Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

BlueKeep

Close to one million Windows systems are still susceptible to the wormable vulnerability called BlueKeep. Microsoft released a security patch for the vulnerability two weeks ago, but people have not patched their systems. If exploited, the flaw could potentially do more damage than WannaCry and NotPetya. To read more: https://thehackernews.com/2019/05/bluekeep-rdp-vulnerability.html

Canva

A Sydney-based startup that provides a graphic design platform called Canva was hacked last week. The hacker alerted ZDnet.com that he or she took data for 139m users and put it up for sale on the dark web. To read more: https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/

Navy SEALs

The Region Legal Service Office-Southwest at Naval Base San Diego is prosecuting two cases against the Navy SEALs. The defense team claimed that it received email from the lead prosecutor that contained “malware for the purpose of monitoring the defense.” According to IT for the defense, the tool enabled the attacker to fully access the affected system and all the files within it. To read more: https://www.businessinsider.com/navy-official-blast-government-lawyers-for-spying-on-navy-seal-lawyers-2019-5

Redtail Technology

A data breach at Redtail Technology may have exposed personal client information of advisors who use the customer relationship management software. A bug in the way that client data was captured put the information on the internet unprotected. To read more: https://www.barrons.com/articles/redtail-technologys-data-breach-51559073982?mod=RTA

Flipboard database

A popular social sharing and news aggregator service called Flipboard disclosed that its databases containing user information were hacked. The hackers had access to the systems for ten months and possibly downloaded the database containing Flipboard users’ names, usernames, and hashed passwords. To read more: https://thehackernews.com/2019/05/flipboard-data-breach-hacking.html

Nansh0u campaign

Over the past four months, 50,000 servers were infected with a cryptojacking campaign. The Nansh0u campaign targets an open-source cryptocurrency called Turtle Coin. Victims were mostly located in China, the US, and India. To read more: https://threatpost.com/50k-servers-infected-with-cryptomining-malware-in-nansh0u-campaign/145140/

Amazingco

An Elasticsearch database belonging to Australian event planning company, Amazingco, leaked more than 200,000 personal records tied to different events. The company’s platform connects customers with event planning organizers. To read more: https://threatpost.com/200k-personal-records-exposed-by-events-planning-firm/145133/

HiddenWasp

Researchers discovered Linux malware that was undetected by any of the 59 antivirus engines. How many systems the malware called HiddenWasp has infected is unclear. To read more: https://arstechnica.com/information-technology/2019/05/advanced-linux-backdoor-found-in-the-wild-escaped-av-detection/

Checkers and Rally’s restaurants

Checkers announced that malware was installed on PoS systems at several Checkers and Rally’s locations across the country. The states that reported breaches are Florida, North Carolina, New York, Kentucky, and Ohio. To read more: https://www.baynews9.com/fl/tampa/news/2019/05/30/data-breach-at-checkers-drive-in-restaurants

Realtek SDK

A security researcher found a flaw in the Realtek SDK used for RTL81xx chipsets. The vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges. Realtek has not responded to the attempts to report the vulnerability. To read more: https://www.securityweek.com/vulnerability-realtek-sdk-exposes-routers-attacks

Chinese database

Millions of records about users of dating apps were discovered in a database without password protection. The records were mostly about American users and included age, location, and account name. The database owner’s address was a subway line in China. To read more: https://www.cyberscoop.com/chinese-database-42-million-records/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Docker

A vulnerability in Docker enables an attacker to get write access to any path on the host server. The bug is due to how the software handles some symbolic links. To read more: https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system

Pyramid Hotel Group

An unsecured database belonging to Pyramid Hotel Group was discovered open on the web, effectively exposing the security logs of major hotels. The firm manages hospitality properties in the US, the Caribbean, Ireland, and the UK. To read more: https://www.zdnet.com/article/unsecured-database-exposes-security-logs-of-major-hotel-chains/

The price of loyalty

A UK infosec firm called Deep Secure published a report that illustrated how 15% of all UK employees would hand over corporate information for about $1,260. One in ten workers said they’d sell intellectual property for about $315 or less. To read more: https://thenextweb.com/security/2019/05/29/how-much-does-it-cost-to-get-an-employee-to-steal-workplace-data-about-300/

People Inc.

One of New York’s largest nonprofits announced a data breach that exposed sensitive medical information. People, Inc. reported that up to 1,000 clients’ data may have been exposed. To read more: https://www.zdnet.com/article/one-of-new-yorks-largest-nonprofits-suffers-data-breach/

German Federal Interior Minister vs. end-to-end encryption

Germany’s Federal Interior Minister wants encrypted messaging services to provide chat logs in plain text to the authorities. Services such as WhatsApp and Telegram come with end-to-end encryption, which the companies will have to break to provide backdoor access to the texts. To read more: https://thenextweb.com/world/2019/05/29/a-german-minister-wants-access-to-your-encrypted-whatsapp-and-telegram-messages/

Astra Linux

In a play similar to the Chinese government’s, Russian authorities are working to implement a plan to replace Windows OS with a locally-developed operating system called Astra Linux. The Russian Ministry of Defense cited fears that Microsoft’s “closed-source approach might hide Windows backdoors that can be abused by US intelligence to spy on government operations.” To read more: https://www.zdnet.com/article/russian-military-moves-closer-to-replacing-windows-with-astra-linux/

UpBit

Hackers attacked users of South Korean cryptocurrency exchange UpBit with a phishing exploit. The email contained a document that, if opened, would activate the malicious code. The attack is believed to come from a North Korean hacking group. To read more: https://www.coindesk.com/north-korean-hackers-target-upbits-south-korean-users

New Zealand’s Treasury office

New Zealand’s Treasury office announced that it was hacked and more than 2,000 attempts were recorded over 48 hours. Police found no evidence that any illegal activity was behind the leak, however. The treasury cloned the website ahead of releasing its budget but did not realize that anyone could enter specific search terms and reveal private information. To read more: https://www.securityweek.com/new-zealand-says-budget-leak-was-bungled-not-hacked

Theta360

Hacktivists from vpnMentor’s research team discovered that Theta360 was breached and 11m public and private photographs were exposed. Theta360 is a photo sharing platform run by RICOH, a Japanese imaging and electronics company. The breach did not expose users’ personal information but exposed usernames and many private photos. To read more: https://www.vpnmentor.com/blog/report-theta360-leak/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.