Rewterz Threat Alert – WooCommerce Falling Victim to Fresh Card-Skimmer Malware

April 13, 2020

Rewterz Threat Alert – Ursnif Banking Trojan – IOC’s

April 14, 2020

Rewterz Threat Alert – Zoom Accounts Sold on Hacker Forums

April 14, 2020

Severity

High

Analysis Summary

New users have made a flocked to the Zoom video conferencing platform as businesses, schools, and other organizations look for ways to meet safely during the Coronavirus pandemic. However, threat actors have managed to keep them one step ahead of the game by potentially gaining access to thousands of accounts with re-usage of old passwords and now being sold on the hacker forums. Over 530,00 zoom credentials which also included personal meeting URLs and Zoom host keys are available for sale which are being sold for less than a penny each, and in some cases, given away for free.

Gathered by credential surfing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches and sold on different hacker forums. Different random email addresses exposed in these lists and has confirmed that some of the credentials were correct.

Different purchased accounts have information of victim’s email address, password, personal meeting URL, and their HostKey.

Impact

Exposure of sensitive data
Information theft

Affected Vendors

Zoom

Remediation

Set unique passwords for each sites while registering your accounts.
Always use combinations of letters, symbols and uppercase and lowercase letters.
Do no reuse your password.
Change your passwords every three months.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

LokiBot Malware – Active IOCs

WP-Automatic Plugin Flaw Used by Threat Actors to Create Admin Accounts on WordPress Sites

CVE-2024-21511 – Node.js mysql2 module Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us