Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Twitter
Twitter for iOS disclosed a security bug that leaked iOS users’ location data. The issue occurred during an advertising process called Real-Time Bidding, and resulted in location data being sent to an unnamed partner. The social-media company said that it has fixed the bug, but offered few details in terms of how many users were impacted and who accessed the data. To read more: https://threatpost.com/twitter-leaked-ios-users-location/144687/

Elasticsearch server
An Elasticsearch server that was left connected to the internet without any protection leaked personal information for 85% of Panama’s citizens. A security researcher discovered the server, which included names, addresses, phone numbers, dates of birth, and other information. The database was later secured by Panama’s Computer Emergency Response Team. To read more: https://www.zdnet.com/article/unsecured-server-exposes-data-for-85-percent-of-all-panama-citizens/

WhatsApp
WhatsApp released a statement regarding a security breach of its messaging service, noting that the incident had been referred to the U.S. Department of Justice. WhatsApp is encouraging people to upgrade their apps to the latest version, which it says protects against targeted exploits. To read more: https://www.reuters.com/article/us-facebook-cyber-whatsapp/whatsapp-urges-users-to-upgrade-app-after-report-of-spyware-attack-idUSKCN1SK0SM

Office of the Australian Information Commissioner
The latest report from the Office of the Australian Information Commissioner revealed that more than 10m individuals’ information was compromised in a single incident. The total population of Australia is around 25m. The report did not detail the origin of the breach. To read more: https://www.zdnet.com/article/over-10-million-people-hit-in-single-australian-data-breach-oaic/

Boost Mobile
Boost Mobile confirmed that hackers had broke into an unknown number of customer accounts. The virtual mobile network notified users of the breach two months after it occurred. To read more: https://techcrunch.com/2019/05/13/boost-mobile-hackers-accounts/

Uniqlo
The company behind multiple Japanese retail brands announced that its Uniqlo Japan and GU Japan online stores had been hacked. The hackers accessed 461,000 customer accounts using a credential-stuffing attack. To read more: https://www.bleepingcomputer.com/news/security/hackers-access-over-461-000-accounts-in-uniqlo-data-breach/

Titan Security Keys
A team of researchers discovered a vulnerability in the Bluetooth-supported version of Google’s Titan Security Keys that could not be patched. Google offered users a free replacement for devices impacted by the vulnerability. To read more: https://thehackernews.com/2019/05/google-titan-security-key.html

GozNym malware
Europol and the U.S. Department of Justice disrupted and dismantled the GozNym malware, which stole more than $100m from bank accounts. The malware was developed from two existing malware families: Nymaim, a malware dropper that infects computers through exploit kits, and Gozi, a web-injection module. The malware was first seen in 2016. To read more: https://techcrunch.com/2019/05/16/europol-doj-goznym-banking-malware

ASUS cloud
Researchers are investigating a flaw in ASUS’ update mechanism that enables the installation of malware that backdoors PCs. The malware is called Plead, and is the work of a group that targets government agencies and organizations in Asia. To read more: https://arstechnica.com/information-technology/2019/05/asus-cloud-service-abused-to-install-backdoor-on-pcs/

Stack Overflow
One of the largest question-and-answer sites for programmers revealed that a hacker had gained access to its production systems this month. The VP of Engineering at Stack Overflow says there is no evidence that the hackers accessed customer accounts or user data. To read more: https://thehackernews.com/2019/05/stack-overflow-databreach.html

Singapore Red Cross
The Red Cross of Singapore announced that its website had been hacked and that the personal data of 4,000 potential blood donors was compromised. The personal information includes names, blood types, and contact information. To read more: https://phys.org/news/2019-05-red-website-hacked-latest-singapore.html

South Korean government
The South Korean government is planning to migrate to Linux since Windows 7 only has seven more months of support. The Interior Ministry indicated that they are making the move to reduce long-term costs. To read more: https://www.techrepublic.com/article/south-korean-government-planning-linux-migration-as-windows-7-support-ends/

Ethereum
A security researcher found that a significant portion of the Ethereum cryptocurrency client software that runs on Ethereum nodes has not been patched in the wake of a critical security vulnerability that was discovered earlier this year. Only two-thirds of the nodes are currently patched. To read more: https://www.zdnet.com/article/a-large-chunk-of-ethereum-clients-remain-unpatched/

Slack for Windows
A cybersecurity company called Tenable found a vulnerability in the Slack Desktop App for Windows. Slack is a tool that many companies use for internal employee communication. The bug could enable an attacker to alter where a victim’s files are stored when the documents are downloaded in Slack. The vulnerability has since been patched. To read more: https://www.tenable.com/press-releases/tenable-research-discovered-a-download-hijack-vulnerability-in-slack

Forbes.com
Forbes.com was hit with Magecart card-skimming malware to steal customers payment-card information. Hackers injected obfuscated JavaScript into the website. This attack was linked to other ongoing supply-chain attacks. To read more: https://www.infosecurity-magazine.com/news/forbes-up-then-down-again/

TeamViewer
Chinese state-sponsored hackers are now believed to have been behind a cyberattack on German software maker TeamViewer in 2016. There is no evidence that customer data or other sensitive information was stolen. To read more: https://www.zdnet.com/article/chinese-cyberspies-breached-teamviewer-in-2016/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Thrangrycat
Researchers discovered a vulnerability in Cisco products that enables attackers to plant persistent backdoors. The vulnerability affects products that support the Trust Anchor module. To read more: https://thehackernews.com/2019/05/cisco-secure-boot-bypass.html

Zombieload attack
Researchers discovered a new class of vulnerabilities in Intel processors that enable attackers to retrieve data being processed. The new class of bugs is called Zombieload, and is a side-channel attack in the same category as Meltdown, Spectre and Foreshadow. To read more: https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/

Microsoft
Microsoft addressed 79 vulnerabilities in Windows and other products. One of the weaknesses is a wormable flaw that propagates malware from computer to computer without user interaction. To read more: https://thehackernews.com/2019/05/microsoft-security-updates.html

And for more about the wormable flaw: https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/

WordPress WP Live Chat Support
For the second time this month a patch was issued for a WordPress plugin called WP Live Chat Support. The plugin enables users to install a pop-up “chat” plugin, which first had a file-upload bug and then a cross-site scripting vulnerability. To read more: https://threatpost.com/wordpress-wp-live-chat-support-plugin-fixes-xss-flaw/144856/

Salesforce

Salesforce was forced to shut down large pieces of its infrastructure last week. The CRM company made a change to its production environment that broke access-permission settings across organizations, giving employees access to all their company’s files — and the ability to steal or tamper with them. To read more: https://www.zdnet.com/article/faulty-database-script-brings-salesforce-to-its-knees/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.