Wawa Breach, Citrix ADC, Magecart Hackers, Ragnarok Ransomware – PSW #637 | SC Media
Container security, Hardware security, OSINT, Security research

Wawa Breach, Citrix ADC, Magecart Hackers, Ragnarok Ransomware – PSW #637

January 31, 2020



In the Security News, NHS alerted to severe bulbs in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wawa breach data was found for sale,, and so much more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Wawa Breach, Citrix ADC, Magecart Hackers, Ragnarok Ransomware

Paul's Stories

  1. Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more! - Help Net Security
  2. How to better control access to your Windows network
  3. Coronavirus claims new victim: 'DEF CON cancelled' joke cancelled after DEF CON China actually cancelled
  4. Rings selling my email address to spammers? Thats the least of its problems
  5. Wawa card breach: 30 million card records for sale in the dark web
  6. 97% of airports showing signs of weak cybersecurity
  7. Enterprise Hardware Still Vulnerable to Memory Lane Attacks
  8. Check Point detailed two flaws in Microsoft Azure that could have allowed taking over cloud servers
  9. Securing Containers with Zero Trust

Larry's Stories

  1. Technical report on how the Saudi’s hacked Bezos’ phone
  2. OpenSMTPD RCE
  3. Charges against Coalfire employees dropped

Jeff's Stories

  1. Wawa Breach May Have Compromised More Than 30 Million Payment Cards Nothing to see here...just PCI related
  2. United Nations Data Breach Started with Microsoft SharePoint Bug
  3. Mega Breach Exposes More Than 250 Million
  4. Data breaches soared by 17% in 2019: ‘We also saw the rise of a significant new threat’

Lee's Stories

  1. NHS alerted to severe vulnerabilities in GE Health Equipment CISA and CyberMDX release notices called "MDHex" - include SSH and SMB abuse as well as Windows XP components.
  2. Cisco fixes Critical Flaw in network management platform Cisco releases fix for "Firepower Management Center" to resolve CVE-2019-16028 which allows attackers to achieve admin on affected devices.
  3. Russian pleads guilty to running "CardPLanet" to sell Stolen Credit Cards CardPlanet web site sold cards for $2.50-$10. ~150,000 cards sold for about $20,000,000 in fraudulent purchases.
  4. Ragnarok Ransomware targets Citrix ADC, disables Windows Defender New ransomware dubbed Ragnarok targets unpatched Cisco AVS servers vulnerable to CVE-2019-1978.
  5. OurMine hackers attack and takeover NFL twitter accounts OurMine group is hacking NFL twitter accounts to prove they're back and everything is hackable. Hacked accounts properly secured _AFTER_ notification of the hack...
  6. Critical Bug: OpenBSD OpenSMTP bug allows RCE In the default configuraiton, a technique inspired by the Morris worm executes sendmail body as script. Patch released.
  7. Suspected Magecart hackers arrested in Indonesia Magecart "web skimmer" techniques used to target card-not-present data. Multi-agency task force shuts down C&C servers as part of Operation Night Fury.
  8. Wawa breach data found for sale Wawa breach data, affecting as many as 30 million found for sale on the Joker's Stash dark web site.


[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Sr. InfoSec Consultant[/caption] [caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst[/caption] [caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption]



  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!

[audio src="http://traffic.libsyn.com/sw-all/PSW_637_-_SEcurity_News-0_converted.mp3"]

prestitial ad