Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Cell-network providers

Over the past seven years, hackers have broken into more than ten cellular networks around the world, obtaining a massive number of call records. Researchers who discovered the operation found that the hackers could track the physical location of any customer on the affected networks. To read more: https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/

Eurofins ransomware

A global provider of laboratory testing services announced that its operations had returned to normal after a ransomware attack. British police had ceased working with the company, which usually performs about half of all its DNA analysis, toxicology, ballistics and forensic work. To read more: https://www.helpnetsecurity.com/2019/06/24/eurofins-ransomware-attack/

iOS devices

Security researchers uncovered an attack targeting devices running iOS version 12. Hidden in a PNG file to escape detection, the malware automatically redirects visitors to a range of advertising sites to a phishing scam. To read more: https://mediatrust.com/blog/ios-devices-compromisedagain

Verizon

Verizon caused outages at Cloudflare, Facebook, Amazon and other websites after it accepted a network misconfiguration from an ISP in Pennsylvania. For three hours web traffic was accidentally routed through a Pittsburgh steel company, which couldn’t handle the volume and black-holed traffic. To read more: https://www.theregister.co.uk/2019/06/24/verizon_bgp_misconfiguration_cloudflare/

Kubernetes

The Cloud Native Computing Foundation discovered a high-severity vulnerability in their Kubernetes application. The vulnerability is caused by an incomplete fix for another disclosed issue, and enables an attacker to overwrite files or add malicious programs. To read more: https://www.infosecurity-magazine.com/news/incomplete-fix-leads-to-new-1-1/

Dominion National

Dental- and vision-insurance provider Dominion National is notifying patients of a data breach that began nine years ago. To read more: https://www.darkreading.com/attacks-breaches/health-insurer-reports-data-breach-that-began-9-years-ago/d/d-id/1335041

Outlook

MIcrosoft released an updated version of Outlook for Android that patches a remote-code-execution vulnerability that affected more than 100m users. The bug was reported to Microsoft almost six months ago. To read more: https://thehackernews.com/2019/06/microsoft-outlook-vulnerability.html

Android Supply Chain

Google recently disclosed a supply-chain attack that resulted in malicious software being pre-installed on millions of new Android devices. The culpable vendor appears to be of Chinese origin. To read more: https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/

OmniRAT

As part of an investigation into a cyberattack, German police raided the house of a developer of OmniRAT. While OmniRAT was launched as a legitimate remote-administration tool for managing devices, some customers have used it for illegal purposes. To read more: https://thehackernews.com/2019/06/police-raid-omnirat-developer.html

Electronic Arts

Electronic Arts (EA) addressed multiple security flaws in its popular gaming platform that could have exposed sensitive customer data. When chained together, the flaws enabled attackers to hijack players’ accounts merely by convincing victims to open an official EA web page. To read more: https://thehackernews.com/2019/06/ea-origin-game-hacking.html

Silex malware

A new malware program known as Silex is targeting poorly protected IoT devices. The intention of the teen developer of the malware is purportedly to shut down the devices in order to prevent other hackers, specifically so-called “script kiddies,” from accessing them for the purpose of monetary gain. To read more: https://www.bleepingcomputer.com/news/security/new-silex-malware-trashes-iot-devices-using-default-passwords/

Social Engineered

The forum Social Engineered, which claims to be dedicated to the “Art of Human Hacking,” was itself the target of a hacker who leaked its user data and published it on a rival forum. The breach was due to a flaw in MyBB, an open-source software application used to create and run online forums. To read more: https://nakedsecurity.sophos.com/2019/06/26/social-engineering-forum-hacked-user-data-dumped-on-rival-site/

 

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Attunity

Three AWS cloud-storage buckets owned by Israel-based data-management company Attunity leaked more than a terabyte of data from top Fortune 100 customers. The information included internal business documents, system passwords and more. To read more: https://threatpost.com/leaky-amazon-s3-buckets-expose-data-of-netflix-td-bank/146084/

MedicareSupplement.com

Personal information belonging to 5m customers was compromised when an online database belonging to MedicareSupplement.com, a website that markets supplemental medical insurance, was left exposed. The breach makes website users vulnerable to fraud, including phishing. To read more: https://www.infosecurity-magazine.com/news/medicalsupplementcom-left-5m-1/

Instagram phishing

A new Instagram phishing attack lures victims with promises of “verified account” status. While Instagram does offer such a status, it is reserved for public figures, celebrities and global brands. To read more: https://threatpost.com/scammers-prey-on-instagram-vanity-and-verified-account-status/146075/

Medtronic MiniMed

The FDA is warning users of Medtronic’s MiniMed insulin pump that attackers could possibly connect to these medical devices. As far as the FDA knows, no one has yet hacked into a patient’s insulin pump and harmed them. To read more: https://www.axios.com/cybersecurity-insulin-pump-hacking-diabetes-aedcc366-b237-4e71-90be-b6f549c8ded5.html

SwiftKey

Google is warning Microsoft SwiftKey users that the virtual keyboard app will be unable to access data in Google accounts starting this July. The app asks for sweeping permissions that include viewing, managing and permanently deleting emails in Gmail. Google’s data policies require that apps request only absolutely necessary permissions, but which specific policies SwiftKey may be violating is unclear. To read more:https://www.bleepingcomputer.com/news/security/google-warns-of-microsoft-swiftkey-losing-access-to-gmail-on-july-15/

Mac malware

A new malware program called OSX/Linker was found exploiting a recently disclosed vulnerability in macOS Gatekeeper, a security system that scans and approves apps downloaded from the internet before allowing them to run. The bug enables a malicious binary downloaded from the web to bypass the scanning process. To read more: https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gatekeeper-zero-day/

PCM

Cloud-solution provider PCM was hit by a cyberattack that accessed the email and file-sharing system for some of its clients. To read more: https://krebsonsecurity.com/2019/06/breach-at-cloud-solution-provider-pcm-inc/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

https://upscri.be/9816bc

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.