OkCupid
Several OkCupid users contacted TechCrunch because they believed
their accounts were hacked. OkCupid put out a statement saying that
there was no security breach. The attacks appear to be credential
stuffing attacks that can be stopped with Two Factor
Authentication, which OkCupid and many other dating sites do not
have. To read more: https://techcrunch.com/2019/02/10/okcupid-account-hacks/
Australian Parliament
The Australian parliament announced that they found an unknown
intruder trying to hack their computer systems. Officials said
there were no indications of data theft as of yet. To read more:
https://www.cisomag.com/parliament-of-australia-hit-by-cyber-attack/
VFEmail
Email provider VFEmail suffered what it’s calling “catastrophic
destruction” due to a hacker trashing all of the company’s primary
and backup data located in the United States. VFEmail believes that
18 years worth of data is completely gone. After two hours, VFEmail
managed to stop the hacker who was formatting one of the company’s
mail servers in the Netherlands. The attacker managed to format all
the disks on every server in the US ultimately meaning that every
VM, every file server and every backup was lost. To read more:
https://krebsonsecurity.com/2019/02/email-provider-vfemail-suffers-catastrophic-hack/
Dunkin Donuts
Dunkin Donuts announced that it was hit with a second credential
stuffing attack. Hackers were able to gain entry to the Dunkin
Donuts Perks rewards accounts using credentials leaked from other
sites. To read more: https://latesthackingnews.com/2019/02/13/dunkin-donuts-victim-of-second-cyber-attack-in-three-months/
Coffee Meets Bagel
On Valentines Day, a dating app called Coffee Meets Bagel announced
that user account information was stolen by a third-party who
gained unauthorized access to the company’s systems. The breach was
discovered as part of a larger data dump that went up for sale on
the dark web. 673MB of data was taken from late 2017 and mid-2018.
To read more: https://techcrunch.com/2019/02/14/happy-valentines-day-your-dating-app-account-was-hacked-says-coffee-meets-bagel
500px
500px, a Toronto based photo-sharing service 500px announced that
it was a victim of a hack in 2018 and that 148M accounts were
exposed. The unauthorized access occurred in July of 2018. The
company reset all account passwords. To read more: https://petapixel.com/2019/02/13/500px-hacked-personal-data-stolen-from-all-14-8-million-users/
Package 2
A hacker, who previously sold 620M stolen account credentials, just
put up a second batch of 127M records from eight new sites on the
dark web. The sites include Houzz, YouNow, Ixigo, Stronghold
Kingdoms, Roll20.net, Ge.tt, Petflow, Vbulletin forum, and Coinmama
(cryptocurrency exchange). To read more: https://thehackernews.com/2019/02/data-breach-website.html
Coinmama
The Coinmama team notified users that it suffered a data breach
that resulted in customer data going up for sale on a dark web
registry. The data includes 450,000 emails and hashed passwords.
The breach was a part of the larger Package 2 breach. To read more:
https://ethereumworldnews.com/coinmama-suffers-data-breach-affecting-450000-emails-and-hashed-passwords/
Taco Bueno
The owner of the Taco Bueno chain restaurant said malware infected
Point of Sale devices at 150 restaurants last year. Taco Bueno
started deploying end-to-end encryption at some locations, but the
locations that were affected did not have encryption. To read more:
https://www.nrn.com/quick-service/taco-bueno-outlines-data-breach-incident
BlankMediaGames
Back in January, hackers broke into the servers of computer game
maker BlankMediaGames and stole 7.6M user account details of people
who signed up to play Town of Salem. One of the users who
frequented the gaming site was a hacker who called in multiple bomb
threats to schools and launched DDoS attacks. The Department of
Justice arrested Timothy Dalton Vaughn after one of his online
aliases was found as part of the leaked Town of Salem credentials.
To read more: https://krebsonsecurity.com/2019/02/bomb-threat-hoaxer-exposed-by-hacked-gaming-site/
Bank of Valletta
A major Maltese bank
shut down all of its operations after detecting a cyber attack. An
attacker broke into its systems and tried to shift funds overseas.
To minimize the risk the bank closed ATMs and disabled its website.
To read more: https://www.reuters.com/article/us-bank-valetta-cyber/cyber-attack-on-malta-bank-tried-to-transfer-cash-abroad-idUSKCN1Q21KZ
Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.
