Polyverse Weekly Breach Report – Mar. 9th 2020

Mar 9, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Visser

Visser, a manufacturer of parts for space and defense contractors, announced a data breach. The likely culprit is DoppelPaymer, a new kind of file-encrypting ransomware. With the object of allowing attackers to later publish stolen data, this malware exfiltrates victims’ data before encrypting files. To read more: https://techcrunch.com/2020/03/01/visser-breach/

 

WordPress plugins

Hackers continue to exploit vulnerabilities in WordPress plugins. The attacks attempt to hijack sites before administrators apply security patches. To read more: https://www.zdnet.com/article/hackers-are-actively-exploiting-zero-days-in-several-wordpress-plugins/

 

C3UK

This provider of free WiFi at UK railway stations confirmed a data breach that exposed 146m records. To read more: https://www.bbc.com/news/technology-51682280

 

Let’s Encrypt

Non-profit certificate authority Let’s Encrypt is revoking more than 3m TLS certificates. The certificates may have been issued incorrectly because of a bug. To read more: https://thehackernews.com/2020/03/lets-encrypt-certificate-revocation.html

 

US property and demographic database

Over 200m records containing property-related information on US residents were exposed in a database on Google Cloud. The database was eventually taken offline, but not until more than a month after researchers discovered it and alerted Google’s security team. To read more: https://thehackernews.com/2020/03/us-property-records-database.html

 

Toyota, Hyundai, Kia

Researchers discovered that hackers exploit radio-enabled keys to steal vehicles. These thefts are possible because of a flaw in how Toyota, Hyundai and Kia implement an encryption system called DST80. To read more:https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/

 

Virgin Media

A data breach at Virgin Media exposed the personal details of 900,000 customers. To read more: https://thehackernews.com/2020/03/virgin-media-data-breach.html

 

PPP daemon

A 17-year-old remote code-execution vulnerability exists in PPP daemon software, which is preinstalled on Linux operating systems. To read more: https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html

 

Intel CSME

A patched vulnerability in Intel CSME is worse than previously thought. All but the latest generation of chips are vulnerable to exploitation. To read more: https://www.zdnet.com/article/intel-csme-bug-is-worse-than-previously-thought/

 

Walgreens

A bug in the mobile app of Walgreens, a large US pharmacy chain, leaked customers’ prescription data. To read more: https://threatpost.com/walgreens-mobile-app-prescription-data/153361/

 

Carnival Corp

Cruise operator Carnival Corp announced that it was targeted by cyberattacks last year. To read more: https://www.reuters.com/article/us-carnival-corp-cyber/carnival-corp-units-say-were-hit-by-cyber-attack-last-year-idUSKBN20P395

 

Zynga

A lawsuit was filed against gaming company Zynga over a data breach that exposed 173m users. The breach occurred in September 2019. To read more:https://www.infosecurity-magazine.com/news/zynga-facing-lawsuit-over-data/

 

Boots

UK-based pharmacy-chain Boots suspended payments using the Boots Advantage loyalty card after a hacker broke into customer accounts. Fewer than 150,000 users were affected. To read more: https://www.bbc.com/news/technology-51742079

 

Google Authenticator

New malware was discovered that steals 2FA codes generated by the Google Authenticator app. The malware works on Android devices and is a hybrid between a banking trojan and a remote-access trojan. To read more: https://www.zdnet.com/article/google-could-have-fixed-2fa-code-stealing-flaw-in-authenticator-app-years-ago/

 

J.Crew

Clothes retailer J.Crew reported a data breach that occurred in April 2019 and exposed customer information. To read more: https://www.retaildive.com/news/j-crew-reports-data-breach-of-customer-accounts/573543/

 

Trident Crypto Fund

A hacker published the usernames and passwords of more than 120,000 customers of this “crypto investment index fund.” To read more:https://cointelegraph.com/news/trident-crypto-fund-data-breach-266-000-passwords-stolen

 

Microsoft

Microsoft is warning users about Netwalker, a new ransomware strain that injects malicious code into Windows 10 Explorer executables. To read more: https://www.forbes.com/sites/daveywinder/2020/03/06/microsoft-warns-of-devastating-cybersecurity-threat-to-windows-users-heres-what-you-need-to-know/#4ba9dbe11af8

 

 

Like the report? Sign up below and get it in your inbox.

Products
Polymorphing - Linux
Polymorphic Build Farm - Open Source
Polyscripting
Polyscripting - WordPress
Solutions
Finance
Healthcare
Containers
DoD
DevSecOps
Embedded/IoT
HPC
Government
SUSE
Resources
Linux Weakness Report
Open Source Projects
Documentation
Resource Library
Webinars
Demos
Blogs
FAQ
Pricing
How to Buy
Partners
Free Trial
Get Demo
Company
About Us
Newsroom
Careers
Contact Us

10400 NE 4th St.
Suite 500
Bellevue, WA 98004

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

polyverse small logo

© 2020 Polyverse

Terms of Use
Zerotect Terms and Conditions