Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report

May 6, 2019By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Unknown database
A team of security researchers discovered a publicly accessible Microsoft cloud server that exposes the information of more than 80m US households. The database has detailed information about individual homes, such as full names, addresses and ages. To read more:

Hackers broke into CITICOMP, a Gertman internet-infrastructure firm, and stole information from companies such as Oracle, Volkswagen and Airbus in an extortion attempt. The hackers claim that they have “312,570 files in 51,025 folders, which include over 516GB of private financial data.” To read more:

Dark web
DDoS attacks have shut down multiple dark-web crime-focused marketplaces during the past three months. Targets of the attacks include Dream Market, Empire Market and Nightmare Market. To read more:

Norsk Hydro
A March cyberattack that shut down the computer networks of Norsk Hydro, a Norwegian energy and aluminum company, is projected to cost it $52m in the first quarter. The attackers used a virus known as LockerGoga, a ransomware virus that encrypts computer files and demands payment to unlock them. Hydro did not pay any ransom and is restoring the data from its backup systems. To read more:

St. Ambrose Catholic Church
This Ohio church was scammed out of $1.75m after its email was hacked. The church was doing a $4m renovation, and the attackers were able to divert payments related to the project to a fraudulent account they owned. To read more:

Microsoft Outlook
The hackers that accessed a Microsoft customer-support worker’s login credentials not only accessed Outlook but also emptied victims’ cryptocurrency accounts. Multiple people have come forward to report that their cryptocurrency accounts had been hacked. To read more:

Hackers lurked undiscovered in the networks of Citrix, a US software company, for six months. The firm says that the criminals “removed files from our systems, which may have included files containing information about our current and former employees and information about beneficiaries or dependents.” To read more:

Cartoon Network
Cartoon Network was hacked, and a famous Brazilian male-stripper video was played when viewers accessed the network. The compromise occurred on April 25, and the content stayed up over the weekend until the channel was notified. To read more:

Chinese smart-city surveillance
A security researcher found a smart-city database accessible from his web browser without a password. The Elasticsearch database stored gigabytes of data including facial-recognition scans of people. The project is hosted by Alibaba Cloud. To read more:

Online campus stores
Malicious code was discovered on 200 university online stores in the US and Canada. The hackers put malicious JavaScript code that stole payment card details. To read more:

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Electrum botnet
Attackers are targeting the whole infrastructure of the Electrum Bitcoin exchange in an ongoing hack. So far $4.6m US has been stolen by using a weakness in the Electrum infrastructure to trick users into downloading malicious versions of the software. To read more:

Medtronic insulin pump
In 2014 hackers found a security flaw in specific Medtronic pumps that was actually helpful to diabetics: in conjunction with the hackers’ own code, the pump automatically calculates insulin doses based on real-time glucose data. The hackers shared their code online as OpenAPS, but to make it work users need one of the obsolete Medtronic pumps. Result: there is now a thriving market for people hoping to buy them. To read more:

Federal agencies
The US Department of Homeland Security ordered government agencies to patch critical security vulnerabilities found on their networks within 15 days. The countdown begins when the vulnerability is initially detected during weekly cyber-hygiene vulnerability scanning, not when it is first reported to the affected agencies. To read more:

Windows zero-days
A hacker has been selling Windows zero-days to three cyber-espionage groups. APT groups operating out of Russia and the Middle East were spotted using zero-days developed by companies that sell surveillance software. To read more:

Popular email clients
Security researchers found several vulnerabilities in implementations of OpenPGP and S/MIME email signature verification that enable attackers to spoof signatures. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail and more. To read more:

A security researcher found a critical remote-code-execution vulnerability in the Dell SupportAssist utility that is pre-installed on most Dell computers. The function checks the health of your computer’s hardware and software. To read more:

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.