Docker
A security vulnerability was found in RunC that enables container
breakout. According to a SUSE engineer, security researchers
discovered the vulnerability which “allows a malicious container to
(with minimal user interaction) overwrite the host RunC binary and
thus gain root-level code execution on the host.” To read more:
https://www.zdnet.com/article/doomsday-docker-security-hole-uncovered/
.exe malware
Security researchers at Trend Micro discovered a new way that
hackers are bypassing macOS security by deploying
malicious .exe files. The researchers could not get the same
EXE files to run on Windows machines as this malware is
specifically targeted to MacOS users. To read more: https://thehackernews.com/2019/02/macos-windows-exe-malware.html
Microsoft
According to a new study, 70% of all vulnerabilities in Microsoft
products that are addressed in security updates are memory safety
issues. Memory safety bugs occur when software accesses system
memory in a way that exceeds its allocated size and memory
addresses (think buffer overflows). To read more: https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/
Xiaomi electric scooters
Researchers from a mobile security firm discovered a severe
vulnerability in Xiaomi’s M365 Folding Electric Scooter. Due to
improper validation of the password on the scooter’s end, a remote
attacker could send unauthenticated commands over Bluetooth to
target a vehicle. To read more: https://thehackernews.com/2019/02/xiaomi-electric-scooter-hack.html
Adobe Reader DC
A temporary patch was released to stop a zero-day vulnerability in
Adobe Reader that could enable hackers to steal hashed password
values. The vulnerability allows a PDF document to automatically
send a message-block request to an attacker’s server as soon as the
document is opened. To read more: https://threatpost.com/temporary-patch-released-for-adobe-reader-zero-day/141701/
Snapd flaw
Ubuntu and several other Linux distributions are vulnerable to a
severe privilege escalation flaw. The flaw called “Dirty_Sock” is
in the REST API for snapd service, a universal Linux packaging
system. Snapd comes default installed on all versions of Ubuntu,
Debian, OpenSUSE, Arch Linux, Solus, and Fedora. To read more:
https://thehackernews.com/2019/02/snapd-linux-privilege-escalation.html
Shlayer malware
A new variant of Shlayer malware is targeting macOS users and can
disable Gatekeeper protections to run unsigned payloads. The
malware is disguised as a fake Adobe Flash Player installer. To
read more: https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-macos-gatekeeper-to-run-unsigned-payloads/
Intel SGX Enclaves
Researchers discovered a way to hide malware in Intel SGX enclaves.
The enclaves are a hardware-based memory encryption feature that
isolates sensitive code and data to protect it from modification.
The same team that discovered the Spectre flaws was able to bypass
the protections using return-oriented programming (ROP). To read
more: https://thehackernews.com/2019/02/intel-sgx-malware-hacking.html
Twitter
A security researcher found that Twitter keeps direct messages
including those you have deleted for years. The researcher said
this is a “functional bug” rather than a security flaw, but it
allows anyone to bypass mechanisms put in place to prevent access
to suspended or deactivated accounts. To read more: https://techcrunch.com/2019/02/15/twitter-direct-messages/
Facebook login phishing campaign
Researchers found a new phishing campaign that is spoofing users
with fake prompts to login into Facebook to read exclusive content.
The fake pop-up was created with HTML and JavaScript to reproduce
the look and feel of a legitimate browser. The only way to check
the authenticity of the pop-up is to drag the prompt away from the
window it is displayed in. If part of the pop-up disappears, it’s a
fake. To read more: https://thehackernews.com/2019/02/advance-phishing-login-page.html
WordPress
Hackers are exploiting a vulnerability in the “WP Cost Estimation
& Payment Forms Builder” plugin. Hackers were abusing an
AJAX-related flaw in the plugin’s upload functionality to save
files with strange extensions. They would then upload a file that
associated the file extension with the site’s PHP interpreter
ensuring a backdoor. To read more: https://www.zdnet.com/article/another-wordpress-commercial-plugin-gets-exploited-in-the-wild/
Learn more about Polyscripting and how to stop this WordPress attack.
Windows NTLM password
An open source password recovery tool called HashCat can crack an
eight-character Windows NTLM password hash in under 2.5 hours. NTLM
is an old Microsoft authentication protocol that was replaced with
Kerberos but its still used for storing Windows passwords locally
or in the NTDS.dit file in Active Directory Domain Controllers. To
read more: https://www.theregister.co.uk/2019/02/14/password_length/
Sign up below and receive these reports and more, directly in your inbox.