Polyverse Weekly Breach Report – Sept. 16

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Win32/Stealth Falcon

Researchers discovered a new cyberattack associated with the Stealth Falcon cyber-espionage group. Dubbed Win32/StealthFalcon, the malware exploits Windows Background Intelligent Transfer Service to communicate with and send data to a remote command-and-control server. To read more: https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html

Facebook

Facebook patched two vulnerabilities in its server application HipHop Virtual Machine (HHVM). The vulnerabilities are due to a memory overflow in the GD extension of HHVM. To read more: https://thehackernews.com/2019/09/facebook-hhvm-vulnerability.html

Exim

A remote code-execution vulnerability was discovered in Exim email server software. The vulnerability only affects Exim servers that accept TLS connections. To read more: https://thehackernews.com/2019/09/exim-email-server-vulnerability.html

PHP

Maintainers of PHP released a new version of the programming language to patch high-severity vulnerabilities in its core and bundled libraries. The most popular server-side programming language, PHP powers over 78% of the internet. To read more: https://thehackernews.com/2019/09/php-programming-language.html

Lilocked ransomware

Thousands of web servers were infected by new ransomware called Lilocked. The ransomware apparently targets only Linux-based systems. To read more: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/

Intel chips

Researchers announced that attackers can abuse Data-Direct I/OP (DDIO) in Intel chips to obtain keystrokes and other types of data. The most serious attacks could take place in data centers that have both DDIO and remote direct-memory access enabled to allow servers to exchange data. To read more: https://arstechnica.com/information-technology/2019/09/weakness-in-intel-chips-lets-researchers-steal-encrypted-ssh-keystrokes/

BEC scammers

The FBI arrested 281 suspects from around the world in an operation to disrupt business email-compromise scams involving email purportedly coming from a Nigerian prince or other individual in need of assistance. The operation resulted in the seizure of $3.7m and a recovery of nearly $14m in fraudulent wire transfers. To read more: https://thehackernews.com/2019/09/nigerian-bec-scams-arrested.html

Telestar Digital GmbH

Critical vulnerabilities were discovered in Telestar Digital GmbH internet-of-things radio devices. The products are based on BusyBox Linux Debian and have undocumented Telnet service on port 23, which can be addressed externally. To read more: https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/

US power grid

Researchers released new information on a cybersecurity incident that impacted a US power-grid company earlier this year. Hackers caused firewalls to reboot for ten hours exploiting a known firewall vulnerability. To read more: https://www.zdnet.com/article/cyber-security-incident-at-us-power-grid-entity-linked-to-unpatched-firewalls/

World of Warcraft Classic

Many World-of-Warcraft-Classic players were unable to log in online due to an ongoing DDoS attack. Blizzard, the company that operates the game, is working to fix the problem. To read more: https://gamerant.com/world-of-warcraft-classic-ddos-attacks/

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

US healthcare

Last month, 44 healthcare breaches exposed over 700,000 individuals’ data. Two of the breaches, which were reported to the Office of Civil Rights, each impacted more than 100,000 people. To read more: https://www.modernhealthcare.com/cybersecurity/august-reported-healthcare-breaches-exposed-700000-peoples-data

SIM card flaw

Researchers revealed a new vulnerability in SIM cards that could enable remote attackers to compromise targeted mobile phones by sending an SMS. The vulnerability is in the SIMalliance Toolbox Browser, which is designed to let mobile carriers provide customers with services over the air. To read more: https://thehackernews.com/2019/09/simjacker-mobile-hacking.html

Period-tracking apps

A new report from UK-based Privacy International illustrates how popular apps used by millions of women to track their periods share private health information with Facebook. Data is transferred to Facebook as soon as the apps are opened regardless of whether the user has a Facebook account. To read more: https://thehackernews.com/2019/09/facebook-period-tracker-privacy.html

Secret Service

The US Secret Service is investigating a breach where access to a government contractor’s systems was put up for sale on the dark web. The contractor claims the systems were old and have no direct connections to its government partner network. To read more: https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/

Ryuk-like malware

New malware tied to the Ryuk Ransomware was discovered trying to steal confidential financial, military and law enforcement files. The malware scans the files on an infected computer and looks for Word and Excel files to steal. To read more: https://www.bleepingcomputer.com/news/security/ryuk-related-malware-steals-confidential-military-financial-files/

Routers

Five new vulnerabilities were discovered in Comba Telecom WiFi devices and D-Link DSL modems. The vulnerabilities all involve insecure credential storage, including some where cleartext credentials are available to any user with network access to the device. To read more: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-vulnerabilities-in-comba-and-d-link-routers/

Zynga

US mobile game publisher Zynga announced that a data breach impacted some players’ account information. The breach affected the games Draw Something and Words With Friends. Hackers appear not to have accessed any financial information. To read more: https://www.pocketgamer.biz/news/71597/zynga-hacked-words-with-friends-draw-something/

Monster.com

Employment search site Monster.com was the source of thousands of exposed resumes discovered in a third-party data breach. Monster.com believes it has no responsibility to notify end users because a business partner, not the company itself, was breached. To read more: https://www.cpomagazine.com/cyber-security/how-much-responsibility-should-monster-com-take-for-third-party-data-breach/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.