Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Quora
A popular question-and-answer website was hacked, giving cybercriminals unauthorized access to the sensitive personal information of 100 million users. This number is almost half of Quora’s entire user base. Read more: https://thehackernews.com/2018/12/quora-hack.html

1–800-Flowers
Payment card data from 1–800-Flowers was stolen in a data breach that persisted for four years. The impacted data consists of basic card information like names, payment card numbers, expiration dates and security codes. Read more: https://threatpost.com/1-800-flowers-becomes-latest-payment-breach-victim/139619/

GOP Campaign Committee
The National Republican Congressional Committee was hacked during the latest election cycle. The breach included thousands of emails from senior aides. Read more: https://talkingpointsmemo.com/dc/report-house-gop-campaign-committees-emails-were-hacked

SKY Brasil
Data belonging to 32 million SKY Brasil customers was exposed on the internet. A researcher discovered multiple servers in Brazil running Elasticsearch that made the personally identifiable information of customers available without authentication. Read more: https://www.bleepingcomputer.com/news/security/sky-brasil-exposes-32-million-customer-records/

Signet Jewelers
The parent company of Jared and Kay Jewelers fixed a vulnerability in both companies’ websites that exposed customer information. A customer discovered that if he slightly modified the link in his confirmation email and then pasted it into a browser, another customer’s order was revealed. Read more: https://krebsonsecurity.com/2018/12/jared-kay-jewelers-parent-fixes-data-leak/

BeatStars
A marketplace for selling music production beats disclosed a security breach. Not only was its website defaced, but the attacker tried to mass delete and alter the site’s database. Read more: https://www.zdnet.com/article/beatstars-discloses-security-breach-in-twitter-live-stream/

Christie Digital
The projection technology and digital display systems creator experienced a “worldwide” cyberattack that halted production. According to Christie Digital, the attack was a network server issue involving malware. Read more: https://www.therecord.com/news-story/9071042-cyber-attack-batters-christie-digital/

Linux.org
A hacker was able to access the registrar account for Linux.org’s domain and then point the DNS to another server. In place of the original site, Linux.org pointed to a page exclaiming “G3T 0WNED L1NUX N3RDZ,” and included a NSFW picture and abusive language. Read more: https://www.linux.org/threads/linux-org-dns-hijack-incident.21073/

Printers
A hacker exploited 50,000 internet-connected printers to send fliers asking people to subscribe to PewDiePie’s YouTube channel. The hacker found a list of vulnerable printers with port 9100 open and then exploited them. Read more: https://thehackernews.com/2018/11/pewdiepie-printer-hack.html

Reported Vulnerabilities

Ransomware
New ransomware has already infected more than 100,000 computers across China. Unlike most ransomware, the virus does not demand Bitcoin as payment but instead asks victims to pay Yuan through WeChat Pay. Read more: https://thehackernews.com/2018/12/china-ransomware-wechat.html

Kubernetes
A critical privilege-escalation vulnerability was discovered in Kubernetes. This is one of the first serious problems found in Kubernetes with a CVSS score of 9.8. If unpatched, a hacker could exploit the bug and gain access to cloud infrastructure and carry out any number of issues like installing malware or sabotaging production workloads. Read more: https://threatpost.com/kubernetes-flaw-is-a-huge-deal-lays-open-cloud-deployments/139636/

Adobe Flash
Researchers discovered a new zero-day vulnerability in Adobe Flash that hackers are actively exploiting in the wild. The vulnerability, CVE-2018–15982, is a use-after-free flaw that allows an attacker to execute arbitrary code. Read more: https://thehackernews.com/2018/12/flash-player-vulnerability.html

WordPress
WordPress sites are being attacked by a botnet of infected WordPress websites. The infected sites were first exploited by a brute-force password attack through a Russian proxy provider, which targeted an API. To read more: https://threatpost.com/infected-wordpress-sites-are-attacking-other-wordpress-sites/139666/

Linux malware
A cybersecurity company called ESET released a report detailing 21 new Linux malware families. The malware families are all trojanized versions of the OpenSSH client. Read more: https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/

PolicyKit (aka polkit)
A vulnerability in Linux’s PolicyKit allows any low-privileged user account to execute any systemctl command. PolicyKit is an application-level toolkit that defines policies and handles system-wide privileges. The issue impacts most popular Linux distributions, including Red Hat, Debian, Ubuntu and CentOS. Read more: https://thehackernews.com/2018/12/linux-user-privilege-policykit.html

Chrome extension: Auto Font Manager
A nation-state-backed hacking group used a Google Chrome extension to infect victims and steal passwords and cookies from browsers in the academic sector. The hackers used spear-phishing emails to get people to install a Chrome extension named Auto Font Manager. Read more: https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/

SplitSpectre
Researchers from Northeastern University and IBM Research discovered a new variation of Spectre that can be exploited via browser-based code. A SplitSpectre attack is much easier to execute than the original Spectre attack. However, existing Spectre mitigations would thwart any SplitSpectre attacks. Read more: https://www.zdnet.com/article/researchers-discover-splitspectre-a-new-spectre-like-cpu-attack/

Want to learn more?

Sign up below and receive these reports and more directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.