Polyverse Weekly Breach Report – Feb. 24th 2020

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Fox Kitten

Researchers discovered a cyber-espionage campaign directed at the IT, telecommunications, oil and gas, aviation and government sectors. The Iranian state-sponsored hackers are exploiting VPN flaws in an attempt to compromise internal networks. To read more: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html

ThemeGrill Demo Importer

The ThemeGrill WordPress plugin contains an easy-to-exploit software vulnerability that enables remote attackers to compromise websites and blogs. The plugin is installed on more than 200,000 sites. To read more: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html

Firmware

A cybersecurity firm published a report claiming that unsigned firmware persists as a major problem in device and peripheral products. Many manufacturers don’t sign the firmware they ship, or fail to enforce checks every time drivers are loaded. To read more: https://www.zdnet.com/article/five-years-after-the-equation-group-hdd-hacks-firmware-security-still-sucks/

IOTA cryptocurrency

IOTA Foundation, the nonprofit behind this cryptocurrency, shut down its network after hackers exploited a vulnerability in the IOTA wallet app. In order to break in and steal funds, the hackers exploited a third-party integration. The IOTA network is still down while the foundation investigates the hack. To read more: https://www.zdnet.com/article/iota-cryptocurrency-shuts-down-entire-network-after-wallet-hack/

Energy-industry attack

The Department of Homeland Security issued a warning to critical-infrastructure industries, after a ransomware attack targeted an unnamed natural-gas compression facility and took its servers out of operation for two days. To read more: https://thehackernews.com/2020/02/critical-infrastructure-ransomware-attack.html

Like of the Year 2020

Researchers discovered a fraud scheme that targets Russian internet users in order to steal their payment-card information. The attack gets users to participate in a spoofed “Like of the Year 2020” contest. To read more: https://thehackernews.com/2020/02/like-of-the-year-scam.html

MGM hotels

Information on 10.6m hotel guests was published on a hacking forum last week, including personal and contact details of celebrities, CEOs, reporters and government officials. To read more: https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/

Georgia cyberattacks

The US State Department released a statement calling out Russia for the cyberattacks that hit the country of Georgia last fall. To read more: https://www.wired.com/story/us-blames-russia-gru-sweeping-cyberattacks-georgia/

Neebs Gaming

This YouTube gaming channel, which has 1.88m subscribers, was hacked over the weekend. The hackers attempted to collect Bitcoin from viewers and subscribers. To read more: https://www.hackread.com/popular-youtube-gaming-channel-hacked-crypto-scam/

ThemeREX Addons

Attackers are creating user accounts with admin permissions on WordPress sites by exploiting a vulnerability in the plugin ThemeRX Addons. To read more:https://www.bleepingcomputer.com/news/security/zero-day-in-wordpress-plugin-exploited-to-create-admin-accounts/

Citrix

Hackers were inside Citrix networks for five months before they were discovered. The hackers stole personal and financial data on company employees, contractors, interns and others. To read more: https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/

Microsoft subdomains

A security researcher discovered that Microsoft has trouble managing its thousands of subdomains, some of which have been hacked. A total of 21 msn.com subdomains were reported as misconfigured in 2017 and another 142 microsoft.com subdomains were reported  in 2019, but only 5-10% have been fixed. To read more: https://www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/

DISA

DISA informed victims that a data breach from May through July 2019 impacted their data. To read more: https://thehill.com/policy/cybersecurity/483853-defense-department-agency-suffers-potential-data-breach

Pasco and Kobe Steel

Two large Japanese companies experienced a data breach during the past few years. The companies reported that malware infected internal networks and files were stolen. To read more: https://www.cpomagazine.com/cyber-security/major-japanese-defense-contractors-admit-to-data-breach-incidents-dating-back-to-over-four-years-ago/

INA Group

A cyberattack crippled business operations at INA Group, Croatia’s largest oil company. Ransomware infected and encrypted some of the company’s backend servers. To read more: https://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/

Like the report? Sign up below and get it in your inbox.