Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Immunity

Longtime US-government contractor Immunity developed an exploit for the Windows vulnerability known as BlueKeep, and included it in its penetration-testing toolkit, which is available by subscription. Some security researchers have questioned Immunity’s decision to publish the code, arguing that this may benefit bad actors. Immunity maintains that it made the right choice. To read more: https://www.vice.com/en_ca/article/wjvvvb/cybersecurity-firm-drops-code-for-the-incredibly-dangerous-windows-bluekeep-vulnerability

Fake Google domains

A hacking group known as Magecart is using fake Google domains to load a JavaScript-based credit-card skimmer with support for multiple payment gateways. The hackers use internationalized domain names to conceal traffic from the fake, malicious domains. To read more: https://www.bleepingcomputer.com/news/security/hackers-inject-multi-gateway-card-skimmer-via-fake-google-domains/

MyDoom

Fifteen years after it was created, and having caused more than $38bn of damage, the MyDoom worm is still actively being distributed. MyDoom scrapes email addresses from infected Windows computers and spreads by sending versions of itself as email attachments. To read more: https://www.zdnet.com/article/mydoom-the-15-year-old-malware-thats-still-being-used-in-phishing-attacks-in-2019/

Capital One

Capital One announced a data breach impacting 100m people in the US. A former employee of Amazon Web Services, the cloud-hosting company that Capital One was using, was arrested after illegally accessing the data through a misconfigured firewall. To read more: https://www.bloomberg.com/news/articles/2019-07-29/capital-one-data-systems-breached-by-seattle-woman-u-s-says

VxWorks

Researchers detailed a group of vulnerabilities in VxWorks, a supposedly secure operating system for continuously-functioning apparatus including medical equipment. The vulnerabilities impact around 200m devices. To read more: https://www.wired.com/story/vxworks-vulnerabilities-urgent11

iOS devices

Google researchers disclosed details of four proof-of-concept exploits that could enable remote attackers to target Apple iOS via the iMessage service. The vulnerabilities were patched with the iOS 12.4 update. To read more: https://thehackernews.com/2019/07/apple-ios-vulnerabilities.html

LAPD

A recent data breach at the Los Angeles Police Department that disclosed data on 2,500 officers, also exposed the information of 17,500 officer applicants. The information included names, email addresses and passwords. To read more: https://www.usatoday.com/story/tech/2019/07/29/lapd-officers-job-applicant-information-exposed-data-breach/1859417001/

Sephora

The retailer Sephora emailed its customers in Southeast Asia to inform them of a data breach that exposed personal information. The breach impacted clients in Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong, Australia and New Zealand. To read more: https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/

 

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Comodo

A hacker used exposed credentials to access internal files and documents owned by the security company Comodo. A security researcher discovered the credentials in a public GitHub repository owned by a software developer at Comodo. To read more: https://techcrunch.com/2019/07/27/comodo-password-access-data/

Small aircraft

The Department of Homeland Security is warning small-aircraft owners that a vulnerability in a plane’s controller area network could enable hackers to take over key navigation systems. To read more: https://thehackernews.com/2019/07/airplane-can-bus-hacking.html

OXID eShop

Researchers discovered vulnerabilities in OXID eShop e-commerce software that could enable attackers to take full control of a website remotely. A leading German e-commerce-software solution, OXID eShop is used by Mercedes, BitBurger and Edeka among others. To read more: https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html

Unsupported Windows versions

Because many Windows users fail to upgrade their devices, security concerns are increasing as the end of Windows 7 support approaches in January 2020. Even though support for Windows XP ended in 2014, one-third of organizations still have at least one Windows XP device connected to a network. Failure to upgrade exposes a large number of users to zero-day vulnerabilities. To read more: https://www.techrepublic.com/article/its-2019-and-one-third-of-businesses-still-have-active-windows-xp-deployments/

AWDL

Vulnerabilities in Apple Wireless Direct Link, which is installed on over 1.2bn products, could enable attackers to track users, crash devices or intercept files. To read more: https://www.zdnet.com/google-amp/article/apples-awdl-protocol-plagued-by-flaws-that-enable-tracking-and-mitm-attacks/

Synology

Synology, which makes network-attached storage (NAS) devices, warned customers to update security settings as hackers are targeting NAS vendors with ransomware. The hackers are using brute-force attacks to gain access on internet-connected boxes, which they then encrypt. To read more: https://nakedsecurity.sophos.com/2019/07/29/nas-vendors-hit-by-brute-force-ransomware-attacks/

Visa contactless cards

Researchers found new vulnerabilities that enable hackers to bypass the payment limits on Visa contactless cards. The flaws impact five major UK banks as well as some terminals located outside of the UK. To read more: https://www.infosecurity-magazine.com/news/flaws-allow-hacker-to-bypass-card/

Cisco

Cisco is settling a lawsuit that accused the company of selling the US government a video-surveillance system that contained security vulnerabilities. To read more: https://thehackernews.com/2019/08/cisco-surveillance-technology.html

Hexane

A new hacking group dubbed Hexane is targeting telecommunications and oil and gas companies in Africa and the Middle East. The security company Dragos discovered the group but has not released much information on its activities. To read more: https://techcrunch.com/2019/08/01/hexane-oil-gas-telecoms-hackers/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

https://upscri.be/9816bc

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.