Polyverse Weekly Breach Report – Sept. 9th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Supermicro servers

Vulnerabilities exist in the baseboard management controller of Supermicro enterprise servers. Dubbed USBAnywhere, the flaw could allow someone to launch a USB attack without physically accessing a vulnerable server. To read more: https://thehackernews.com/2019/09/hacking-bmc-server.html

Metasploit module

Metasploit released a weaponized exploit for the BlueKeep Windows vulnerability. This exploit is advanced enough to achieve code execution on remote systems. To read more: https://www.zdnet.com/article/metasploit-team-releases-bluekeep-exploit/

ZAO

A new Chinese AI-based face-swapping app called ZAO was downloaded millions of times last week. The platform WeChat has restricted its use due to security concerns. To read more: https://thehackernews.com/2019/09/face-swapping-deepfake-zao.html

Intel servers

Cryptocurrency-mining malware formerly limited to ARM internet-of-things devices made the jump to Intel systems. The malware seeks to establish an SSH port 22 connection and deliver itself as a gzip archive. To read more: https://www.theregister.co.uk/2019/08/30/coinmining_malware_intel/

Option Way

The French flight-booking website Option Way experienced a data breach that exposed the personal details of customers. Researchers found over 100GB of data open to compromise. To read more: https://www.vpnmentor.com/blog/report-option-way-leak/

Android exploits

The information-security company Zerodium is offering up to $2.5m to hackers who produce Android zero-day attacks. This represents a large increase in payout for Android exploits and suggests that the demand has significantly increased. To read more: https://thehackernews.com/2019/09/android-full-chain-zero-day-exploit.html

SMS phishing attacks

Researchers found advanced phishing attacks in Android-based phones, including those by Samsung, Huawei, LG and Sony. A remote agent tricks users into accepting new phone settings that route internet traffic through a proxy controlled by the attacker. To read more: https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/

XKCD forums

The forum for the comic strip XKCD went offline after 562,000 accounts were breached. Exposed data included passwords that were both salted and hashed. To read more: https://nakedsecurity.sophos.com/2019/09/03/xkcd-forums-breached/

Yves Rocher

Yves Rocher cosmetics company is warning customers of a data breach that exposed the personal data of millions of customers. The exposure occurred when a third-party consultant left a database unprotected. To read more: https://threatpost.com/data-leak-impacts-millions/147908/

Providence Health Plan

Providence Health Plan notified 122,000 members that their personal information was exposed in a security breach at the program’s dental-plan administrator. To read more: https://www.fiercehealthcare.com/tech/providence-health-plan-notifying-122k-members-third-party-data-breach

Facebook

An unprotected server exposed the phone numbers and Facebook IDs associated with 419m records. This is the latest of many security issues that Facebook has faced since the Cambridge Analytica scandal. To read more: https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

Teletext Holidays

British travel company Teletext Holidays announced a data breach that left 212,000 customer call files unprotected on a server for three years. The files have since been removed. To read more: https://www.informationsecuritybuzz.com/expert-comments/teletext-holidays-data-breach-exposes-212000-customer-call-recordings/

Denmark rail ticket system

Denmark’s rail operator DSB announced a data breach impacting online ticketing platforms and machines at stations. To read more: https://www.thelocal.dk/20190902/denmarks-rail-ticket-system-targeted-in-digital-attack

Mastercard

A database containing information on 90,000 German Mastercard loyalty-program members was shared online. To read more: https://www.bleepingcomputer.com/news/security/data-of-90k-mastercard-priceless-specials-members-shared-online/

Flagstaff Unified School District

Classes at all Flagstaff Unified School District schools and pre-schools were canceled last Friday because of a cybersecurity incident. To read more: https://gcmaz.com/fusd-classes-cancelled-thursday-due-to-a-cyber-security-threat/

DK-Lok

A cybersecurity company revealed an open database belonging to DK-Lok, a South Korean industrial manufacturer. The database was discovered during a web-mapping project that used port scanning to find systems online lacking authentication restrictions. To read more: https://www.zdnet.com/article/dklok-data-breach-leaked-global-enterprise-client-internal-emails/

Hong Kong exchange

The head of the Hong Kong Stock Exchange announced that a series of cyberattacks blocked traders from entering orders on the exchange’s futures and derivatives trading system. Trading resumed on Friday after a bug was fixed. To read more: https://www.finextra.com/newsarticle/34352/hong-kong-exchange-suffers-cyber-attack

CircleCI

CircleCI informed clients that a third-party analytics vendor suffered a data breach exposing login information for their GitHub and Bitbucket accounts. To read more: https://www.scmagazine.com/home/security-news/data-breach/circlci-data-breach-exposed-customer-github-and-bitbucket-logins/

Wikipedia

A cyberattack took Wikipedia offline in the first successful attempt to block access to the site through smart objects connected to the internet. To read more: https://www.haaretz.com/world-news/.premium-access-to-wikipedia-blocked-after-first-of-its-kind-cyber-attack-1.7808087

Oklahoma Law Enforcement Retirement System

The Oklahoma Law Enforcement Retirement System announced that it fell victim to a cyberattack where $4.2m was stolen. To read more: https://ktul.com/news/local/42-million-stolen-from-state-police-retirement-fund-after-hack

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.