Polyverse Weekly Breach Report – Dec. 16th

Dec 16, 2019By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Snatch ransomware

Cybersecurity researchers found a new variant of the Snatch ransomware infecting Windows computers. Snatch runs in Safe Mode to avoid antivirus detection. To read more: https://thehackernews.com/2019/12/snatch-ransomware-safe-mode.html

 

BMW and Hyundai

Hackers with ties to the Vietnamese government breached BMW and Hyundai. The attackers installed a pen-testing toolkit on infected hosts to backdoor into the compromised network. To read more: https://www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/

 

macOS

Researchers caught a hacking group attempting to put a fileless Trojan, disguised as a cryptocurrency trading application, on Apple macOS computers. To read more: https://nakedsecurity.sophos.com/2019/12/06/mac-users-targetted-by-lazarus-fileless-trojan/

 

iPR Software

Researchers discovered a misconfigured AWS S3 bucket that belongs to iPR Software, a hosted CMS platform for online newsrooms. The database contained sensitive documents belonging to GE, Dunkin’ Donuts, Forever 21, and others. To read more: https://threatpost.com/ge-dunkin-forever21-internal-doc-leak/150920/

 

Complete Technology Solutions

Hackers broke through the network of a Colorado-based IT company and installed ransomware on computers at more than 100 dentists who use the company for IT services. To read more: https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/

 

Airtel

A security vulnerability in Airtel’s mobile application exposed the data of 32 core subscribers of what is the third-largest telecom service provider in India. To read more: https://www.businessinsider.in/tech/news/airtel-data-breach-exposes-personal-data-of-32-crore-subscribers/articleshow/72428075.cms

 

Pensacola

The city of Pensacola experienced a cyberattack that took several services offline. Officials are unsure whether the incident is related to the shooting at Pensacola Naval Air Station. To read more:https://www.cnn.com/2019/12/09/us/pensacola-cyber-attack/index.html

 

STCS

A Saudi Arabian telecom company exposed a server containing thousands of continuously updated GPS locations. The server contained an instance of Kibana, software used for sorting and visualizing data entries. To read more:https://www.vice.com/en_us/article/3kxxe9/saudi-telecom-stcs-exposed-gps-locations

 

PlunderVolt

Researchers discovered a new attack called Plundervolt that relies on how modern processors allow frequency and voltage to be adjusted when needed to induce errors in the memory by flipping bits. The attack, which is similar to Spectre, injects faults in the CPU before they get written to memory. To read more: https://thehackernews.com/2019/12/intel-sgx-voltage-attack.html

 

Windows

Microsoft patched a Windows zero-day vulnerability that attackers are exploiting in the wild alongside a Chrome exploit to take control of vulnerable devices. To read more: https://thehackernews.com/2019/12/windows-zero-day-patch.html

 

Adobe

Adobe released updates for Acrobat, Photoshop, ColdFusion and Brackets to patch 25 security vulnerabilities. To read more: https://thehackernews.com/2019/12/adobe-software-update.html

 

 

https://upscri.be/9816bc

Birth certificates

A company that enables users to obtain a copy of their birth certificates from US state governments left an AWS S3 bucket open online. The bucket contained more than 752,000 birth certificates. To read more: https://techcrunch.com/2019/12/09/birth-certificate-applications-exposed/

 

Cherokee Indians

Ransomware targeted the computer networks and websites for the Eastern Band of Cherokee Indians. To read more: https://www.charlotteobserver.com/news/state/north-carolina/article238221444.html

 

Zeppelin ransomware

A new variant of Vega ransomware called Zeppelin is targeting healthcare companies around the world. Zeppelin is deployed as an EXE, DLL, or wrapped in a PowerShell loader and logs IPs of victim machines. To read more:https://thehackernews.com/2019/12/zeppelin-ransomware-attacks.html

 

DroneSense

This company, which sells a drone platform to government, law enforcement and private clients, exposed a database of customer information. The data gives in-depth insights into how police departments are using drones, potentially putting the integrity of law-enforcement investigations at risk. To read more: https://www.vice.com/en_us/article/qjdddp/data-shows-where-police-fly-drones-dronesense

 

Ring

A hacker broke into a Ring security camera installed in the bedroom of three children and spoke through the device to one of the girls. To read more:https://www.vice.com/en_us/article/3a88k5/how-hackers-are-breaking-into-ring-cameras

 

iPhone encryption key

Researchers accused Apple of abusing the Digital Millennium Copyright Act to take down a tweet and Reddit posts that discussed techniques to hack iPhones. A researcher posted an encryption key that could be used to reverse engineer the Secure Enclave Processor in iPhones on Twitter. To read more: https://www.vice.com/en_us/article/pkeeay/apple-dmca-take-down-tweet-containing-an-iphone-encryption-key

 

Elementor and Beaver addons

WordPress websites with the Elementor and Beaver plugins installed are vulnerable to hacks. Hackers started exploiting the vulnerability in the wild two days after discovery to install malicious backdoors on websites. To read more: https://thehackernews.com/2019/12/wordpress-elementor-beaver.html

 

Siemens

Researchers reported 54 bugs in a Siemens industrial-control system, which is mostly used by fossil-fuel and large-scale renewable power plants. To read more: https://www.theregister.co.uk/2019/12/13/siemens_security_advisory/

 

Echobot botnet

Echobot was updated to include 77 new exploits that enable remote code execution. The exploits impact routers, IP cameras, VoIP phones, smart home hubs, and other IoT devices. To read more: https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/

 

Node.js Package Manager (Npm)

The Npm team issued a security alert advising all users to update to the latest version to stop binary planting attacks. The Npm command-line interface client was vulnerable to a file traversal, and an arbitrary overwrite issue where an attacker could plant malicious binaries on a user’s computer. To read more: https://www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.