wanted to find out how information posted online spreads throughout the internet and dark web. So he purchased an anonymous, prepaid Visa credit card and posted its full credentials on several paste sites. He then sat back and waited.

It took all of two hours until digital attackers sprang into action. They did so by using bots and scripts to make small purchases using the credit card information from a well-known retailer located in the U.K.

Source: iStock

Also in Security News

  • Poison Frog Backdoor Samples Discovered in Aftermath of OilRig Dump: After a group of actors dumped OilRig’s attack tools online, Kaspersky Labs decided to scan its archives for new and old malware samples. In the process, it discovered Poison Frog, a sloppily designed backdoor that masqueraded as the legitimate Cisco AnyConnect application at the time of discovery.
  • Most Users Required a Personal Password Reset in the Last Three Months: In a recent study, HYPR found that 78 percent of full-time workers in the U.S. required a password reset sometime in the last three months after forgetting a personal password. The rate was slightly lower for work-related reset requests at just over half (57 percent) of respondents.
  • Lazarus-Linked Dacls RAT Makes Waves by Targeting Linux Machines: Back in October, Netlab 360 came across a suspicious ELF file that shared certain characters employed by the Lazarus group. This discovery of the file, nicknamed Dacls, marked the first time that researchers have detected a Lazarus-created threat that’s capable of targeting Linux machines.
  • U.S., EU Users Caught in the Crosshairs of Zeppelin Ransomware: Blackberry Cylance spotted threat actors using the newly discovered Zeppelin ransomware to selectively target technology and healthcare organizations in the U.S. and the European Union. Further analysis helped determine Zeppelin to be a member of the VegaLocker ransomware family.
  • Dudell Malware Leveraged by Rancor Digital Espionage Group: Palo Alto Networks’ Unit 42 threat research team analyzed the recent attacks of Rancor, a digital espionage group that targeted at least one Cambodian government organization between December 2018 and January 2019. In the process, it discovered a new custom malware family it dubbed Dudell.
  • Vulnerability Allowed Threat Actor to Crash WhatsApp on Phones in Shared Group: In August 2019, Check Point Software discovered a bug that enabled a malicious actor to implement a WhatsApp crash-loop on the devices of users in a shared group. The security firm subsequently disclosed this vulnerability to WhatsApp, whose developers issued a fix in update 2.19.246.
  • Lateral Movement Used by BuleHero Botnet to Spread Malware Payloads: Researchers at Zscaler observed in their analysis of BuleHero that the botnet used port scanning, Mimikatz, PsExec and WMIC to spread laterally on an affected network. These techniques enabled the threat to distribute both the XMRig miner and Gh0st RAT to a larger number of machines.
  • Various Attack Techniques Used by MyKings Botnet to Deliver Forshare: SophosLabs took a deep dive into the workings of the MyKings botnet and found that the threat used various attack techniques against vulnerable Windows servers to deliver Forshare malware. Those tactics included using steganography to conceal a malware payload within an image.

Security Tip of the Week: Focus on Data Protection

Security professionals can help organizations protect their valuable data by using artificial intelligence (AI)-driven tools and automated monitoring solutions to gain intelligent visibility into the network. They can then use that visibility to monitor for suspicious activity that could be indicative of a threat moving laterally across the network.

In support of this monitoring activity, security teams should also consider embracing a zero-trust model for the purpose of setting up micro-perimeters on the cloud and elsewhere.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today