Polyverse Weekly Breach Report – Feb. 24th 2020

Feb 24, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Fox Kitten

Researchers discovered a cyber-espionage campaign directed at the IT, telecommunications, oil and gas, aviation and government sectors. The Iranian state-sponsored hackers are exploiting VPN flaws in an attempt to compromise internal networks. To read more: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html

 

ThemeGrill Demo Importer

The ThemeGrill WordPress plugin contains an easy-to-exploit software vulnerability that enables remote attackers to compromise websites and blogs. The plugin is installed on more than 200,000 sites. To read more: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html

 

Firmware

A cybersecurity firm published a report claiming that unsigned firmware persists as a major problem in device and peripheral products. Many manufacturers don’t sign the firmware they ship, or fail to enforce checks every time drivers are loaded. To read more: https://www.zdnet.com/article/five-years-after-the-equation-group-hdd-hacks-firmware-security-still-sucks/

 

IOTA cryptocurrency

IOTA Foundation, the nonprofit behind this cryptocurrency, shut down its network after hackers exploited a vulnerability in the IOTA wallet app. In order to break in and steal funds, the hackers exploited a third-party integration. The IOTA network is still down while the foundation investigates the hack. To read more: https://www.zdnet.com/article/iota-cryptocurrency-shuts-down-entire-network-after-wallet-hack/

 

Energy-industry attack

The Department of Homeland Security issued a warning to critical-infrastructure industries, after a ransomware attack targeted an unnamed natural-gas compression facility and took its servers out of operation for two days. To read more: https://thehackernews.com/2020/02/critical-infrastructure-ransomware-attack.html

 

Like of the Year 2020

Researchers discovered a fraud scheme that targets Russian internet users in order to steal their payment-card information. The attack gets users to participate in a spoofed “Like of the Year 2020” contest. To read more: https://thehackernews.com/2020/02/like-of-the-year-scam.html

 

MGM hotels

Information on 10.6m hotel guests was published on a hacking forum last week, including personal and contact details of celebrities, CEOs, reporters and government officials. To read more: https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/

 

Georgia cyberattacks

The US State Department released a statement calling out Russia for the cyberattacks that hit the country of Georgia last fall. To read more: https://www.wired.com/story/us-blames-russia-gru-sweeping-cyberattacks-georgia/

 

Neebs Gaming

This YouTube gaming channel, which has 1.88m subscribers, was hacked over the weekend. The hackers attempted to collect Bitcoin from viewers and subscribers. To read more: https://www.hackread.com/popular-youtube-gaming-channel-hacked-crypto-scam/

 

ThemeREX Addons

Attackers are creating user accounts with admin permissions on WordPress sites by exploiting a vulnerability in the plugin ThemeRX Addons. To read more:https://www.bleepingcomputer.com/news/security/zero-day-in-wordpress-plugin-exploited-to-create-admin-accounts/

 

Citrix

Hackers were inside Citrix networks for five months before they were discovered. The hackers stole personal and financial data on company employees, contractors, interns and others. To read more: https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/

 

Microsoft subdomains

A security researcher discovered that Microsoft has trouble managing its thousands of subdomains, some of which have been hacked. A total of 21 msn.com subdomains were reported as misconfigured in 2017 and another 142 microsoft.com subdomains were reported  in 2019, but only 5-10% have been fixed. To read more: https://www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/

 

DISA

DISA informed victims that a data breach from May through July 2019 impacted their data. To read more: https://thehill.com/policy/cybersecurity/483853-defense-department-agency-suffers-potential-data-breach

 

Pasco and Kobe Steel

Two large Japanese companies experienced a data breach during the past few years. The companies reported that malware infected internal networks and files were stolen. To read more: https://www.cpomagazine.com/cyber-security/major-japanese-defense-contractors-admit-to-data-breach-incidents-dating-back-to-over-four-years-ago/

 

INA Group

A cyberattack crippled business operations at INA Group, Croatia’s largest oil company. Ransomware infected and encrypted some of the company’s backend servers. To read more: https://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/

 

Like the report? Sign up below and get it in your inbox.

Products
Polymorphing - Linux
Polymorphic Build Farm - Open Source
Polyscripting
Polyscripting - WordPress
Solutions
Finance
Healthcare
Defense
DevSecOps
Embedded/IoT
HPC
Government
SUSE
Resources
Linux Weakness Report
Open Source Projects
Documentation
Resource Library
Webinars
Demos
Blogs
FAQ
Pricing
How to Buy
Partners
Free Trial
Get Demo
Company
About Us
Newsroom
Careers
Contact Us

10400 NE 4th St.
Suite 500
Bellevue, WA 98004

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

polyverse small logo

© 2020 Polyverse

Terms of Use
Zerotect Terms and Conditions