Polyverse Weekly Breach Report – Sept. 23

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

iOS 13

Apple’s iOS 13 contains a vulnerability that could enable anyone to bypass lock-screen protections on iPhones. The vulnerability had not been fixed in advance of releasing the software on September 19. To read more: https://thehackernews.com/2019/09/ios-13-lockscreen-bypass.html

Ecuador

vpnMentor discovered a flaw in a server that exposed the personal data of millions of Ecuadorian citizens. The unsecured server had information on 20m people including names, birth dates and phone numbers. To read more: https://www.washingtonpost.com/world/the_americas/security-firm-data-breach-exposes-millions-of-ecuadorians/2019/09/16/c4f04904-d8ca-11e9-a1a5-162b8a9c9ca2_story.html

DealerLeads

A security researcher discovered a 413GB data breach from website dealerleads.com, which compiles information on potential car buyers, such as loan and finance inquiries and log data with IP addresses. The database contained 198m records with some sensitive information exposed in plain text. To read more: https://www.pymnts.com/news/security-and-risk/2019/data-breach-leaks-millions-car-buyers-personal-data/

Google Calendar

More than 8,000 publicly accessible Google calendars allowed anyone not only to access sensitive details, but also to add new events with malicious links. To read more: https://thehackernews.com/2019/09/google-calendar-search.html

SOHO routers

A new study discovered 125 different security vulnerabilities across 13 small-office and home-office (SOHO) routers and network-attached-storage devices. To find a list of the affected routers and to read more: https://thehackernews.com/2019/09/hacking-soho-routers.html

Online ticket fraud

Researchers uncovered an online ticket-fraud scheme primarily targeting Groupon. Criminals had been selling fraudulent tickets for three years but were ultimately exposed because they failed to password-protect their Elasticsearch cloud database containing 17m email messages and 1.2TB of data. To read more: https://nakedsecurity.sophos.com/2019/09/13/leaky-database-full-of-fake-groupon-emails-turns-out-to-belong-to-crooks/

LastPass

Developers at LastPass, a password manager, patched a vulnerability that made it possible for websites to steal credentials if users logged in using the company’s Chrome or Opera extension. Google Project Zero discovered the vulnerability last month. To read more: https://arstechnica.com/information-technology/2019/09/lastpass-fixes-bug-that-leaked-the-password-of-last-logged-in-account/

Smominru botnet

The cryptocurrency-mining botnet Smominru infects over 90,000 machines around the world each month. To read more: https://thehackernews.com/2019/09/smominru-botnet.html

Saudi Arabia

Hackers breached IT companies in Saudi Arabia in an attempt to gain access to customer records. The attackers infected hundreds of computers on compromised networks in order to collect the data they wanted. To read more: https://www.cyberscoop.com/saudi-arabia-hackers-it-providers-symantec/

Medical imaging

A research firm analyzed 2,300 medical-image archive systems and found that 24.3m records were freely accessible on the internet. Unsecured data included patient names, birth dates and medical information. To read more: https://www.helpnetsecurity.com/2019/09/18/confidential-patient-data/

Scotiabank

Canadian financial company Scotiabank has taken down GitHub repositories it inadvertently left open to the public. The repositories included software blueprints and access keys for a foreign exchange-rate system, among other sensitive information. To read more: https://www.theregister.co.uk/2019/09/18/scotiabank_code_github_leak/

GoldBrute

Researchers discovered a new botnet that is attacking Windows systems running a remote desktop protocol (RDP) connection exposed to the internet. Dubbed GoldBrute, the botnet has attacked 1.6m RDP endpoints. To read more: https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rdp-servers-all-over-the-world/

WannaCry

Two years after its initial outbreak, the WannaCry worm is still active. More than 12,000 WannaCry variants have been identified. While people with infected systems are generally no longer getting their data scrambled by the malware, they are unwittingly spreading copies of the worm. To read more: https://nakedsecurity.sophos.com/2019/09/18/wannacry-the-worm-that-just-wont-die/

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

Malindo Air

The CEO of Malaysian airline Malindo Air confirmed a data breach that exposed the information of millions of travelers. To read more: https://www.scmp.com/news/asia/southeast-asia/article/3027780/malindo-air-confirms-data-breach-exposing-millions

WeWork

A total of 658 devices including servers, computers and coffee machines were exposed on WeWork’s network. Public WiFi is a security concern anywhere but especially for shared workspace providers such as WeWork that can have dozens of companies working within a single building. To read more: https://www.cnet.com/news/weworks-weak-wi-fi-security-leaves-sensitive-documents-exposed/

Ad-blocker extensions

AdBlock and uBlock Origin were caught stuffing cookies in millions of users’ web browsers to generate affiliate income from referral schemes. Both extensions each have over 800,000 users. To read more: https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html

Chrome browser

Google released urgent software updates for Chrome to patch high-risk security vulnerabilities. In order to prevent hackers from exploiting the vulnerabilities while people are updating their browsers, Google has not released details of the issues. To read more: https://thehackernews.com/2019/09/google-chrome-update.html

Emotet

The Emotet spam botnet obtains information by raiding contact lists and email inboxes of infected computers, and then fools victims by sending correspondence with quotes from the bodies of previous email threads. To read more: https://arstechnica.com/information-technology/2019/09/worlds-most-destructive-botnet-returns-with-stolen-passwords-and-email-in-tow/

Click2Gov

Two years after hackers began breaking into local government payment portals, the attacks are still going on. Eight cities’ Click2Gov payment portals were compromised in the past month alone. To read more: https://www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/

FEMA

The Federal Emergency Management Agency notified 2.5m survivors of natural disasters that their personal information was shared with a third party. Anyone who applied for temporary housing assistance between 2008 and 2018 was impacted by the breach. To read more: https://www.wfla.com/news/local-news/fema-notifying-disaster-survivors-of-data-breach/

Thinkful

Thinkful, which provides online education for developers, confirmed that it experienced a data breach two weeks after the company was acquired by Chegg for $80m. To read more: https://www.siliconrepublic.com/enterprise/thinkful-chegg-data-breach

Animates

The website of pet store Animates was shut down after a data breach. Customers’ addresses, emails and phone numbers were compromised. To read more: https://www.newshub.co.nz/home/money/2019/09/animates-website-forced-offline-after-breach-compromises-customers-credit-cards.html

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.