Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Privacy Survey
According to a new survey from IBM’s Institute for Business Value, consumers are more concerned than ever about how companies use their data. Despite that, only 45% of people updated their privacy settings in response to companies losing or misusing their personal data. To read more: http://fortune.com/2019/02/25/consumers-data-privacy/

Coinomi
Coinomi’s wallet app sent user recovery pass-phrases to Google’s spell-checking service in clear text, effectively exposing users’ accounts. A programmer brought the issue to light after 90% of his funds mysteriously disappeared. To read more: https://www.zdnet.com/article/cryptocurrency-wallet-caught-sending-user-passwords-to-googles-spellchecker/

Bank of Valletta
Malta’s Bank of Valletta experienced a cyberattack in mid-February that is still causing problems. While the bank’s ATMs, internet banking and mobile banking are now working again, its website remains offline. To read more: https://www.bankingtech.com/2019/02/cyberattack-keeps-bank-of-valletta-off-grid/

Coinhive
This in-browser cryptocurrency-mining service will discontinue its services on March 8th. Hackers utilize Coinhive to make hundreds of thousands of dollars by exploiting hacked computers. Coinhive claims the site is shutting down because mining Monero via internet browsers is no longer “economically viable.” To read more: https://thehackernews.com/2019/02/cryptocurrency-mining-coinhive.html

New Jersey Borough
A cyberattack on Palisades Park New Jersey drained almost half a million dollars from its accounts at Mariner’s Bank. It is believed that the theft happened because of an attack on the borough’s computer systems, not a bank-related breach. To read more: https://www.northjersey.com/story/news/bergen/palisades-park/2019/02/28/palisades-park-nj-recovers-200-k-after-cyber-attack/3004517002/

Dow Jones
A watchlist of 2.4m individuals and corporate entities owned by Dow Jones was exposed after a third-party company left an Elasticsearch database open without a password. To read more: https://www.informationsecuritybuzz.com/expert-comments/dow-jones-loses-proprietary-info-in-massive-data-leak/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

4G and 5G
Researchers found three security flaws in 4G and 5G that could be used to intercept phone calls and track phone locations. All four major US operators are affected by the first vulnerability, known as Torpedo. An attack can be carried out with less than $200 worth of radio equipment. To read more: https://techcrunch.com/2019/02/24/new-4g-5g-security-flaws/

SHAREit
Security researchers found two severe vulnerabilities in the SHAREit Android app that enables attackers to bypass device authentication and steal files. More than 500m people use the SHAREit app. The bugs were fixed in March 2018 but not disclosed until last week. To read more: https://thehackernews.com/2019/02/shareit-android-hacking.html

Elasticsearch 1.4.2
Hackers are targeting Elasticsearch clusters using old vulnerabilities to plant malware. The attackers are targeting clusters using versions 1.4.2 and lower. Version 1.4.2 was first released in December 2014. To read more: https://www.theregister.co.uk/2019/02/27/elasticsearch_malware_cisco_talos/

Direct memory access (DMA) attacks
Security researchers discovered a new class of vulnerabilities that impact all major operating systems and bypass protections introduced to defend against DMA attacks. DMA attacks enable an attacker to compromise a system by plugging in a malicious hotplug device such as a mouse or printer. The researchers published the vulnerabilities in a paper earlier last week. To read more: https://thehackernews.com/2019/02/thunderbolt-peripheral-dma-attacks.html

Qbot malware
A research team from Varonis, a cybersecurity firm, discovered a cyberattack campaign that is leveraging a new strain of the Qbot banking malware. Thousands of victims across the world were compromised. To read more: https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-qbot/

Comcast
Comcast made a poor security decision when it launched its Xfinity Mobile. To port a phone line from Comcast to another wireless carrier a customer must know their account number and pin. Comcast reportedly set the pin to 0000 for every customer with no apparent way to change it. To read more: https://arstechnica.com/information-technology/2019/03/a-comcast-security-flub-helped-attackers-steal-mobile-phone-numbers/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.