Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

SWAPGSAttack

Researchers discovered a vulnerability that impacts every Windows computer using an Intel processor made since 2012. Building on previous work on CPU vulnerabilities including Spectre and Meltdown, the researchers identified a side-channel attack that exploits the privileged instruction SWAPGS. Dubbed SWAPGSAttack, the vulnerability bypasses protections implemented to defend against Spectre and Meltdown. To read more: https://www.zdnet.com/article/new-windows-hack-warning-patch-intel-systems-now-to-block-swapgsattack-exploits/

Poshmark

This online marketplace announced that hackers had accessed its servers. Besides stealing personal information, the hackers also took hashed passwords. To read more: https://www.komando.com/happening-now/585629/hackers-target-clothing-resale-site-poshmark

StockX

According to information that the online publisher TechCrunch received from a data-breach seller, a hacker stole 6.8m customer records from StockX, an e-commerce platform for sneakers and other fashion. The seller put the data, which was apparently stolen in May, up for sale on the dark web for $300. Instead of informing its customers of the breach, StockX sent them a password reset email citing “system updates.” To read more: https://techcrunch.com/2019/08/03/stockx-hacked-millions-records/

WPA3

Researchers have discovered several vulnerabilities, collectively referred to as Dragonblood, in the WiFi Protected Access 3 (WPA3) security standard, which launched early last year. Most recently, researchers found weaknesses that enable an attacker to recover WiFi passwords by abusing timing and cache-based side-channel leaks. To read more: https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html

GermanWiper

Researchers in Germany are warning people of GermanWiper, new malware that demands ransom from victims after erasing the data on their machines. Although called ransomware, GermanWiper does not encrypt files but overwrites them with zeroes and ones. To read more: https://www.computing.co.uk/ctg/news/3080040/germanwiper-ransomware-erases-data

E3 website

A YouTube content creator found a spreadsheet with the names and addresses of 2,000 journalists and content creators on the website for the Electronic Entertainment Expo, a major trade show for computer and video-game products. To read more: https://threatpost.com/e3-website-leaks-private-addresses-for-thousands-of-journalists/146965/

Azure exploits

Microsoft is offering rewards of up to $300,000 for successful exploits of its Azure cloud platform. The company has launched a dedicated Azure environment where security researchers can test attacks without impacting customers. To read more: https://threatpost.com/microsoft-lab-300k-working-azure-exploits/146938/

Monzo

The UK-based mobile-only bank Monzo admitted to storing payment-card PINs inside internal logs. Monzo is notifying impacted customers and urging them to change their PINs. To read more: https://www.zdnet.com/article/monzo-admits-to-storing-payment-card-pins-in-internal-logs/

Chile

Voter information for 80% of Chile’s population was left exposed in an Elasticsearch database. The database contained names, home addresses, gender, age and tax ID numbers. To read more: https://www.zdnet.com/article/voter-records-for-80-of-chiles-population-left-exposed-online/

IoT devices

Hackers working for the Russian government are using internet-of-things devices to break into computer networks. Researchers from Microsoft discovered the attacks when a phone, a printer and a video decoder were observed communicating with servers belonging to the Russian hacking group Fancy Bear. To read more: https://arstechnica.com/information-technology/2019/08/microsoft-catches-russian-state-hackers-using-iot-devices-to-breach-networks/

Qualcomm chips

Researchers discovered new vulnerabilities in Qualcomm chipsets that enable hackers to remotely compromise Android devices. To read more: https://thehackernews.com/2019/08/android-qualcomm-vulnerability.html

AT&T

The Department of Justice charged two AT&T employees with taking bribes to unlock smartphones and install malware on the company’s network. The scheme lasted from April 2012 to September 2017. To read more: https://www.zdnet.com/article/at-t-employees-took-bribes-to-plant-malware-on-the-companys-network/

Electronic locks

A researcher discovered a way to open high-security electronic locks such as those used in automated teller machines. DormaKaba Holding, the Swiss company that distributes the locks, was alerted to the vulnerability. To read more: https://www.reuters.com/article/us-locks-cyber-exclusive/exclusive-high-security-locks-for-government-and-banks-hacked-by-researcher-idUSKCN1UW26Z?il=0

 

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Venezuelan military

A cyber-espionage group called Machete has stolen sensitive files from the Venezuelan military. Researchers found at least 50 infected computers contacting Machete command-and-control servers. To read more: https://www.zdnet.com/article/a-cyber-espionage-group-has-been-stealing-files-from-the-venezuelan-military/

Binance KYC

A hacker claims to have broken into know-your-customer data at Binance, a Malta-based cryptocurrency exchange. The attacker is threatening to release information on 10,000 users unless the exchange pays 300 Bitcoin, which is equal to $3.5m. To read more: https://thehackernews.com/2019/08/binance-kyc-data-leak.html

KDE Linux

A researcher disclosed an unpatched zero-day vulnerability in the KDE software framework that could enable malicious files to run arbitrary code on a computer without requiring that the victim first open them. To read more: https://thehackernews.com/2019/08/kde-desktop-linux-vulnerability.html

LeapFrog

Researchers disclosed several vulnerabilities in LeapFrog learning tablets for children. The flaws could enable hackers to track devices and send messages to minors. To read more: https://threatpost.com/black-hat-leapfrog-tablet-flaws-let-attackers-track-message-kids/146822/

US utilities

Employees of three utility companies received email, supposedly from the National Council of Examiners for Engineering and Surveying, claiming that the recipients had failed to pass a recent exam. Malicious macros were embedded in an attached Word document, which installed malware targeting each employee’s utility company. To read more: https://arstechnica.com/information-technology/2019/08/new-advanced-malware-possibly-nation-sponsored-is-targeting-us-utilities/

Twitter

Since disclosing one bug in May, Twitter has admitted to additional bugs that result in improper sharing of user data with advertisers. One such problem concerns data used to track ad conversions, which Twitter divulged regardless of whether users had agreed to share their personal information. To read more: https://techcrunch.com/2019/08/07/twitter-fesses-up-to-more-adtech-leaks/

APT41

Chinese hackers are using the tools that they employ in state-sponsored campaigns also to target victims for personal financial gain. The hackers are mainly attacking the video-game industry and cryptocurrencies. To read more: https://www.forbes.com/sites/zakdoffman/2019/08/07/chinese-state-hackers-attack-video-games-and-cryptocurrencies-for-after-hours-personal-gain/#399a4e352eb2

Clipsa

A new malware strain called Clipsa targets cryptocurrencies, but is unusual in that it also launches brute-force attacks against WordPress websites. Given that the primary focus of Clipsa is cryptocurrency — hijacking payments, scanning database files for wallet apps and searching for TXT files that may reveal Bitcoin passwords — the purpose of the WordPress attacks is likely to steal data.To read more: https://www.zdnet.com/article/new-windows-malware-can-also-brute-force-wordpress-websites/

Boeing

A security researcher discovered a server on Boeing’s network that was not only unprotected but also contained code that, according to the researcher, poses a security risk. Vulnerabilities allegedly exist inside the so-called Crew Information Service/Maintenance System, which is responsible for maintenance systems and navigation documents used by pilots. Boeing rejects the researcher’s discovery and denies that an attack exploiting the claimed vulnerabilities is possible. To read more: https://www.wired.com/story/boeing-787-code-leak-security-flaws/?verso=true

CafePress

An attack on t-shirt creation site CafePress impacted data on 23m users. Breached records include names, addresses and phone numbers. To read more: https://lifehacker.com/cafepress-data-breach-shows-why-you-should-use-have-i-b-1836996930

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

https://upscri.be/9816bc

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.