Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Web Hosting
A security researcher disclosed a dozen bugs that enable hackers to steal sensitive information and take over customer accounts from web-hosting companies. Anyone using Bluehost, Dreamhost, Hostgator, OVH and iPage are susceptible to these attacks. To read more: https://techcrunch.com/2019/01/14/web-hosting-account-hacks/

Play-with-Docker
Researchers hacked the Play-with-Docker test platform, enabling them to access and manipulate test Docker containers running on the host system. This hack does not impact Docker instances running in production. To read more: https://threatpost.com/hack-allows-escape-of-play-with-docker-containers/140831/

Amadeus
A security researcher discovered a vulnerability in Amadeus, an online flight booking system used by 141 international airlines. The vulnerability enabled hackers to access and modify travel details, andeven claim victims’ frequent flyer miles. To read more: https://thehackernews.com/2019/01/airlines-flight-hacking.html

Voipo
Voipo, a firm that provides phone services for both homes and businesses, exposed tens of gigabytes worth of customer data. A security researcher found the exposed database and alerted the company. One of Voipo’s ElasticSearch databases wasn’t protected with a password, so anyone could view real-time call logs and text messages. To read more: https://techcrunch.com/2019/01/15/another-huge-database-exposed-millions-of-call-logs-and-sms-text-messages/

Oklahoma Department of Securities
Three terabytes of data belonging to the Oklahoma Department of Securities, a US state financial regulator, were left unsecured on a storage server for at least a week. A security researcher discovered the server, which contained decades worth of confidential case files from its own and FBI investigations. To read more: https://thehackernews.com/2019/01/oklahoma-fbi-data-leak.html

Collection #1
This collection of 772m usernames and 21m passwords was put up for sale by hackers. One of the largest known illegal data dumps, the data is however at least two or three years old, and includes information from several smaller breaches. To see if your personal information is in Collection #1, check out the website Have I Been Pwned. To read more: https://www.howtogeek.com/fyi/over-1-billion-login-credentials-leaked-heres-how-to-see-if-you-were-compromised/. Also worth reading is: https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/

WPML.org
A hacker defaced the website of a popular WordPress plugin called WPML (WP MultiLingual) and sent a mass email to customers revealing the supposed existence of unpatched security issues. WPML has since rebuilt the site and informed its users that everything is now running securely. To read more: https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/

Attempted DNC breach
According to new research, Russian hackers tried to breach the Democratic National Committee after the 2018 midterms. The hackers sent spear-phishing emails that appeared to be from a trusted source. To read more: http://fortune.com/2019/01/18/russian-hackers-cozy-bear-dnc-nov-2018/

Reported Vulnerabilities

Secure Copy Protocol (SCP)
Researchers discovered 36-year-old vulnerabilities in the Secure Copy Protocol (SCP) implementation of clients applications. SCP is a network protocol that enable users to securely transfer files between a local host and a remote host using the SSH protocol. To read more: https://thehackernews.com/2019/01/scp-software-vulnerabilities.html

ThreadX
Researchers published a vulnerability that affects the firmware of a popular wi-fi chipset found in devices including laptops, smartphones and routers. The list of affected devices includes PS4, Xbox One, Samsung Chromebooks and Microsoft Surface tablets. A hacker could exploit the ThreadX firmware installed on a Marvell Avastar 88W8897 wireless chipset to execute malicious code. To read more: https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/

vCard
Security researcher John Page discovered a zero-day vulnerability in the Windows operating system that could enable a remote attacker to execute arbitrary code. The vulnerability is in the processing of a vCard file, which is a standard file format used for storing contact information supported by Outlook. To read more: https://thehackernews.com/2019/01/vcard-windows-hacking.html

Windows 10 Mobile
Microsoft is recommending that Windows 10 Mobile device users move to Android or iOS devices since the company is discontinuing support for its system in December 2019. To read more: https://www.macrumors.com/2019/01/18/microsoft-recommends-windows-mobile-users-switch-ios-android/

Fortnite
Researchers discovered multiple security flaws in Fortnite, which could have enabled remote attackers to take over player accounts. Fortnite is a massively popular online game. The bugs include a SQL injection, a cross-site scripting bug, and several others. To read more: https://thehackernews.com/2019/01/fortnite-account-hacked.html

Cryptomining malware
Researchers discovered a new malware family that uninstalls cloud security products on target systems. This malware targets Linux servers to mine cryptocurrency. To read more: https://threatpost.com/cryptomining-malware-uninstalls-cloud-security-products/140959/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.