Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Fiserv
A Pennsylvania credit union is suing Fiserv because of security vulnerabilities that were allegedly wreaking havoc on its customers. Fiserv, sells financial-services technology, including account- and transaction-processing systems that small financial institutions use on their websites. This is not the first credit union that has sued Fiserv because of security issues. To read more: https://krebsonsecurity.com/2019/05/credit-union-sues-fintech-giant-fiserv-over-security-claims/

Israel Defense Force
The Israel Defense Force (IDF) claimed to have neutralized a cyberattack by launching an airstrike on the building that the attack originated from. The IDF did not share any information about the cyberattack. To read more: https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html

Github
Hackers are breaking into private Github code repositories, wiping them and asking for a ransom. The hackers are also breaking into Atlassian’s BitBucket, a similar service. One security researcher estimates that around 1,000 people have been targeted. To read more: https://www.vice.com/en_us/article/vb9v33/github-bitbucket-repositories-ransomware

Dark-web marketplaces
Europol shut down two dark-web marketplaces called Wall Street Market and Silkkitie. These websites were used for trading drugs, stolen credit-card information, malicious software and other illegal goods. To read more: https://thehackernews.com/2019/05/europol-darkweb-market.html

TRON network
A security flaw was discovered in TRON, a blockchain platform, that could have been used to break its entire blockchain ecosystem. An attacker could send DDoS attacks to all or at least 51% of TRON’s super-representative nodes and render the service unusable. To read more: https://www.zdnet.com/article/tron-critical-security-flaw-could-break-the-entire-blockchain/

Buckeye
A hacking group known as Buckeye was found using some of the zero-day exploits from the NSA a full year before the Shadow Brokers group leaked them. Buckeye is known for attacking US defense and other critical organizations. The group is believed to be working on behalf of the Chinese Ministry of State Security. To read more: https://thehackernews.com/2019/05/buckeye-nsa-hacking-tools.html

Samsung SmartThings
A lab used by Samsung engineers was found to be leaking source code for several internal projects including SmartThings. The company left these projects on a GitLab instance hosted on its own domain. A security researcher discovered the exposed files, and found that one project contained credentials that allowed access to an entire AWS account. To read more: https://techcrunch.com/2019/05/08/samsung-source-code-leak/

Wyzant
This online marketplace, which connects students to private tutors suffered a data breach and exposed the personal information of its customers. A hacker gained access to one of Wyzant’s databases, leading to the breach. To read more: https://thehackernews.com/2019/05/wyzant-data-breach.html

Baltimore
The city of Baltimore, Maryland — a state with a poor record of investment in any critical infrastructure — was hit with yet another ransomware attack, forcing officials to shut down the majority of the city’s computer servers. The attack started on Tuesday and infected Baltimore’s systems with an unknown virus that spread throughout the network. To read more: https://thehackernews.com/2019/05/baltimore-ransomware-cyberattack.html

Binance
One of the largest cryptocurrency exchanges confirmed that it had lost $41m of (or 7,000) Bitcoin in a cyberattack. According to Binance, the attackers were able to breach a BTC hot wallet that contained 2% of the company’s total holdings. To read more: https://thehackernews.com/2019/05/binance-cryptocurrency-hacked.html

Wolters Kluwer
This popular Dutch tax-and-accounting software platform suffered a malware attack that took its systems offline. Wolters Kluwer provides software to all of the top 100 accounting firms in the US and 90% of major global banks. To read more: https://www.cnbc.com/2019/05/08/wolters-kluwer-accounting-giant-hit-by-malware-causing-quiet-panic.html

LandMark White
LandMark White, an Australian property consultancy, revealed that the data breach it experienced earlier this year has cost it $5–6m in revenue. The company was exposed after an AWS S3 bucket was misconfigured and the data was posted on a dark-web forum. To read more: https://www.computerworld.com.au/article/661256/landmark-white-drops-revenue-forecast-by-11-5m-after-data-breach

Ever app
A photo-storage app called Ever is using photos uploaded to its site to train the company’s facial-recognition system, which it then sells to private companies, law enforcement and the military. Without telling users, the cloud storage app pivoted from photo hosting to AI. The CEO of Ever said that “Ever AI does not share the photos or any identifying information about users with its facial recognition customers.” Nonetheless, this appears to be a clear breach of user privacy. To read more: https://www.nbcnews.com/tech/security/millions-people-uploaded-photos-ever-app-then-company-used-them-n1003371

