Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

SyTech

Hackers breached SyTech, a contractor for the FSB, Russia’s national intelligence service. They stole information about internal projects the company was working on for the FSB, including one attempting to deanonymize Tor traffic. To read more: https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/

Instagram

A bug bounty hunter discovered a critical security vulnerability that could enable a remote attacker to reset the password for any Instagram account. To read more and watch the proof-of-concept attack: https://thehackernews.com/2019/07/hack-instagram-accounts.html

AI-based antivirus

Researchers were able to fool Cylance’s AI-based antivirus tool into believing that WannaCry and other malware was benign. To read more: https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware

Intel

Two new flaws were found in Intel solid-state drives (SSDs). One of the flaws, a high-severity vulnerability, is in the processor diagnostic tool. The second flaw, a medium-severity vulnerability, was found in older SSD firmware versions. To read more: https://www.tomshardware.com/news/intel-security-vulnerabilities-processor-diagnostic-tool-ssd,39845.html

WhatsApp and Telegram

Symantec found an exploit that could expose WhatsApp and Telegram media files to malicious actors. The flaw, called Media File Jacking, occurs in the lapse between the time when media files that are received through the apps are written to a disk and the time when they are loaded to the chat interface. To read more: https://venturebeat.com/2019/07/15/symantec-reveals-whatsapp-and-telegram-exploit-that-gives-hackers-access-to-your-personal-media/

Zhumu and RingCentral

A security vulnerability that was recently reported in Zoom for MacOS also impacts two other video-conferencing apps. Like Zoom, both Zhumu, a Chinese version of Zoom, and RingCentral, which is used by more than 350,000 businesses, install a hidden local web server that can automatically add users to a video call without permission. To read more: https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html

Bulgaria’s National Revenue Agency

The personal and financial details of a majority of the people of Bulgaria were stolen when hackers broke into 110 databases belonging to the country’s National Revenue Agency. The leak affects 5m people. To read more: https://www.computing.co.uk/ctg/news/3079036/bulgarians-personal-and-financial-data-leaked-by-hackers-in-attack-on-tax-agency

TrickBot

The creators of TrickBot malware added a new module that helped them access a database of 250m email addresses. The hackers harvested millions of addresses linked to US government agencies and employees, affecting the Departments of Justice and Homeland Security, the State Department, and many others. To read more: https://www.scmagazine.com/home/security-news/trickbot-adds-new-spam-module-harvests-250m-email-addresses/

DoppelPaymer

Researchers discovered a new ransomware strain, which they named DoppelPaymer as it shares most of its code with BitPaymer, another version of the malware. The decryption keys are priced between 2 and 100 Bitcoin, and so far three victims of the ransomware have been confirmed. To read more: https://www.bleepingcomputer.com/news/security/new-doppelpaymer-ransomware-emerges-from-bitpaymers-code/

Sprint

Sprint announced that hackers broke into customer accounts via its website. Personal information was affected, including customer names, phone numbers, device types and subscriber IDs. To read more: https://www.zdnet.com/article/sprint-says-hackers-breached-customer-accounts-via-samsung-website/

GandCrab ransomware

The FBI released the master decryption keys for multiple versions of Gandcrab ransomware. The developers behind the ransomware declared that they were shutting down after amassing $2bn in ransom payments. To read more: https://www.bleepingcomputer.com/news/security/fbi-releases-master-decryption-keys-for-gandcrab-ransomware/

REvil ransomware

The hackers behind the GandCrab ransomware recently announced that they were shutting down operations. Evidence suggests, however, that instead of retiring they may now be offering a more advanced ransomware program known as REvil. To read more: https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/

LenovoEMC

Researchers identified a high-severity vulnerability in LenovoEMC storage hardware and legacy storage appliances, after discovering 36TB of leaked data. The data included financial information and payment-card numbers. To read more: https://threatpost.com/lenovoemc-storage-leak-financial-data/146494/

EvilGnome

Security researchers found a piece of Linux spyware that no major antivirus product currently detects. The malware takes desktop screenshots, steals files and captures audio recordings. To read more: https://thehackernews.com/2019/07/linux-gnome-spyware.html

Aavgo

Hotel bookings and guest information were exposed when Aavgo, a company offering hotel management software, left a server unsecured online for three weeks. Several large hotel chains use Aavgo’s technology. To read more: https://techcrunch.com/2019/07/16/aavgo-exposed-hotel-bookings/

 

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Android accelerometer

A new attack manipulates Android’s built-in accelerometer to capture loudspeaker data. The attack is triggered when a victim takes a call on speaker mode, which causes the malicious app to record speech reverberations that the attackers can later use to reconstruct spoken language. To read more: https://thehackernews.com/2019/07/android-side-channel-attacks.html

Slack

In March 2015, hackers who gained access to Slack’s infrastructure planted code on the company’s site that captured passwords entered by users. Slack, which provides cloud-based collaboration services, recently received a batch of compromised user credentials from its bug-bounty program, and found that the credentials came primarily from accounts affected by the 2015 incident. To read more: https://www.zdnet.com/article/slack-resets-passwords-for-1-of-its-users-because-of-2015-hack/

FaceApp

The FaceApp application, which enables users to edit a person’s face to make them appear older or younger, has gone viral. Its security, however, may be shaky. To read more: https://techcrunch.com/2019/07/16/ai-photo-editor-faceapp-goes-viral-again-on-ios-raises-questions-about-photo-library-access-and-clo/

Bluetooth exploit

A new Bluetooth vulnerability can be used to spy on users despite protections that are in place on Windows 10, iOS and MacOS machines. Many Bluetooth devices will use MAC addresses to prevent long-term tracking, but it is possible to get around the randomization of these addresses to monitor a specific device. https://www.zdnet.com/article/bluetooth-vulnerability-can-be-exploited-to-track-and-id-iphone-smartwatch-microsoft-tablet-users/

Kazakhstan

The Kazakhstan government is requesting that all local internet-service providers demand that customers install government-issued root certificates on their devices. The certificates would enable the government to monitor and intercept HTTPS traffic, helping them censor content and spy on residents. To read more: https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html

iNSYNQ

The cloud hosting firm iNSYNQ is working to recover from a ransomware attack that shut down its operations, leaving customers unable to access data for days. The company, based in Washington state, provides QuickBooks accounting software and services. To read more: https://krebsonsecurity.com/2019/07/quickbooks-cloud-hosting-firm-insynq-hit-in-ransomware-attack/

LaPorte County

Officials in LaPorte County, Indiana, paid a $132,000 ransom to hackers who took over county computers. The payment was made after FBI experts were unable to unlock the county’s data. To read more: http://www.therepublic.com/2019/07/19/in-cyber-extortion-indiana-county/

Metropolitan Police Service

London’s Metropolitan Police Service was hit by hackers who posted strange messages on its website. The messages were sent from the force’s verified Twitter account due to a breach at a third-party system, MyNewsDesk. To read more: https://www.thenational.ae/world/british-police-social-media-accounts-hit-by-cyber-attack-1.888321

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

https://upscri.be/9816bc

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.