Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Bithumb Cryptocurrency Exchange
Hackers stole $19m worth of cryptocurrency from Bithumb, a South Korean based exchange. The hackers compromised EOS and XRP wallets and transferred funds to newly created accounts. To read more: https://thehackernews.com/2019/03/bithumb-cryptocurrency-hacked.html

NSA contractor
A former NSA contractor pleaded guilty to stealing information for over two decades in what is being described as the most significant breach of classified information in US history. Harold Martin III admitted to storing documents from the late 1990s through 2016 at his home. To read more: https://www.usatoday.com/story/news/nation/2019/03/28/ex-nsa-contractor-pleads-guilty-stealing-national-defense-info/3304814002/

Devuan.org
The home page for Devuan, a fork of Debian, was hacked and redirected to a new page named pwned.html. The attackers identify themselves as “Green Hat Hackers,” and they are pushing several gopher sites. To read more: https://www.devuan.org/pwned.html

Georgia Tech
Georgia Tech confirmed a data breach that exposed the personal information of 1.3m current and former faculty members, students, and staff. The hacker accessed Georgia Tech’s web application to access the central database. To read more: https://thehackernews.com/2019/04/georgia-tech-data-breach.html

Cultura Colectiva
Cultura Colectiva, a Mexico City, based digital platform, openly stored 540m records of Facebook users including comments, reactions and account names. The records were accessible for anyone that looked. The database was closed after Bloomberg alerted Facebook to the issue. To read more: https://www.bloomberg.com/news/articles/2019-04-03/millions-of-facebook-records-found-on-amazon-cloud-servers

GHIDRA
Researchers and developers already started contributing to the NSA’s GHIDRA tool. One researcher found a JDWP debug port for all interfaces when a user launched GHIDRA in debug mode. This enabled anyone within the network to remotely execute code on the system. To read more: https://thehackernews.com/2019/03/ghidra-reverse-engineering-tool.html

MIT and Huawei/ZTE
MIT is ending funding ties with Huawei and ZTE. The move was made to vet the universities research partners better and may affect relationships with mainland China, Hong Kong, Russia, and Saudi Arabia. To read more: https://www.scmp.com/news/china/diplomacy/article/3004586/mit-cuts-funding-ties-huawei-and-zte-citing-us-investigations

Facebook and Amazon
Facebook and Amazon are pointing fingers at each other after two databases were discovered leaking Facebook data. To read more: https://threatpost.com/facebook-and-amazon-are-locked-in-a-blame-game-over-leaked-data-whos-really-to-blame/143467/

Bayer
Bayer, a German drugmaker, announced that it contained a cyberattack. The company found infectious software on its computer networks last year and finally cleared the threat from its systems last week. To read more: https://www.reuters.com/article/us-bayer-cyber/bayer-says-has-detected-contained-cyber-attack-idUSKCN1RG0NN

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Microsoft Edge and IE Browsers
A security researcher disclosed proof-of-concept exploits for two unpatched zero-days in Microsoft’s web browsers. Both vulnerabilities enable a remote attacker to bypass same-origin policy. To read more: https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html

Tesla
Researchers created a proof-of-concept exploit to trick a Tesla’s Enhanced Autopilot into detecting and then making a change out of the current lane. The exploit does not work by hacking into the onboard computing system but instead by using a sticker. To read more: https://arstechnica.com/information-technology/2019/04/researchers-trick-tesla-autopilot-into-steering-into-oncoming-traffic/

Kibana
There are more than 26,000 Kibana instances that are currently exposed on the internet. Kibana is an open source analytics and visualization platform that comes standard with Elasticsearch. Kibana does not come with any security baked in, so administrators have to configure it manually to use third-party plugins. To read more: https://thehackernews.com/2019/04/kibana-data-security.html

GPS watches
A security researcher printed the word “PWNED!” on maps of hundreds of GPS watches after the watch vendor ignored reported vulnerabilities. The researcher presented a series of vulnerabilities that impacted 20 models of GPS watches manufactured by Vidimensio. To read more: https://www.zdnet.com/article/researcher-prints-pwned-on-hundreds-of-gps-watches-maps-due-to-unfixed-api/

Facebook
Facebook was found asking newly-registered users to provide the social network with passwords to their email accounts. To read more: https://thehackernews.com/2019/04/facebook-email-password.html

Huawei laptop
Researchers found a flaw in Huawei Matebook laptops that could have been used to take over machines. The flaw appears to have been introduced in the manufacturing stage. To read more: https://www.bbc.com/news/technology-47800000

Apache web server
One of the founding members of the Apache Software Foundation posted a tweet warning users about a new flaw in Apache HTTP Server software. The bug was patched in the latest version of its software released last week. To read more: https://thehackernews.com/2019/04/apache-web-server-security.html

D-Link routers
A hacking group has been targeting D-Link home routers to change DNS server settings and hijack traffic. The attack exploits router firmware to hack into vulnerable devices and make changes to DNS configuration. To read more: https://www.zdnet.com/article/hacker-group-has-been-hijacking-dns-traffic-on-d-link-routers-for-three-months/

WordPress for iOS
The secret authentication tokens for WordPress admin accounts might have been accidentally leaked to third-party websites via the official iOS app. WordPress recently patched a severe vulnerability in its iOS application that leaked the secret tokens for users whose blogs were using images hosted on other sites. To read more: https://thehackernews.com/2019/04/wordpress-ios-security.html

Xiaomi’s MI browser and Mint browser
Anyone that uses a Xiaomi Mi or Redmi smartphone should immediately stop using the built-in MI browser or the Mint browser. A critical vulnerability was not patched even after being privately reported to the company. The flaw is a browser address bar spoofing issue that originates because of a logical flaw in the interface. To read more: https://thehackernews.com/2019/04/xiaomi-browser-vulnerability.html

Guard Provider
Researchers revealed that a security app called Guard Provider which comes pre-installed on Xiaomi devices has multiple security flaws that could enable remote hackers to compromise smartphones. As of this week, Xiaomi patched the issues. To read more: https://thehackernews.com/2019/04/xiaomi-antivirus-app.html

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.