Table of Contents

  1. Breaches
    1. Hacker breaches security firm in act of revenge
    2. A hacker is selling details of 142 million MGM hotel guests on the dark web
    3. LiveAuctioneers reports data breach after user records sold online
  2. Malware
    1. Malware adds Any.Run sandbox detection to evade analysis
    2. New AgeLocker Ransomware uses Googler's utility to encrypt files
    3. Python malware on the rise
  3. Misc
    1. A few thoughts about Signal’s Secure Value Recovery
  4. Vulnerabilities
    1. Critical SAP Recon flaw exposes thousands of systems to attacks
  5. Politics
    1. US threatens to restrict WeChat following TikTok backlash
  6. Privacy
    1. Atlas of Surveillance

Breaches

Hacker breaches security firm in act of revenge

A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company's "data leak detection" service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches. The databases have been collected inside DataViper, a data leak monitoring service managed by Vinny Troia, the security researcher behind Night Lion Security, a US-based cyber-security firm.

A hacker is selling details of 142 million MGM hotel guests on the dark web

The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020. The new finding came to light over the weekend after a hacker put up for sale the hotel's data in an ad published on a dark web cybercrime marketplace. According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel's data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.

LiveAuctioneers reports data breach after user records sold online

LiveAuctioneers has disclosed a data breach after a well-known data breach broker began selling 3.4 million stolen user records on a hacker forum. LiveAuctioneers is an auction site that allows people worldwide to bid on auctioned items in real-time. On July 10th, 2020, a data breach broker began selling a database that allegedly contains 3.4 million user records stolen from the LiveAuctioneers' site. BleepingComputer was told by the data broker that the database is being sold for $2,500. This data allegedly contains user's email addresses, usernames, MD5 hashed passwords, names, phone numbers, addresses, IP addresses, and social media profiles.

Malware

Malware adds Any.Run sandbox detection to evade analysis

Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. When an executable is submitted to Any.Run, the sandbox service will create a Windows virtual machine with an interactive remote desktop, and execute the submitted file within in it. In a new password-stealing trojan spam campaign discovered by security researcher JAMESWT, malicious PowerShell scripts are downloading and installing malware onto a computer. If it detects that the program is running on Any.Run, it will display the message 'Any.run Deteceted!' and exit. This will cause the malware to not be executed so that the sandbox cannot analyze it.

New AgeLocker Ransomware uses Googler's utility to encrypt files

A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files. Instead of creating a ransomware that utilizes commonly used encryption algorithms such as AES+RSA, the threat actors behind AgeLocker appear to be using the Age command line tool to encrypt a victim's files.

Python malware on the rise

The vast majority of serious malware over the past 30 years has been written in Assembly or compiled languages such as C, C++, and Delphi. However, ever-increasing over the past decade, a large amount of malware has been written in interpreted languages, such as Python. The low barrier to entry, ease of use, rapid development process, and massive library collection has made Python attractive for millions of developers- including malware authors. Python has quickly become a standard language in which threat actors create Remote Access Trojans (RATs), information stealers, and vulnerability exploit tools. As Python continues to grow radically in popularity and the C malware monoculture continues to be challenged, it would seem only certain that Python will be increasingly utilized as malware in cyber attacks.

Misc

A few thoughts about Signal’s Secure Value Recovery

Matthew Green wrote an article on his take about Signal's new feature that allows backing up contacts such that even Signal cannot access it.

Vulnerabilities

Critical SAP Recon flaw exposes thousands of systems to attacks

SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. The RECON (short for Remotely Exploitable Code On NetWeaver) vulnerability is rated with a maximum CVSS score of 10 out of 10 and can be exploited remotely by unauthenticated attackers to fully compromise unpatched SAP systems according to Onapsis, the company that found and responsibly disclosed RECON to the SAP Security Response Team. RECON is introduced due to the lack of authentication in an SAP NetWeaver AS for Java web component allowing for several high-privileged activities on the affected SAP system. "If exploited, an unauthenticated attacker (no username or password required) can create a new SAP user with maximum privileges, bypassing all access and authorization controls (such as segregation of duties, identity management, and GRC solutions) and gaining full control of SAP systems," Onapsis explained.

Politics

US threatens to restrict WeChat following TikTok backlash

Amid intense scrutiny over TikTok as a potential national security risk in the U.S., WeChat, the essential tool for Chinese people's day-to-day life, is also taking heat from Washington. White House trade advisor Peter Navarro told Fox Business on Sunday that "[TikTok] and WeChat are the biggest forms of censorship on the Chinese mainland, and so expect strong action on that." Navarro alleged that "all of the data that goes into those mobile apps that kids have so much fun with and seem so convenient, it goes right to servers in China, right to the Chinese military, the Chinese communist party, and the agencies which want to steal our intellectual property." It's unclear how the U.S. restriction will play out, if it will at all, though some WeChat users are already speculating workarounds to stay in touch with their family and friends back home. In the case that the Tencent-owned messenger is removed by Apple App Store or Google Play, U.S.-based users could switch to another regional store to download the app. If it were an IP address ban, they could potentially access the app through virtual private networks (VPNs), tools that are familiar to many in China to access online services blocked by Beijing's Great Firewall.

Privacy

Atlas of Surveillance

The Atlas of Surveillance is a database of the surveillance technologies deployed by law enforcement in communities across the United States. This includes drones, body-worn camera, automated license plate readers, facial recognition, and more.