Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

FBI
The US government released a report claiming that the FBI does a poor job notifying victims of cyberattacks. The notifications often arrive too late and contain insufficient information for the victims to take action. To read more: https://www.zdnet.com/article/fbi-criticized-for-delaying-breach-notifications-including-insufficient-details/

King’s College, London
King’s College in London informed some of its staff and students that accounts were compromised because of a brute-force attack on university systems. The attacks originated in China and were targeting accounts on the university’s Microsoft Office 365-hosted systems. To read more: https://www.theregister.co.uk/2019/04/10/kcl_mass_password_reset/

AeroGrow
AeroGrow, a company that makes indoor gardening systems, disclosed a data breach in which attackers stole payment-card data of customers for at least four months. AeroGrow discovered the breach in March this year. To read more: https://www.zdnet.com/article/aerogrow-discloses-data-breach-card-skimming-malware-blamed/

Mailgun
Mailgun, an email automation and delivery service, was one of many companies hacked in a coordinated attack against WordPress sites. The attacks exploited a cross-site scripting vulnerability in a WordPress plugin called Yuzo Related Posts. To read more: https://www.zdnet.com/article/mailgun-hacked-part-of-massive-attack-on-wordpress-sites/

Amazon Alexa
Amazon disclosed that its employees listen to some recordings captured by its voice-operated devices — in order, the company says, to help eliminate gaps in Alexa’s understanding of human speech. To read more: https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio

Hotel websites
According to new research from Symantec, two out of three hotel websites accidentally leak guests’ booking details to third-party sites. Compromised personal information includes names, emails, credit-card details and more. To read more: https://www.reuters.com/article/us-cyber-breach-hotels/two-out-of-three-hotels-accidentally-leak-guests-personal-data-symantec-idUSKCN1RM15A

Matrix
An organization behind an open-source project that offers a protocol for secure and decentralized communication suffered a massive cyberattack. Hackers defaced Matrix’s website and stole unencrypted private messages, password hashes, access tokens and GPG keys used to sign packages. To read more: https://thehackernews.com/2019/04/encrypted-messenger-cyberattack.html

FBI National Academy Associates
A hacker group breached several websites affiliated with the FBINAA, a nonprofit education organization for graduates of the FBI Academy, and uploaded their data to the web. The data included dozens of files containing personal information on federal agents and law-enforcement personnel. To read more: https://techcrunch.com/2019/04/12/police-data-hack/

Microsoft
Microsoft sent out breach notification emails to some Outlook account owners. The hack occurred between January and March this year, and compromised the account of a Microsoft support agent. While Microsoft disabled the compromised agent’s credentials, it’s possible that the hacker was able to access some Outlook users’ accounts. To read more: https://www.zdnet.com/article/microsoft-discloses-security-breach-impacting-some-outlook-accounts/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Verizon Fios routers
A researcher discovered three security vulnerabilities in Verizon Fios Quantum Gateway WiFi routers that could enable a remote attacker to take full control of the device. The flaws are an authenticated command injection, login replay, and password-salt-disclosure vulnerabilities. To read more: https://thehackernews.com/2019/04/verizon-wifi-router-security.html

Sophos
Researchers at Sophos set up honeypots in ten of the most popular AWS datacenter locations around the world, and connected them to the internet with common configuration errors. It took under a minute for attacks to find the honeypots and start brute-force attacks to try and log into the devices. To read more: https://www.zdnet.com/article/this-server-was-online-for-under-a-minute-before-cyber-criminals-started-to-hack-it/

Exodus malware
Researchers discovered an iOS version of the cellphone surveillance app. The spyware is distributed primarily through phishing websites that imitate Italian and Turkmenistani mobile carriers. To read more: https://thehackernews.com/2019/04/exodus-ios-malware.html

Flame malware
Researchers discovered a new version of Flame malware that was first seen in 2012. The attackers quickly went dormant, but recently a new version of the malware was found. The researchers don’t yet know what the latest version is capable of doing. To read more: https://motherboard.vice.com/en_us/article/d3maw7/researchers-uncover-new-version-of-the-infamous-flame-malware

Taj Mahal framework
A recently discovered APT framework has apparently been operating undetected for the past five years. Researchers do not currently know who is using the malware, but its primary purpose is spying. To read more: https://thehackernews.com/2019/04/apt-malware-framework.html

VPN apps
At least four virtual private network (VPN) apps have security flaws. All the apps store authentication or session cookies in a non-encrypted form. To read more: https://www.zdnet.com/article/some-enterprise-vpn-apps-store-authentication-session-cookies-insecurely/

WPA3
Researchers published a paper detailing two design flaws in WPA3. WPA3 was launched to address technical shortcomings of the WPA2 protocol, which is vulnerable to Key Reinstallation Attacks. To read more: https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html

Yellow Pencil Visual Theme Customizer
The maker of the Yellow Pencil Visual Theme Customizer, is urging users to update the WordPress plugin immediately after a software vulnerability was being actively exploited. The attackers were also behind other plugin attacks that have emerged in the past few weeks. To read more: https://threatpost.com/wordpress-yellow-pencil-plugin-exploited/143729/

VSDC
A popular multimedia-editing software was hacked and infected with a banking trojan. If you downloaded the VSDC software between February and March of this year, there is a good chance you are affected. To read more: https://thehackernews.com/2019/04/free-video-editing-malware.html

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.