Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report

Mar 25, 2019By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Round 4
A fourth batch of records came up for sale on the dark web. The fourth round contains 27m new users’ records originating from six other websites. The hacked sites include Youthmanual, GameSalad, Bukalapak, Lifebear, EstanteVirtual, and Coubic. These credentials are worth 1.2431 Bitcoin, which is roughly $5,000. To read more:

Fabian Woser
A man named Fabian Woser is working with victims of ransomware around the world to get their files back without paying hackers. Hackers hate him so much that they leave angry threats buried within the code of their own viruses. To read more:

Chinese online recruitment sites
A database containing the personal details of 33m candidates from online recruitment sites like 51Job, Lagou, and Zhilian were found open online. The unencrypted database was discovered by a security researcher. The owner of the database was not identified. To read more:

London attractions
Kew Gardens, National History Museum, Tate Gallery and Imperial War Museum were hit by 109m cyber attacks over the last few years. Spyware was the most prevalent type of attack. To read more:

Elsevier, the company behind scientific journals like The Lancet, left a server open to the internet exposing email addresses and passwords. It is not clear how long the server was exposed or how many accounts were impacted. To read more:

Researchers identified two new Magecart attacks targeting MyPillow and Amerisleep. Magecart is well known after hackers attacked British Airways, Ticketmaster, and Newegg. The attack is a digital payment card skimmer with malicious Javascript code. To read more:

Norsk Hydro
One of the world’s largest aluminum producers was forced to shut down several plants across Europe and the US after a cyber attack left the companies’ IT systems unusable. The plants were shut down and switched the manual operations where possible. Norsk Hydro is still investigating the full extent of the attack, but the company was hit with a new strain of ransomware called LockerGoga. To read more:

Used laptops and phones
A security consultant collected used desktop, hard disks, cellphones, and other technology from pawn shops near his home. He found that their former owners left tons of personal information on the devices. He found 41 Social Security numbers, 50 dates of birth, 611 email accounts, 19 credit card numbers, and more. To read more:

Tornado sirens
A hacker took control of tornado emergency sirens in two North Texas towns. The cities shut down their emergency warning systems a day before major storms were set to hit the area. To read more:

UK Police
The UK Police Federation confirmed that it was hit by a cyberattack. The organization represents 119,000 police officers across England and Wales. The ransomware attack hit the federation’s Surrey headquarters, and several databases and emails systems were encrypted. To read more:

GitHub Repos
Over the last six months, 100,000 GitHub repos leaked API tokens and cryptographic keys. The scan was conducted by a team from North Carolina State University and the results were shared with GitHub. GitHub has since accelerated its work on a new security feature called Token Scanning, which is in beta. To read more:

Oregon Department of Human Services
The Oregon Department of Human Services announced that a data breach possibly exposed the personal information of 1.6m residents. The breach occurred in January after nine employees opened a phishing link. To read more:

The Federal Emergency Management Agency acknowledged that it shared personal addresses and banking information for more than 2m disaster survivors. The agency shared personally identifiable information of disaster survivors of the California wildfires and Hurricanes Harvey, Irma and Maria. To read more:

A fired employee went on a rampage through his former employer’s AWS accounts using a stolen login and took down 23 servers. Steffan Needham worked for Voova for a month before he was let go. He managed to get ahold of a colleague’s AWS login and destroy £500,000 worth of business-critical data. To read more:

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

A popular open source client-side C library implementing the SSHv2 protocol released the latest version of its software to patch nine security vulnerabilities. The library is available for all major Linux distributions. The vulnerabilities are memory corruption issues which could enable arbitrary code execution. To read more:

A security researcher at Google found a new class of vulnerabilities in Windows. He discovered how Windows performs permissions check when opening files and other secured objects. Google and Microsoft are working together to fix the issue. To read more:

Mirai variant
Researchers found a new variant of Mirai that is targeting embedded devices to carry out DDoS attacks. The variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs among others. To read more:

SQLRat malware
A threat actor group called Fin7 was found using a new form of malware. The hackers stole at least 15 million credit card records from over 6,500 PoS terminals. The malware is called SQLRat and executes SQL scripts on a compromised system. To read more:

A popular SSH client program called PuTTY released an updated version of its software that includes patches for eight high-severity security bugs. PuTTY is a widely used open-source client-side program that allows users to access a computer over SSH remotely, Telnet and Rlogin network protocols. To read more:

Ethereum Classic Blockchain
The security team at Coinbase found that an attacker gained control of more than half of the network’s computing power and was using it to rewrite Ethereum Classic’s blockchain transaction history. This attack is called a 51% attack and made it possible to spend the same cryptocurrency more than once. Coinbase claims that no currency was stolen from any accounts. To read more:

Facebook confirmed that it stored “hundreds of millions” of account passwords in plaintext for years. None of the passwords were visible to anyone outside of Facebook, but the logs were still accessible to some 2,000 engineers. Read the Krebsonsecurity report. To read more:

PewDiePie fans released at least two PewDiePie themed ransomware strains under the guise of supporting the YouTube channel’s quest to remain the top channel. The two ransomware strains are destroying user data or encrypting files without a method to recover the data. To read more:

Medtronic defibrillators
750,000 heart devices made by Medtronic PLC contain a cybersecurity vulnerability that could enable an attacker to alter programming on an implanted defibrillator. The US Homeland Security Department issued an alert describing the vulnerability found in 16 models of the devices sold around the world. To read more:

Some Nokia phones sent data to servers in China without consent from users. Finland will investigate the phones to see whether they breached data rules. To read more:

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.