Details of 142 million MGM hotel guests selling for US$2,900

It appears that the July 2019 breach at MGM Resorts affected far more people than initially thought

Amer Owaida

The data breach at MGM Resorts that we also wrote about earlier this year may have been far larger than previously thought. In February, when the incident was disclosed, the estimated number of guests impacted by the breach was 10.6 million; however, now it seems that as many as 142 million hotel guests were affected by the incident that goes back to July 2019.

This is after ZDNet reported that a hacker had posted an add on a dark web criminal marketplace offering the personal data of more than 142 million former MGM Resorts guests for some US$2,900 worth of cryptocurrency.

A spokesperson for the hotel giant confirmed that the company knew about the size of the data breach. “MGM Resorts was aware of the scope of this previously reported incident from last summer and has already addressed the situation,” said the spokesperson, before adding that the majority of the leaked data consisted of mostly contact information, such as names, postal and email addresses.

RELATED READING: Cybercrime black markets: Dark web services and their prices

The previous data dump contained a range of Personally Identifiable Information (PII), including full names, home addresses, phone numbers, emails, and birth dates. However, it did not appear to contain financial information or booking details, nor did it include any IDs or Social Security numbers. ZDNet was able to verify as much by reviewing the records from February, as well as a new batch of 20 million records that were released by the cybercriminals on Sunday. It also contacted past guests to confirm the veracity of the information.

It is worth noting that the leaked information could be enough for launching spearphishing campaigns or SIM swapping attacks. The victim list even includes a long list of potential high-profile targets, such as CEOs of tech companies, government officials, and celebrities.

In recent years, several other hotel operators – including InterContinental Hotels and the Trump Hotel Collection – have also fallen victim to similar incidents. Marriott Starwood suffered a data breach that affected a whopping 500 million guests.

Welkom Chat als een veilige berichten-app? Niets is verder van de waarheid verwijderd

ESET-onderzoek onthult een kwaadaardige operatie die zowel slachtoffers bespioneert als hun gegevens lekt

Lukas Stefanko

We ontdekten een nieuwe operatie binnen een langlopende cyberspionagecampagne in het Midden-Oosten. De operatie richt zich op Android-gebruikers via de kwaadaardige Welcome Chat-app en lijkt links te bevatten naar de malware genaamd BadPatch, die MITER linkt naar de Gaza Hackers-groep van bedreigingsactoren, ook wel bekend als Molerats .

Uit onze analyse blijkt dat de Welcome Chat-app het mogelijk maakt zijn slachtoffers te bespioneren. Het is echter geen simpele spyware. Welcome Chat is een functionerende chat-app die de beloofde functionaliteit levert, samen met zijn verborgen spionagecapaciteit.

We ontdekten dat deze spyware werd geadverteerd aan chat-hongerige gebruikers (deze apps zijn in sommige landen in het Midden-Oosten verboden) op een speciale website (zie figuur 1). Het feit dat de website in het Arabisch is, komt overeen met de targeting van de hele campagne waarvan wij denken dat deze operatie behoort. Het domein is geregistreerd in oktober 2019; we konden echter niet bepalen wanneer de website werd gelanceerd.

De kwaadaardige website promoot de Welcome Chat-app en beweert dat het een veilig chatplatform is dat beschikbaar is in de Google Play Store. Beide claims zijn onjuist. Met betrekking tot de "veilige" claim is niets minder waar. Welcome Chat is niet alleen een spionagetool; Bovendien lieten de operators de gegevens van hun slachtoffers vrij beschikbaar op het internet. En de app was nooit beschikbaar in de officiële Android-app store.

Lees het complete artikel op https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Zoom patches zero‑day flaw in Windows client

The vulnerability exposed Zoom users running Windows 7 or earlier OS versions to remote attacks

Amer Owaida 

The Zoom videoconferencing platform was affected by a zero-day vulnerability that could have allowed attackers to execute commands remotely on affected machines. The flaw impacted devices running the Windows operating system, specifically Windows 7 and earlier.

The company has since addressed the issue and released a patch on Friday, with the release notes of version 5.1.3  (28656.0709) stating that the patch “fixes a security issue affecting users running Windows 7 and older.”

Technical details about are sparse about the vulnerability, which hasn’t been assigned a Common Vulnerabilities and Exposures (CVE) identifier and was first described by ACROS Security on its 0patch blog:

“The vulnerability allows a remote attacker to execute arbitrary code on victim’s computer where Zoom Client for Windows (any currently supported version) is installed by getting the user to perform some typical action such as opening a document file. No security warning is shown to the user in the course of an attack,” said ACROS.

However, the company also noted that the hole was “only exploitable on Windows 7 and older Windows systems”, as well as “likely also exploitable on Windows Server 2008 R2 and earlier”. By contrast, Windows 10 and Windows 8 are not affected.

RELATED READING: Windows 7 end of life: Time to move on

ACROS was tipped off to the flaw by a researcher who wanted to remain anonymous. The company then ran an analysis of the researcher’s claims and tried out a number of attack scenarios before forwarding its findings to Zoom along with a proof of concept and recommendations on how to fix the issue. There is no word of attackers exploiting the bug in the wild.

ACROS also released a quick micropatch last Thursday that removed the vulnerability in the code before Zoom addressed the issue with a patch of their own. The micropatch was made available to everyone for free, with the company releasing a demonstration of how a user could easily trigger the vulnerability.

Complete article : https://www.welivesecurity.com/2020/07/13/zoom-patches-zero-day-flaw-windows-client/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29