Polyverse Weekly Breach Report – Apr 20th 2020

Apr 20, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Healthcare facilities

Hackers are targeting healthcare facilities with ransomware during the coronavirus pandemic. The latest victims, both in Canada, are a government-owned healthcare organization and a medical-research university. To read more: https://thehackernews.com/2020/04/ransomware-hospitals-coronavirus.html

 

Quidd

This online marketplace for trading stickers, toys and other collectibles suffered a data breach in 2019 that impacted 4m users. To read more: https://www.zdnet.com/article/account-details-for-4-million-quidd-users-shared-on-hacking-forum/

 

Zoom

Hackers are selling critical zero-day vulnerabilities for the video-conferencing app Zoom. The vulnerabilities are present on both Windows and MacOS clients. To read more: https://www.vice.com/en_us/article/qjdqgv/hackers-selling-critical-zoom-zero-day-exploit-for-500000

 

Chrome extensions

Google removed 49 Chrome browser extensions from its web store that pretended to be cryptocurrency wallets, but instead contained malicious code used to empty victims’ digital currencies. To read more: https://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html

 

Microsoft

Microsoft released security updates to patch four zero-day vulnerabilities that hackers are already actively exploiting. To read more: https://thehackernews.com/2020/04/windows-patch-update.html

 

Saint Francis Ministries

A data breach at Saint Francis Ministries was caused by a hacker accessing an employee’s email account. The hacker stole personal information as well as financial and health data. To read more: https://www.scmagazine.com/home/security-news/cybercrime/compromised-email-account-leads-to-saint-francis-ministries-data-breach/

 

North Korean hackers 

The FBI and the US Departments of State, Treasury and Homeland Security announced a $5m reward for information on hackers raising funds for the Pyongyang regime. To read more:

https://www.zdnet.com/article/us-offers-5-million-reward-for-information-on-north-korean-hackers/

 

Pentagon

The Pentagon is seeing a major increase in cyberattacks as pandemic-related restrictions mean most security-cleared employees are working from more-vulnerable remote computers. To read more:

https://www.usnews.com/news/national-news/articles/2020-04-13/hackers-exploit-coronavirus-to-surge-attacks-on-us-military

 

RubyGems

Researchers discovered over 700 malicious packages written in Ruby being distributed through the RubyGems repository. This campaign uses typosquatting techniques where attackers upload intentionally misspelled packages. To read more: https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html

 

Pulse Secure VPN

The US Cybersecurity and Infrastructure Security Agency warned organizations of a remote code-execution vulnerability in Pulse Secure VPN servers. To read more: https://thehackernews.com/2020/04/pulse-secure-vpn-vulnerability.html

 

FBI Foreign Hackers

The FBI has seen evidence of foreign state-sponsored hackers breaking into US COVID-19 research institutions. To read more:

https://www.forbes.com/sites/daveywinder/2020/04/17/fbi-says-foreign-states-hacked-into-us-covid-19-research-centers-report/#7c5d13cf3c29

 

U.S. Hospitals

Hackers have deployed ransomware against the systems of US hospitals and government entities using Active Directory credentials stolen months after exploiting a known pre-auth remote code-execution vulnerability in their Pulse Secure VPN servers. To read more:

https://www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/

 

Aptoide

Credentials of 20m users of an Android app store known as Aptoide have been published online by a hacker who claims to have an additional 19m stolen user records. To read more:

https://www.forbes.com/sites/daveywinder/2020/04/19/hacker-claims-android-app-store-breach-publishes-20-million-user-credentials/#6f605b76736d

 

Mediterranean Shipping Company

This container-shipping company reported a network outage issue impacting msc.com. Malware may have forced the closure of one of the company’s data centers, but investigation into the cause of the outage is ongoing. To read more: https://www.infosecurity-magazine.com/news/msc-suffers-suspected-cyberattack/

 

Energias de Portugal

A Portuguese energy firm suffered a ransomware attack that stole more than 10TB of sensitive files. The hackers threatened to leak the data unless the firm paid $11m in ransom. To read more: https://www.businessinsurance.com/article/20200415/STORY/912334047/Energy-firm-suffers-cyber-attack,-extorted-for-$11-million

 

Wappalyzer

Wappalyzer, a technology data firm, disclosed a security breach after a hacker began emailing customers and offering to sell the company’s database for $2,000. To read more: https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/

 

Cognizant

The IT-services company Cognizant suffered a Maze ransomware attack. To read more: https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.