Polyverse Weekly Breach Report – Apr 27th 2020

Apr 27, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

SCADA COVID malware

Malware infecting government and energy sectors in Azerbaijan is using COVID-19 themes to snare victims. The malware apparently specifically targets supervisory control and data acquisition (SCADA) systems. To read more: https://thehackernews.com/2020/04/coronavirus-scada-malware.html

 

IBM

A researcher disclosed technical details for four unpatched zero-day vulnerabilities in IBM Data Risk Manager. To read more: https://thehackernews.com/2020/04/ibm-data-risk-manager-vulnerabilities.html

 

FPGA chips

A hardware vulnerability in Xilinx programmable logic products enables an attacker to break bitstream encryption and implant hardware trojans. The attacks are against Xilinx 7-Series and Virtex-6 field-programmable gate arrays. To read more: https://thehackernews.com/2020/04/fpga-chip-vulnerability.html

 

Facebook

Hackers sold the data of 267m Facebook users on the dark web. Included were email addresses, names, user IDs, phone numbers and birthdates. To read more:

https://www.forbes.com/sites/zakdoffman/2020/04/20/facebook-users-beware-hackers-just-sold-267-million-of-your-profiles-for-540/#206856a47c85

 

iPhone zero-day

The cybersecurity startup ZecOps discovered a new iPhone zero-day exploit. Apple will patch the vulnerability in an upcoming release of iOS 13. To read more: https://www.vice.com/en_us/article/pken5n/iphone-email-zero-day-hack-in-the-wild

 

Nintendo

Nintendo users reported that their accounts are being hacked and accessed from remote locations. Some users reported that they lost money due to the intrusions. To read more: https://www.zdnet.com/article/nintendo-accounts-are-getting-hacked-and-used-to-buy-fortnite-currency/

 

Ad servers

A hacker group has been taking over ad servers for the past nine months, inserting malicious ads into their ad inventory. About 60 servers have been compromised by the malicious ads, which redirect users to malware download sites. To read more:

https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/

 

Equity firms

Three British private-equity firms fell victim to wire-transfer fraud, moving a total of $1.3m to bank accounts controlled by cyber-criminals. The group behind the attack has previously  targeted manufacturing, construction, legal and finance sectors around the world. To read more: https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html

 

Webkinz

Hackers leaked contents of a database belonging to the online-gaming platform and toymaker Webkinz. The breach affects 23m users. To read more:https://techdator.net/webkinz-data-breach-leaked-about-23-million-user-accounts/

 

RigUp

RigUp, a workforce platform that serves the oil and gas industry, suffered a data breach. Researchers found more than 70,000 leaked files on employees and job candidates. To read more: https://www.mrt.com/business/oil/article/Data-security-firm-finds-massive-leak-of-RigUp-15210749.php

 

Hackers target China’s state C-19 apparatus

Hackers linked to the Vietnamese government targeted the email accounts of several Chinese organizations that are either researching COVID-19 or producing propaganda playing down China’s role in creating the global pandemic. To read more:

https://www.reuters.com/article/us-health-coronavirus-cyber-vietnam/vietnam-linked-hackers-targeted-chinese-government-over-coronavirus-response-researchers-idUSKCN2241C8

 

Cryptocurrency platforms

In an effort to steal funds, attackers tried to exploit weaknesses in two cryptocurrency platforms, Uniswap and Lendf.me. A security firm deemed both platforms vulnerable to re-entrancy attacks. To read more:

https://latesthackingnews.com/2020/04/24/hackers-targeted-two-cryptocurrency-platforms-to-steal-25-million-worth-of-crypto-assets/

 

VictoryGate

Researchers took down a portion of a malware botnet composed of 35,000 compromised Windows systems that were mining Monero cryptocurrency. The botnet, called VictoryGate, has been active since May 2019, mainly impacting Latin American entities. To read more: https://thehackernews.com/2020/04/usb-drive-botnet-malware.html

 

Volusion

Customers who made credit-card payments through Michigan State University’s website shop.msu.edu were impacted by a breach at the third-party e-commerce vendor Volusion. To read more: https://www.wilx.com/content/news/MSU-says-data-breach-impacts-hundreds-569818441.html

 

Small Business Administration

The US Small Business Administration announced a data breach impacting the portal that business owners use to apply for emergency loans. The breach appears to have affected 8,000 loan applicants. To read more: https://www.zdnet.com/article/sba-reveals-potential-data-breach-impacting-8000-emergency-business-loan-applicants/

 

Robert Dyas

This UK hardware store announced that card-skimming malware on its e-commerce website led to the theft of customer data. To read more: https://www.zdnet.com/article/stuck-at-home-uk-lockdown-diy-fans-slammed-by-robert-dyas-data-breach/

 

Whisky auction

A cyberattack was launched against the website of UK company Whisky Auctioneer, leading to the shutdown and indefinite postponement of one of the most widely documented whisky auctions of the year. To read more:https://www.forbes.com/sites/georgekoutsakis/2020/04/23/cyber-attack-targets-sale-the-worlds-most-expensive-whisky/#249f537243c0

 

WHO

The World Health Organization reported a fivefold increase in cyberattacks targeting organizations working in response to coronavirus. Last week, 450 active WHO email addresses and passwords were leaked online. To read more: https://www.who.int/news-room/detail/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.