National Cyber Security Centre
In a UK Cyber Survey, the National Cyber Security Centre (NCSC)
found that 23.2m accounts used “123456” as their password. The NCSC
also published a separate analysis of the 100,000 most commonly
recurring passwords that have been breached. To read more: https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security
WiFi-finder app
A popular hotspot-finder app exposed the WiFi passwords for more
than two million networks. The database of passwords was left
exposed and unprotected enabling anyone to download its contents.
To read more: https://techcrunch.com/2019/04/22/hotspot-password-leak/
Bodybuilding.com
One of the internet’s biggest online stores/forums for fitness and
bodybuilding disclosed a security breach. Customer data may have
been exposed, but the company is not yet sure what data the
attacker accessed. To read more: https://www.zdnet.com/article/bodybuilding-com-discloses-security-breach/
Evisort
A document and contract-management company called Evisort left one
of its document databases unsecured. The company left an
Elasticsearch database open without a password, enabling anyone to
search the files inside. To read more: https://techcrunch.com/2019/04/22/evisort-data-exposed/
ShadowHammer
ASUS was not the only company targeted by ShadowHammer’s
supply-chain attacks. Researchers were able to find several other
malware samples that were signed with valid and legitimate
certificates. The other compromised companies included three Asian
gaming companies and three other South Korean organizations. To
read more: https://www.bleepingcomputer.com/news/security/shadowhammer-targets-multiple-companies-asus-just-one-of-them/
Marcus Hutchins
The “accidental hero” who inadvertently stopped the spread of
WannaCry pleaded guilty to two charges related to writing malware
before his security career. While creating malware is a form of
protected speech you cannot sell or disseminate it. To read more:
https://krebsonsecurity.com/2019/04/marcus-malwaretech-hutchins-pleads-guilty-to-writing-selling-banking-malware/
Amnesty International
Amnesty International’s Hong Kong office was hit by a cyberattack
from hackers with links to the Chinese government. Amnesty detected
the breach when it was migrating its IT infrastructure to a more
secure international network. To read more: https://www.france24.com/en/20190425-amnesty-says-hong-kong-office-hit-china-linked-cyber-attack
Docker Hub
Docker Hub alerted users that someone gained unauthorized access to
a single Hub database that stored non-financial user data. To read
more: https://success.docker.com/article/docker-hub-user-notification
GoDaddy
GoDaddy removed a cluster of 15,000 fraudulent websites. The
hackers sold products such as weight-loss pills that used fake
celebrity endorsements and breached sites. The hackers even set up
subdomains on legitimate websites. To read more: https://www.axios.com/godaddy-scam-fake-sales-sites-celebrity-endorsements-d7bf0722-5b71-4cc3-9cac-ab5279bc701a.html
Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.
Tchap
The French Government launched a messaging app called Tchap, which
was supposed to be more secure than Telegram. Unfortunately, the
platform has already been hacked. A French security researcher
discovered an email validation error that could be used to create
an account and gain access to messaging groups. To read more:
https://threatpost.com/frances-secure-telegram-messaging-hacked/144010/
Carbanak
Security researchers discovered the full source code for the
Carbanak malware. Security researchers found the source code,
builders and unseen plugins after they were uploaded on the
VirusTotal malware scanning engine. To read more: https://thehackernews.com/2019/04/carbanak-malware-source-code.html
Social Warfare
A recently disclosed bug in the WordPress plugin Social Warfare is
putting 40,000 websites at risk. The vulnerability is both a stored
cross-site scripting vulnerability and a remote code-execution bug.
Social Warfare is a plugin that enables websites to add social
sharing buttons to their pages. To read more: https://threatpost.com/exploits-social-warfare-wordpress/144051/
Malicious apps
Fifty malicious apps managed to bypass Google’s security checks and
end up in the Google Play store. These apps were downloaded 30m
times and pretend to be lifestyle services. Some of the apps
include Pro Piczoo, Photo Blur Studio, Mov-tracker, and Pro Photo
Eraser. To read more: https://www.zdnet.com/article/30-million-android-users-have-installed-malicious-lifestyle-apps/
WebMonitor RAT
A program called “WebMonitor” was designed to allow users to
control a computer via a web browser remotely. The makers of the
program say their product is legal and that it helps users handle
the security of owned devices. However, WebMonitor is far more
likely to be deployed on hacked devices. The software is classified
as malware by most antivirus companies. To read more: https://krebsonsecurity.com/2019/04/whos-behind-the-revcode-webmonitor-rat/
IP spoofing
An internet traffic-mapping company noticed a surge in traffic
mimicking the IP addresses of US banks, including Bank of America,
JPMorgan Chase, and SunTrust. According to researchers,
concentrated spoofing at this scale is unusual. To read more:
https://www.cyberscoop.com/spoofed-bank-ip-address-greynoise-andrew-morris-bank-of-america/
Qualcomm
Qualcomm deployed patches for a bug that enables attackers to
retrieve private data and encryption keys that are stored in a
secure area of the chipset known as the Qualcomm Secure Execution
Environment. It is up to Android OS updates to deploy the patches.
To read more: https://www.zdnet.com/article/security-flaw-lets-attackers-recover-private-keys-from-qualcomm-chips/
iTrack and ProTrack
A hacker broke into 7,000 iTrack and 20,000 ProTrack accounts.
These apps are used by companies to monitor and manage vehicle
fleets through GPS tracking. In some cases, the hacker was able to
remotely turn off the engines of vehicles traveling 12 miles per
hour or slower. To read more: https://motherboard.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps
WooCommerce Checkout Manager
An unpatched vulnerability exists in a plugin called WooCommerce
Checkout Manager that extends the functionality of WooCommerce. The
vulnerability is an “arbitrary file upload” flaw that can be
exploited. To read more: https://thehackernews.com/2019/04/wordpress-woocommerce-security.html
Oracle WebLogic
Researchers warned of an unpatched zero-day in Oracle WebLogic
server. The vulnerability is a critical deserialization
remote-code-execution vulnerability that affects all versions of
the software. To read more: https://thehackernews.com/2019/04/oracle-weblogic-hacking.html
iLnkP2P
Researchers found security flaws in iLnkP2P, software that is
bundled with millions of IoT devices. iLnkP2P devices have no
authentication or encryption and can be easily enumerated. To read
more: https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
Sign up below and receive these reports and more, directly in your inbox.