Polyverse Weekly Breach Report – Mar. 2nd 2020

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Chrome

Google released software updates for Chrome that fixed three high-severity vulnerabilities. To read more: https://thehackernews.com/2020/02/google-chrome-zero-day.html

OpenSMTPD

A new vulnerability was discovered in OpenSMTPD that enables remote attackers to take control of email servers running BSD or Linux operating systems. To read more: https://thehackernews.com/2020/02/opensmtpd-email-vulnerability.html

Quebec teachers

Using a stolen user code and password, hackers accessed a database containing personal information on 360,000 Quebec teachers. To read more:https://globalnews.ca/news/6582061/personal-information-quebec-teachers-data-breach/

Slickwraps

Online store Slickwraps, which sells skins for smartphones, tablets and other devices, announced a data breach. Over 850,000 user accounts were impacted due to inadequately protected databases. To read more: https://www.zdnet.com/article/slickwraps-says-customer-trust-was-violated-in-avoidable-data-breach/

Mexico’s Secretariat of Economy

This Mexican ministry detected a cyberattack on its servers, but apparently determined that no sensitive information was accessed. To read more: https://www.reuters.com/article/us-mexico-economy-cyberattack/mexicos-economy-ministry-hit-by-cyber-attack-idUSKCN20J0BI

PayPal

Hackers exploited a bug in PayPal’s integration with Google Pay in order to make unauthorized transactions. Most of the victims appear to be German PayPal users. To read more: https://www.zdnet.com/article/paypal-accounts-are-getting-abused-en-masse-for-unauthorized-payments/

Olympics tickets

Two ticket-reselling sites were compromised with Magecart skimming malware. To read more:https://www.scmagazine.com/home/security-news/malware/magecart-group-12-named-as-actor-behind-olympic-ticket-pos-attack/

Samsung

Samsung announced that some users had access to other users’ personal data after a mystery push notification from the app Find My Mobile. According to the company, a technical error caused the issue and has since been fixed. To read more: https://www.theregister.co.uk/2020/02/24/samsung_data_breach_find_my_mobile/

Cyber Command

Newly released documents illustrate why the US military publicly releases North Korean and Russian hacking tools. By publishing the malware, Cyber Command attempts to make it harder for the hackers to remain undetected. To read more: https://www.vice.com/en_us/article/5dmwyx/documents-how-cybercom-publishes-russian-north-korean-malware-virustotal

Zyxel

Zyxel released security updates to fix a bug in its network-attached storage devices. Hackers are actively exploiting the flaw to deploy ransomware. Zyxel admits that the same bug also exists in many of its firewall products. To read more: https://krebsonsecurity.com/2020/02/zyxel-0day-affects-its-firewall-products-too/

Cypress Semiconductor

A vulnerability exists in Wi-Fi chips made by Cypress Semiconductor. The vulnerability enables attackers to decrypt sensitive data sent over the air. To read more: https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/

Cloud snooper

A new attack used a rootkit to sneak traffic through an unidentified victim’s firewalls in order to drop a Trojan onto its cloud servers, circumventing both on-premise firewalls and those running in Amazon Web Services. The hack functions on both Linux and Windows EC2-based servers. A nation-state is thought to be behind the attack. To read more: https://www.darkreading.com/cloud/cloud-snooper-attack-circumvents-aws-firewall-controls/d/d-id/1337171?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

LTE

A vulnerability in the way that LTE networks authenticate and communicate with mobile devices enabled researchers to impersonate mobile devices on 4G and 5G networks. An attacker could use the vulnerability not only to register for services but also to carry out illegal activity in somebody else’s name. To read more: https://nakedsecurity.sophos.com/2020/02/26/lte-vulnerability-allows-impersonation-of-other-mobile-devices/

BGR India

Hackers shared SQL databases from an unsecured AWS S3 bucket that belonged to India’s BGR tech-news website. The database was part of a larger breach of 21.5GB that included details from two other sites. To read more: https://www.bleepingcomputer.com/news/security/sql-dump-from-bgr-india-shared-on-hacker-forum/

Talman Software

A cyberattack hit Talman Software, a company used by more than 75% of Australia’s wool industry to manage trading and deliveries, cancelling transactions for a week. The attacker encrypted the company’s files with ransomware. To read more: https://www.abc.net.au/news/rural/2020-02-27/ransomware-cyber-attack-cripples-australian-wool-sales/12007912

Gadsden New Mexico

Gadsden school district suffered ransomware attacks twice in the past year. Both times, the district was hit with Ryuk ransomware that locked access to IT systems. To read more: https://www.lcsun-news.com/story/news/local/2020/02/25/gadsden-independent-school-district-hit-ransomware-second-time-year-ryuk-virus/4870455002/

Redcar and Cleveland Borough Council

This regional authority in north-east England confirmed that ransomware impacted its IT systems three weeks ago, causing disruption that has not yet been completely fixed. To read more: https://www.zdnet.com/article/cyberattack-on-servers-was-ransomware-says-council/

Most dangerous mobile-app store

The cyber-security company RiskIQ has identified 9Game.com as the mobile-app store with the most malicious app uploads. According to RiskIQ, 61,669 new malicious apps were uploaded to 9Game in 2019. To read more:https://www.zdnet.com/article/report-identifies-the-most-dangerous-mobile-app-store-on-the-internet/

UK Financial Conduct Authority

The UK’s Financial Conduct Authority announced a data breach that exposed the personal information of 1,600 consumers. To read more: https://www.cisomag.com/u-k-s-financial-conduct-authority-admits-to-accidental-data-breach/

Rwandan data center

A hacker brought down a data center hosting Rwandan government servers. To read more:https://www.datacenterdynamics.com/en/news/rwandan-government-data-center-offline-after-cyber-attack/

RailWorks

RailWorks, a US track-and-transit system provider for railroads, announced a ransomware attack that exposed personal information of current and former employees. To read more: https://www.bleepingcomputer.com/news/security/us-railroad-contractor-reports-data-breach-after-ransomware-attack/

Rotherwood Healthcare

This English care home exposed personal information of the elderly patients living there. The company left an Amazon S3 bucket exposed on the internet. To read more:https://www.theregister.co.uk/2020/02/26/rotherwood_healthcare_data_leak_10k_records_aws/?ck_subscriber_id=512831035

Like the report? Sign up below and get it in your inbox.