Weekly Breach Report – Jun 22nd

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Ripple20

This set of vulnerabilities in a low-level TCP/IP software library could enable remote attackers to take control of targeted devices. The Hacker News: https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html 

Oracle E-Business Suite

About half of Oracle EBS customers have not applied critical security patches to eliminate two critical vulnerabilities. The Hacker News: https://thehackernews.com/2020/06/oracle-e-business-suite.html   

Avon

Parts of the British website of U.S. cosmetics company Avon went offline for more than a week after a ransomware attack on its IT systems. ComputerWeekly:https://www.computerweekly.com/news/252484804/Cosmetics-company-Avon-offline-after-cyber-attack

Claire’s

Hackers breached the website of fashion-accessory company Claire’s, along with one of its subsidiaries. Digital Journal: http://www.digitaljournal.com/tech-and-science/technology/claire-s-magecart-hit-by-serious-cyber-attack/article/573339

Foodora

Food delivery company Foodora experienced a data breach that exposed the data of 727,000 customers in 14 countries. CISOMag: https://www.cisomag.com/foodora-data-breach/

Wiggle

Online sports company Wiggle is investigating a possible cyberattack after receiving customer complaints that someone ordered items without their consent. Infosecurity: https://www.infosecurity-magazine.com/news/wiggle-investigates-cyberattack/

PostBank

South Africa’s Postbank is replacing 12m bank cards after an employee stole the 36-digit master key. Security Boulevard: https://securityboulevard.com/2020/06/south-africas-postbank-is-replacing-12-million-bank-cards-after-major-security-breach/

2016 CIA leak

According to an internal report, the theft of top-secret hacking tools from the CIA in 2016 was the result of a workplace culture where hackers “prioritized building cyber weapons at the expense of securing their systems.” The Washington Post: https://www.washingtonpost.com/national-security/elite-cia-unit-that-developed-hacking-tools-failed-to-secure-its-own-systems-allowing-massive-leak-an-internal-report-found/2020/06/15/502e3456-ae9d-11ea-8f56-63f38c990077_story.html

Industrial control systems

Researchers discovered four new zero-day attacks aimed at these mostly old and highly insecure systems after hackers deployed them against honeypot systems they had created. ZDNet: https://www.zdnet.com/article/security-four-zero-day-attacks-spotted-in-attacks-against-honeypot-systems/

MaxLinear

U.S. chipmaker MaxLinear disclosed that a “Maze” ransomware attack exposed certain proprietary information. Light Reading: https://www.lightreading.com/security/maxlinear-hit-by-maze-ransomware-attack-/d/d-id/761775

Amazon Web Services

Last week Amazon Web Services (AWS) announced that it had stopped one of the largest DDoS attacks in history. BBC: https://www.bbc.com/news/technology-53093611

Encrochat

This encrypted phone network says it is shutting down after police found that customers included hitmen and drug gangs across Europe. Vice: https://www.vice.com/en_us/article/5dz9qx/encrochat-hacked-shutting-down-encrypted-phone

Like the report? Sign up below and get it in your inbox.