Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report

Feb 4, 2019By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Several law enforcement agencies have shut down xDedic, an online underground marketplace that encouraged criminals buy, sell or rent access to hacked computers and servers around the world. xDedic offered buyers access to over 176,000 unique compromised servers. To read more:

A peer-to-peer cryptocurrency exchange portal called LocalBitcoins announced a security breach last week. The breach lasted for five hours before the company stepped in and stopped the attack. During the time, users were redirected to a page that mimicked the LocalBitcoins login page where the hackers would then steal credentials from users, during the incident six users had funds stolen. To read more:

Discover Card
Discover Financial Services was impacted by a data breach that potentially gave attackers access to an undisclosed number of customer information. Discover has issued new cards to all customers that might be affected. To read more:

Onavo Project
Facebook is paying people to install a research VPN app called Onavo that gathers data on usage habits. Apple removed it from the App Store because of privacy policy violations. The app gives Facebook root access to network traffic so it can decrypt and analyze user phone activity. Though Facebook claimed that it was shutting down the project following the report, it was revealed that Apple had already blocked the app on their devices. To read more:

Screenwise Meter
Google is running an app called Screenwise Meter that is very similar to Facebook’s Onavo Project. The app collects information on users’ internet traffic and data. Last week Google announced that it is removing Screenwise Meter from Apple’s Enterprise Certificate program and disabled it on iOS devices. To read more:

Video sharing platform DailyMotion announced that it was a victim of a credential stuffing attack. Credential stuffing is when hackers take combinations of usernames and passwords leaked from other sites to gain illegal access to accounts on other sites. An email was sent out to affected customers. To read more:

Airplane maker, Airbus, admitted that a data breach impacted its “Commercial Aircraft business” information systems. An attacker gained access to employees’ personal information. According to Airbus, there is no impact on aircraft production. To read more:

State Bank of India (SBI)
The State Bank of India recently secured an unprotected server that enabled anyone access to financial information on millions of customers. The server was not password protected and stored two months of customer’s texts. By accessing this server the attacker could see all of the text messages going to customers in real time including bank balances and recent transactions. To read more:

Houzz sent an email to users notifying them that user data was obtained by an unauthorized third party. The incident did not impact social security numbers or payment information. However, emails and password were among the data that was jeopardized. Houzz is urging users to change their passwords. To read more:
A security researcher found an account on thousands of Russian-Linked and exposed MongoDB databases. This account is thought to be a kremlin backdoor account being used to access servers of businesses tied to Russia. It is unknown if the account was only accessing information or if it was actively changing data because the scope of the research did not include accessing the affected companies’ logs. The affected databases belong to local banks, financial institutions and even Disney Russia. To read more:

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Cisco routers
Attackers are exploiting two high-severity vulnerabilities in Cisco’s RV320 and RV325 Dual Gigabit WAN VPN routers. The bugs are a command injection flaw and an information disclosure flaw. If exploited an attacker could take full control of the affected device. Cisco put out patches for both vulnerabilities. To read more:

iPhone FaceTime
A bug was discovered in FaceTime that lets a user call anyone with FaceTime and immediately hear the audio coming from that person’s phone before they accept or reject the call. Apple says the issue will be patched in a software update, but as of this writing, a patch has yet to be released. To read more:

Alias Robotics just released an open-source tool for people to ‘footprint’ unprotected robots connected to the internet and in the industrial environments where they operate. The framework called Aztarna is capable of detecting vulnerable industrial routers and robots powered by Robot Operating System (ROS), Secure ROS and other technologies. To read more:

Microsoft Exchange 2013
A new zero-day called “PrivExchange” allows a remote attacker with credentials of an Exchange mailbox user to gain Domain Controller admin privileges for Microsoft Exchange 2013 and later. The zero-day is a combination of flaws and default settings that an attacker can use to escalate access. To read more:

A cyber tool called Karma enabled the UAE to monitor hundreds of targets like activists, diplomats, and rival foreign leaders since 2016. Karma is a tool that remotely grants access to iPhones by uploading phone numbers or email accounts into an automated targeting system. The tool does not intercept phone calls or work on Android devices. To read more:

LIFX Mini White light bulb
Researchers at Limited Results investigated the LIFX IoT light bulb and found issues surrounding the information that the smart light bulbs keep in their computers after they are no longer connected. The bulbs have no security to protect the data saved on the chips inside. To read more:

SS7 attacks
Hackers are exploiting flaws in SS7, a telecom protocol that coordinates how texts and calls are routed around the world. By exploiting SS7, a hacker can track phones and intercept text messages without hacking the phone itself. Now, however, it seems cybercriminals are using the flaws to empty bank accounts. To read more:

A new Mac malware called CookieMiner steals web browser cookies and credentials to withdraw funds from cryptocurrency exchange accounts. The malware also installs coin mining software onto infected machines to mine additional cryptocurrency. To read more:

Spectre-class vulnerabilities
The mitigations for Spectre vulnerabilities are some of the most significant issues that system administrators face. If you do not remember Spectre or never heard of it, Spectre is the zero-day vulnerability that could enable attackers to bypass system protections on nearly every recent PC, server and smartphone. With the latest patches, the mitigations for Spectre introduce major performance hits to Linux systems. One current mitigation causes a 30% performance dip for PHP servers. System administrators are reconsidering applying the security patches. To read more:

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.