Weekly Breach Report – January 25th 2021

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

macOS

Apple removed a feature that allowed its apps to bypass content filters, VPNs, and firewalls. The Hacker News: https://thehackernews.com/2021/01/apple-removes-macos-feature-that.html

Atlanta synagogue

An Atlanta synagogue’s website was the target of a cyberattack during its Martin Luther King Jr. Shabbat services. CNN: https://www.cnn.com/2021/01/16/us/atlanta-synagogue-warnock-cyber-attack/index.html

UPS and Norfolk Southern

A data breach of a Virginia-based occupational healthcare provider exposed the medical records of truck drivers and rail workers working for UPS and Norfolk Southern. Freight Waves: https://www.freightwaves.com/news/hackers-leak-trucker-rail-worker-medical-records

IndiGo

India’s largest airliner announced that some of its servers were hacked, and there is a possibility that hackers uploaded internal documents onto public websites. Hindustan Times: https://www.hindustantimes.com/india-news/indigo-says-its-servers-have-been-breached-in-hacking-incident/story-oMfHZiqv3OeqFUMVpt3nwK.html

FreakOut botnet

A new botnet is targeting unpatched applications running on top of Linux systems. The targets include data storage units and applications built on top of the Zend PHP Framework. ZDNet: https://www.zdnet.com/article/new-freakout-botnet-targets-linux-systems-running-unpatched-software/

Raindrop

Researchers discovered a fourth SolarWinds malware strain used in the supply chain attack. Raindrop was used in the last stages of intrusion and deployed on select targets. ZDNet: https://www.zdnet.com/article/fourth-malware-strain-discovered-in-solarwinds-incident/

Signal, FB Messenger, JiChat, Google Duo

A Google Project Zero researcher discovered a vulnerability in popular video chat apps due to a logic bug in a calling state machine. The Hacker News:https://thehackernews.com/2021/01/google-discloses-flaws-in-signal-fb.html

Malwarebytes

The cybersecurity company announced that the SolarWinds hackers breached some of its emails. Reuters: https://www.reuters.com/article/us-global-cyber-malwarebytes/malwarebytes-says-some-of-its-emails-were-breached-by-solarwinds-hackers-idUSKBN29O2CB

AKVA

Aquaculture technology group AKVA detected a ransomware attack, which led to the shutdown of critical IT systems that are not yet back up and running. Fish Farmer Magazine: https://www.fishfarmermagazine.com/news/akva-still-dealing-with-aftermath-of-cyber-attack/

Scottish Environment Protection Agency (SEPA)

A month after a ransomware attack, SEPA confirmed that hackers stole 1.2GB of data. SEPA is working to bring systems back online. ZDNet: https://www.zdnet.com/article/ongoing-ransomware-attack-leaves-systems-badly-affected-says-scottish-environment-agency/

OpenWRT

The maintainers of OpenWRT, an open-source project that provides free firmware for home routers, disclosed a security breach after a hacker accessed a forum administrator’s account. ZDNet: https://www.zdnet.com/article/openwrt-reports-data-breach-after-hacker-gained-access-to-forum-admin-account/

MrbMiner malware

Researchers linked a new crypto-mining software that is infecting thousands of Microsoft SQL Server databases to a software development company based in Iran. The Hacker News: https://thehackernews.com/2021/01/mrbminer-crypto-mining-malware-links-to.html

Bonobos

A hacker posted 70 GB of stolen Bonobos customer data on a hacker forum. The data includes names, phone numbers, and the last four digits of credit card numbers. Tom’s Guide: https://www.tomsguide.com/news/bonobos-data-breach-7-million

Intel

Intel released its Q4 earnings report early because a hacker illegally accessed earnings-related data. Dark Reading: https://www.darkreading.com/attacks-breaches/intel-confirms-unauthorized-access-of-earnings-related-data-/d/d-id/1339963

SonicWall

Hackers accessed the cybersecurity company’s internal systems after exploiting a zero-day flaw on its secure remote access products. CRN:https://www.crn.com/news/security/sonicwall-breached-via-zero-day-flaw-in-remote-access-tools

Buyucoin

A hacker leaked a stolen database belonging to the Indian cryptocurrency exchange Buyucoin. The database contained tables for user records, trade transactions, linked bank account information, and more. Bleeping Computer: https://www.bleepingcomputer.com/news/security/data-breach-at-buyucoin-crypto-exchange-leaks-user-info-trades/

Like the report? Sign up below and get it in your inbox.