Polyverse Weekly Breach Report – Feb. 17th 2020

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Crew & Concierge

A British yacht-crew recruitment agency left an Amazon S3 bucket open on the internet, exposing the personal information of 17,000 people. To read more:https://www.theregister.co.uk/2020/02/04/crew_and_concierge_data_breach/?ck_subscriber_id=512831035

Equifax

The U.S. Justice Department charged four members of the Chinese military with hacking Equifax and stealing personal information of millions of Americans. To read more: https://apnews.com/05aa58325be0a85d44c637bd891e668f

Likud

An election website operated by Likud, the political party of Israel’s prime minister, exposed the personal information of 6.5m Israeli voters. Likud shared the entire voter registry with a software-development company, which uploaded it to a website in order to promote a voting-management app. To read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html

Estee Lauder

Researchers found a cloud database belonging to the cosmetics company Estee Lauder exposed online. The database contained personal information on millions of customers and internal logs for the company. To read more:https://threatpost.com/estee-lauder-440m-records-email-network-info/152789/

Crypto AG

Crypto AG, an encryption-device company active during the Cold War and into the 21st century, was secretly owned by the CIA in partnership with West German intelligence. The company sold foreign governments equipment that was rigged to enable the CIA and West Germany to spy on its adversaries. Crypto AGs’s assets were liquidated in 2018. To read more: https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/

Danish tax portal

A software error accidentally exposed the personal identification numbers of 1.26m Danish citizens. The error existed for five years before it was discovered and fixed. To read more: https://www.zdnet.com/article/software-error-exposes-the-id-numbers-for-1-26-million-danish-citizens/

National Portrait Gallery

This London art gallery was targeted by 350,000 phishing email messages containing spam and malware in the second half of 2019. To read more: http://www.thecommentator.com/article/7584/cyber_criminals_in_the_frame_after_national_portrait_gallery_is_hit_with_350_000_email_attacks

Most influential hackers

Forbes has published a list of the top 20 hackers who shaped the cybersecurity industry. To read more: https://www.forbes.com/sites/daveywinder/2020/02/10/ranked-the-worlds-20-greatest-hackers/#734aa36f10ce

RideLondon

Organizers of the RideLondon cycling event notified participants that their personal information was exposed in a data breach. Fewer than 2,100 people were supposedly affected. To read more: https://www.bbc.com/news/uk-england-london-51456778

Intel

Intel announced a critical vulnerability in the Converged Security and Management Engine (CSME). If exploited, the firmware vulnerability would enable hackers to launch escalation-of-privilege, denial-of-service and information-disclosure attacks. To read more: https://www.zdnet.com/article/intel-warns-of-critical-security-flaw-in-csme-engine/

Emotet malware

Hackers added a new attack vector to the Emotet trojan. Using already infected devices, the malware finds new victims connected to nearby Wi-Fi networks. To read more: https://thehackernews.com/2020/02/emotet-malware-wifi-hacking.html

Facebook’s Twitter and Instagram

Hackers defaced Facebook’s corporate Twitter and Instagram pages. Admins were able to retake control of the accounts and delete the hackers’ messages. To read more: https://nakedsecurity.sophos.com/2020/02/11/facebooks-twitter-and-instagram-accounts-hijacked/

Chrome extensions

Over 500 browser extensions—which have been downloaded millions of times from Google’s Chrome Web Store—were found to be uploading private browsing data to attacker-controlled servers. Google has now removed all known malicious extensions. To read more:https://arstechnica.com/information-technology/2020/02/500-chrome-extensions-secretly-uploaded-private-data-from-millions-of-users/

NextMotion

Thousands of images and records of plastic-surgery patients were left on an unsecured database. The data was gathered from clinics around the world using software made by NextMotion, a French imaging company. To read more:https://www.cnet.com/news/plastic-surgery-images-and-invoices-leak-from-unsecured-database/

Health Share of Oregon

The personal information of a member of Health Share of Oregon was compromised in a recent breach and used to open a U.S. Bank credit card. The compromised member is nine years old. To read more: https://katu.com/news/local/nine-year-old-boys-identity-stolen-in-data-breach-cybersecurity-expert-weighs-in

Rutter’s

This chain of convenience stores and gas stations disclosed a security incident that impacted customers’ payment-card data. To read more:https://securityboulevard.com/2020/02/payment-card-data-security-incident-disclosed-by-rutters/

JailCore

Researchers discovered an unsecured cloud server hosted by Amazon that contained data collected via JailCore, software used by state and county jails to streamline the process of logging inmate check-ins. Reports generated by the software contain a variety of personal and sensitive information. To read more: https://www.vice.com/en_us/article/5dmybx/jail-software-left-inmate-data-exposed-online

Like the report? Sign up below and get it in your inbox.