Polyverse Weekly Breach Report – Mar. 30th 2020

Mar 30, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Android apps

More than 50 Android apps on the Google Play Store were found to be using a new malware program called Tekya. The malware imitates user actions to click on ads from advertising networks. To read more: https://thehackernews.com/2020/03/android-apps-ad-fraud.html

 

Windows

Microsoft is warning users about two new, unpatched zero-day vulnerabilities that could enable hackers to take remote control of targeted computers. To read more: https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html

 

LILIN surveillance systems

Multiple zero-day vulnerabilities were discovered in digital video recorders made by LILIN, a Taiwanese maker of surveillance devices. Botnets are actively exploiting these issues to launch denial-of-service attacks. To read more: https://thehackernews.com/2020/03/ddos-botnets-lilin-dvr.html

 

WHO
Hackers are trying to break into the World Health Organization during the coronavirus pandemic. The number of attempted attacks against the agency has more than doubled. To read more: https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN

 

Weibo

Personal information about 538m users of the Chinese social-networking platform Weibo is currently for sale online.  To read more: https://www.zdnet.com/article/hacker-selling-data-of-538-million-weibo-users/

 

OpenWrt

A researcher disclosed a proof-of-concept exploit for a remote code-execution vulnerability affecting OpenWrt, a Linux-based operating system used in routers and residential gateways. To read more: https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html

 

Fake COVID-19 apps

Developers are taking advantage of coronavirus-related keywords in their app names and descriptions to rank higher in Google Play Store searches. Many of these apps often include ransomware and spyware. To read more: https://thehackernews.com/2020/03/coronavirus-covid-apps-android.html

 

Social Bluebook

This social-media platform, which matches advertisers with influencers, was hacked. Social Bluebook’s entire back-end database was stolen in the breach. To read more: https://techcrunch.com/2020/03/27/social-bluebook-hacked/

 

Operation poisoned news

This new hacking campaign uses a remote iOS exploit chain to drop malware through links to news stories. When a victim clicks on a malicious link, the malware payload is executed. To read more: https://thehackernews.com/2020/03/iphone-iOS-spyware.html

 

Norwegian Cruise Line

Norwegian Cruise Line learned of a data breach after researchers discovered a database belonging to the company on the dark web. The data included clear text passwords and email addresses used by agents to log into the booking portal. To read more: https://www.infosecurity-magazine.com/news/norwegian-cruise-line-suffers-data/

 

Rogers Communications

A Canadian ISP is notifying customers of a data breach that exposed their personal information. To read more: https://www.bleepingcomputer.com/news/security/rogers-data-breach-exposed-customer-info-in-unsecured-database/

 

COVID-19 test center

A medical facility on standby to test the coronavirus vaccine was hit by a ransomware group that had pledged not to attack medical facilities. To read more:https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#3b2977fd18e5

 

General Electric

America’s General Electric (GE) disclosed that personally identifiable information was exposed in a security breach by one of their service providers. The service provider, Japan’s Canon, had one of their employee email accounts breached, which gave the hackers access to GE documents. To read more: https://www.bleepingcomputer.com/news/security/tech-giant-ge-discloses-data-breach-after-service-provider-hack/

 

Chubb

This Swiss-owned cybersecurity (and other) insurance provider was the target of a data breach. The Maze ransomware group launched a cyberattack that impacted Chubb’s network. To read more: https://techcrunch.com/2020/03/26/chubb-insurance-breach-ransomware/

 

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.