Weekly Breach Report – August 10th

Aug 10, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

IoT botnets

Researchers found that hackers could deploy high-wattage IoT botnets made up of devices such as air conditioners and smart thermostats to manipulate private energy markets around the U.S. Wired: https://www.wired.com/story/hackers-iot-botnets-manipulate-energy-markets/

 

The Blacklist Alliance

A company that helps telemarketing companies avoid getting sued for violating federal laws leaked personal data on customers and the lawyers they have hired to go after telemarketers. Krebs on Security: https://krebsonsecurity.com/2020/08/robocall-legal-advocate-leaks-customer-data/

 

Email vulnerabilities

Researchers discovered 18 instances of flaws in three protocols used in email sender authentication: Sender Policy Framework; Domain Keys Identified Mail; and Domain-Based Message Authentication, Reporting and Conformance. The vulnerabilities make spear-phishing attacks even harder to detect. Wired: https://www.wired.com/story/decades-old-email-flaws-could-let-attackers-mask-identities/

 

Canon

Last week Canon suffered an outage of its photo-sharing site due to a ransomware attack. Forbes: https://www.forbes.com/sites/daveywinder/2020/08/05/has-canon-suffered-a-ransomware-attack-10tb-of-data-alleged-stolen-report/#4223af9499ec

 

UK dentists

The British Dental Association suffered a data breach that may have exposed UK dentists’ bank-account information. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/dentists-bank-details-stolen-data/

 

Lafayette, Colorado

City officials announced that hackers deployed ransomware on their computer systems, and the city opted to pay a $45,000 ransom to regain access. Beloit Daily News: https://www.beloitdailynews.com/news/national-news/colorado-city-pays-45-000-ransom-after-cyber-attack/article_125dd118-0f3c-5574-a86d-aef38d7c9db4.html

 

Zello

This push-to-talk app disclosed a data breach that potentially enabled malicious actors to access users’ email addresses and passwords. Security Boulevard:https://securityboulevard.com/2020/08/users-advised-to-reset-passwords-after-zello-data-breach/

 

CWT

This U.S. business-travel company said that its systems were up and running again following a cybersecurity breach. Reuters revealed that the company paid $4.5m in ransom. PhocusWire: https://www.phocuswire.com/CWT-cyber-attack

 

Havenly

This interior-design and decorating company confirmed that it had experienced a data breach in which 1.3m user records were stolen. Tom’s Guide:https://www.tomsguide.com/news/havenly-confirms-data-breach

 

York, Pennsylvania

A burglar breached the security system at York’s City Hall, causing significant physical damage to the city’s information-technology infrastructure He was arrested onsite. ABC27:

https://www.abc27.com/news/local/york/security-breach-on-technology-system-in-york-closes-city-hall-landlines-down/

 

Chrome extensions

Researchers discovered a group of 295 Chrome extensions hijacking and inserting ads in Google and Bing search results. ZDNet: https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/

 

PulseSecure VPN servers

A hacker published plaintext usernames, passwords and IP addresses for more than 900 PulseSecure VPN enterprise servers. ZDNet:

https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/

 

Intel

Intel is investigating a security breach after 20GB of internal documents, some marked “confidential,” were leaked online. ZDNet: https://www.zdnet.com/article/intel-investigating-breach-after-20gb-of-internal-documents-leak-online/

 

Capital One

Capital One was fined $80m for a data breach last year that exposed the personal information of more than 100m credit-card applicants. The Hacker News: https://thehackernews.com/2020/08/capital-one-data-breach.html 

 

ProctorU

A database belonging to this U.S. online academic-testing-platform company was published by the ShinyHunters hacker group, exposing the data of several Australian universities. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/online-exam-tool-suffers-data/

 

DataViper

A hacker claims to have breached backend servers and stolen 8,225 databases belonging to cybersecurity firm DataViper. Digital Journal: http://www.digitaljournal.com/tech-and-science/technology/hacker-extracts-thousands-of-databases-from-cybersecurity-firm/article/575794

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.