Verizon Data Breach Investigations Report
Telco Verizon just released its 2019 Data Breach Investigations Report, which is a lengthy analysis of recent data breaches. According to the report, hackers are especially targeting “low hanging fruit.” To read more: https://www.politico.com/newsletters/morning-cybersecurity/2019/05/08/low-hanging-fruit-tops-trends-in-verizon-data-breach-report-614264

Freedom Mobile
Freedom Mobile, a Canadian wireless provide, confirmed that it was impacted by a security breach from March to April of this year. The carrier said that 15,000 customers were affected. To read more: https://business.financialpost.com/telecom/freedom-mobile-hit-by-data-breach-company-says-up-to-15000-customers-affected

Indiana Pacers
Pacers Sports & Entertainment announced a security breach where hackers had gained access to sensitive user data. The company behind the Indiana basketball team blamed the breach on a phishing campaign that successfully accessed several employee accounts. To read more: https://www.zdnet.com/article/indiana-pacers-disclose-security-breach/

MongoDB database
A MongoDB database exposing 275m records of Indian citizens was found open on the internet for more than two weeks. A security researcher discovered the database hosted on AWS using Shodan. The data exposed information such as name, gender, date of birth, professional information and more. The owner of the database is currently unknown. To read more: https://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Japanese Defense Ministry
Japan’s Defense Ministry is working with contractors to create malware that it plans to use to defend systems. To read more: https://www.zdnet.com/article/japanese-government-to-create-and-maintain-defensive-malware/

PrinterLogic
This seller of print-management software disclosed several high-severity flaws in its services. The flaws could enable unauthenticated, remote attackers to execute arbitrary code with admin privileges. To read more: https://threatpost.com/printerlogic-remote-code-execution/144383/

Microsoft Exchange
A Russian cyber-espionage group developed one of the most complex backdoors ever seen. The backdoor, called LightNeuron, works as a mail transfer agent. It integrates into the working flow of Microsoft Exchange, giving hackers full control over everything that passes through an infected mail server. To read more: https://www.zdnet.com/article/russian-cyberspies-are-using-one-hell-of-a-clever-microsoft-exchange-backdoor/

Android
Google patched four remote-code-execution flaws in Android. Three of the bugs are responsible for core apps such as the dialer, email and camera. To read more: https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/

ELECTRICFISH
A new malware variant called ELECTRICFISH was found tunneling traffic out of compromised computer systems. The Department of Homeland Security and the FBI issued a joint alert warning users of this malware. To read more: https://thehackernews.com/2019/05/north-korean-hacking-tool.html

Alpine Linux Docker images
For the last three years, the Alpine Linux Docker images distributed through Docker Hub have been using a blank password for the root account. This issue was first discovered back in 2015 and apparently patched, only to be re-discovered again this year. To read more: https://www.zdnet.com/article/alpine-linux-docker-images-ship-a-root-account-with-no-password/

Magento ecommerce CMS software
Researchers found an ongoing credit-card hacking campaign that is stealing information of customers visiting sites with Magento ecommerce software installed. The attackers injected JavaScript scripts hosted on a malicious domain into a hundred shopping websites. To read more: https://thehackernews.com/2019/05/magento-credit-card-hacking.html

Dharma ransomware
A family of ransomware known as Dharma is tricking victims into installing file-locking malware by posing as anti-virus software. The attacks start with phishing emails with messages from “Microsoft” urging users to update and verify their anti-virus by clicking on a download link. To read more: https://www.zdnet.com/article/this-ransomware-sneakily-infects-victims-by-disguising-itself-with-anti-virus-software/

UC Browser
There is an unpatched browser address bar vulnerability that exploits Chinese UC and UC Browser Mini apps for Android. UC Browser has more than half a billion users worldwide, many of them in China and India. The bug could enable an attacker to control the URL string displayed in the address bar. To read more: https://thehackernews.com/2019/05/uc-browser-url-spoofing.html

Microsoft SharePoint
Hackers are targeting Microsoft SharePoint servers to exploit a recently patched vulnerability. Security patches were released for the weakness in February, March and April of this year, but many organizations continue to be slow to implement system updates. To read more: https://www.zdnet.com/article/microsoft-sharepoint-servers-are-under-attack/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.