Weekly Breach Report – Jul 13th
A snapshot of last week’s
reported cybersecurity breaches and vulnerabilities
EncroChat
European and British law enforcement agencies arrested hundreds of criminals after infiltrating into the encrypted communication app EncroChat. The Hacker News: https://thehackernews.com/2020/07/encrochat-encrypted-phone.html
Clubillion
Researchers discovered a data breach on Clubillion, a casino gambling app with millions of daily active players. European Gaming: https://europeangaming.eu/portal/latest-news/2020/07/08/73747/popular-gambling-app-exposed-millions-of-users-in-massive-data-leak/
Microsoft users
A massive phishing campaign is targeting Microsoft Office 365 customers across 62 countries. The Seattle Times: https://www.seattletimes.com/business/vast-phishing-campaign-hits-microsoft-users-in-62-countries/
Hapvida
Brazilian health insurer announced it suffered a cyberattack that potentially involved customer personal information. Reuters: https://in.reuters.com/article/us-hapvida-cyber-attack/brazils-hapvida-discloses-cyber-breach-potential-client-data-leak-idINKBN2471IP
Frost & Sullivan
The business consulting firm suffered a major data breach exposing personal data. Digital Journal: http://www.digitaljournal.com/tech-and-science/technology/frost-sullivan-suffers-from-global-data-breach/article/574409
Swvl
A data breach hit a bus operator in Egypt, Kenya, and Pakistan. The Daily Swig: https://portswigger.net/daily-swig/egyptian-bus-operator-swvl-hit-by-data-breach
Tokopedia
A data breach at the Indonesian company Tokopedia exposed the personal data of 91M users. Coconuts Jakarta: https://coconuts.co/jakarta/news/private-data-of-91-million-tokopedia-users-openly-traded-online-cyber-security-firm/
Facebook took down several networks based in Brazil, Canada, Ecuador, Ukraine, and the US that violated the social network’s policy against foreign interference. CyberWire: https://thecyberwire.com/newsletters/daily-briefing/9/132
Dark Web
A new audit of the Dark Web revealed 15bn stolen logins from 100,000 breaches. Forbes:
Magellan Health
An April ransomware attack on Magellan Health impacted over 365,000 patients’ data. HealthITSecurity:
https://healthitsecurity.com/news/magellan-health-data-breach-victim-tally-reaches-365k-patients
Russian Hacker
A Russian hacker found guilty in California court for the Dropbox, LinkedIn, and Formspring breaches. ZDNet: https://www.zdnet.com/article/russian-hacker-found-guilty-for-dropbox-linkedin-and-formspring-breaches/
Dunzo
A hyperlocal Indian delivery service suffered a data breach that exposed customer emails and phone numbers. The Next Web: https://thenextweb.com/in/2020/07/11/google-backed-indian-delivery-startup-dunzo-suffers-data-breach/
C-Data
Researchers discovered possible intentional backdoors in the firmware of 29 FIber-To-The-Home Optical Line Termination devices from Chinese vendor C-Data. ZDNet: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
Citrix
Hackers are scanning the internet looking for vulnerable Citrix installations after the company patched 11 security bugs in its network perimeter products. The Register: https://www.theregister.com/2020/07/09/citrix_bugs_proof_of_concept_exploits/
KingComposer
KingComposer, creators of a popular WordPress plugin, patched the software because of a cross-site scripting vulnerability. ZDNet: https://www.zdnet.com/article/kingcomposer-wordpress-plugin-patches-xss-flaw-impacting-100000-websites/
Like the report? Sign up below and get it in your inbox.
Products
Resources
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a worldwide basis.
© 2020 Polyverse