Weekly Breach Report – November 30th

Nov 30, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Stantinko botnet

An adware and coin-miner botnet is targeting Linux servers, masquerading as HTTPd to fly under the radar. The Hacker News: https://thehackernews.com/2020/11/stantinko-botnet-now-targeting-linux.html



VMware released temporary workarounds to address a critical vulnerability (CVE-2020-4006) that impacts VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The Hacker News: https://thehackernews.com/2020/11/critical-unpatched-vmware-flaw-affects.html



The Drupal CMS software team patched a critical vulnerability in which attackers can add a second extension to a malicious file, upload it to a site, and have the file executed. ZDNet: https://www.zdnet.com/article/drupal-sites-vulnerable-to-double-extension-attacks/



Liquid released a statement saying its domain-hosting provider, GoDaddy, incorrectly transferred control of Liquid’s account and domain to a malicious actor. Liquid: https://blog.liquid.com/security-incident-november-13-2020?=11172020



A security researcher found a way to rewrite the firmware of Tesla key fobs via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X. Wired: https://www.wired.com/story/tesla-model-x-hack-bluetooth/



Researchers discovered a significant security flaw in cPanel that enables attackers to bypass two-factor authentication for cPanel accounts. ZDNet:https://www.zdnet.com/article/2fa-bypass-discovered-in-web-hosting-software-cpanel/



A group of hackers breached Spotify’s systems and stole 350,000 account credentials in a credential-stuffing attack. Security researchers discovered the credentials in an unsecured database online. CNet: https://www.cnet.com/news/hoard-of-spotify-user-data-exposed-by-hackers-careless-security-practices/


US Fertility

This provider of IT services to numerous infertility clinics belatedly announced that a malware attack from August 2020 onwards had exposed individuals’ personal information. Herald-Mail: https://www.heraldmailmedia.com/news/state/us-fertility-provides-notice-of-data-security-incident/article_698d1d9c-ad94-5313-bdef-06c1cc290ce2.html



Hackers exploited a vulnerability in the mobile-device security solutions offered by this U.S. firm, now owned by Utah-based Ivanti, to gain access to networks in government, healthcare and other industries. Information Security Buzz: https://www.informationsecuritybuzz.com/expert-comments/mobileiron-vulnerability-used-by-state-backed-hackers-to-break-into-networks-experts-insight/


Sopra Steria

French IT-services company Sopra Steria said that the Ryuk ransomware attack that hit its network back in October would impact operating costs by €50m, due to the resulting unavailability of services and cost of remediation. Teiss: https://www.teiss.co.uk/sopra-steria-ransomware-attack-impact/



Networking-equipment vendor Belden announced that hackers had gained access to a limited number of its file servers. ZDNet: https://www.zdnet.com/article/networking-equipment-vendor-belden-discloses-data-breach/



This U.K. cybersecurity company disclosed that unauthorized personnel had gained access to customer data after using a misconfigured tool to break into the systems. Tech Radar: https://www.techradar.com/news/sophos-warns-customers-it-was-hit-by-data-breach


Banijay Group

Hackers hit this French-based multinational content production firm (whose shows include TV shows such as Masterchef and Big Brother) with DoppelPaymer ransomware, stealing sensitive employee and other commercial information. Bleeping Computer: https://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/


Baltimore County Schools

This Maryland, U.S. school district announced that its schools would be closed for students on Monday, Nov 30th, and Tuesday, Dec 1st because of a ransomware attack on its networks the previous week. CBS: https://baltimore.cbslocal.com/2020/11/28/baltimore-county-public-schools-to-close-monday-tuesday-ransomware-cyber-attack-latest/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.