Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Gnosticplayers — round 5
A hacker known as Gnosticplayers is claiming responsibility for hacking 44 companies. His goal was to release 65.5 million records last week. To this point he would have released 932 million records in total. Some of the hacked companies include UnderArmor and MyHeritage. To read more: https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/

Cybersecurity insurance
Both Mondelez International and Merck’s cybersecurity insurance claims were denied because the damages were deemed collateral damage in a cyberwar. These legal fights will set a precedent about who pays when businesses are hit by cyberattacks attributed to foreign governments. To read more: https://www.nytimes.com/2019/04/15/technology/cyberinsurance-notpetya-attack.html

JustDial
A database belonging to JustDial, India’s largest search service, has been leaking personal information of customers. A security researcher shared details of how a publicly accessible API endpoint can be accessed to view the profile information of around 100m users. To read more: https://thehackernews.com/2019/04/justdial-hacked-data-breach.html

Wipro
Indian IT-outsourcing company Wipro said it was investigating reports that its systems were hacked. KrebsOnSecurity, a respected cybersecurity website, revealed that Wipro’s systems were being used as starting points for digital fishing that has targeted at least a dozen Wipro customers’ systems. To read more: https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/

Facebook
Facebook released a statement saying that it “unintentionally” uploaded email contacts from 1.5m new users to its servers, without their consent or knowledge. Facebook said it was using the harvested data to “build Facebook’s web of social connections and recommend friends to add.” To read more: https://thehackernews.com/2019/04/facebook-email-database.html

Update: Facebook quietly updated the statement to reveal that Instagram users were also impacted by the breach. The company discovered additional logs of Instagram passwords being stored in a readable format. https://techcrunch.com/2019/04/18/instagram-password-leak-millions

Sea Turtle
A cyber-espionage group known as Sea Turtle used DNS hijacking to hit 40 different organizations including telecoms, internet-service providers and domain registrars. They also compromised multiple country-code top-level domains, putting all the traffic of every domain in numerous countries at risk. The main targets were governmental organizations based in the Middle East and North Africa. To read more: https://www.wired.com/story/sea-turtle-dns-hijacking/

The Weather Channel
The Weather Channel stopped its live broadcast because of a security incident that lasted for 90 minutes. The attack was caused by ransomware, but the company was able to restore functionality using a backup. To read more: https://www.bleepingcomputer.com/news/security/cyber-attack-forces-the-weather-channel-off-the-air/

Klaussner Home Furnishings
This furniture company discovered a data-security incident that exposed the health data of current and former employees. The breach affected 9,300 people after hackers gained access to a network server. To read more: https://www.govinfosecurity.com/a-furniture-maker-had-to-report-health-data-breach-a-12393

Verint
This cybersecurity firm was targeted by ransomware last week. The company acknowledged the incident, and hired FireEye’s Mandiant to help it recover from the attack. To read more: https://www.oodaloop.com/briefs/2019/04/18/cyber-security-firm-verint-hit-by-ransomware/

Rehab centers
Records of tens of thousands of patients seeking treatment at addiction rehab centers were exposed in an unsecured online database. The database had 4.9m documents including patient names and details of treatments. To read more: https://www.cnet.com/news/patient-names-treatments-leak-among-millions-of-rehab-records/

EmCare
This physician-staffing company announced a data breach that exposed the personal information of 31,000 patients. A hacker gained access to the information through employee email accounts. To read more: http://www.therepublic.com/2019/04/20/us-health-care-data-breach/

Mexican Embassy in Guatemala
A hacker stole thousands of documents from the Mexican embassy in Guatemala and posted them online. The data is no longer available for download after the cloud host pulled it offline. Most of the documents related to the inner workings of the embassy. To read more: https://techcrunch.com/2019/04/19/mexican-embassy-hack/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Land Lordz
Scammers created a software as a service offering called Land Lordz that automates the creation of fake Airbnb websites. The basic subscription plan manages 500 scam properties and interactions with up to 100 “guests” looking to book what turn out to be fraudulent listings. To read more: https://krebsonsecurity.com/2019/04/land-lordz-service-powers-airbnb-scams/

Apache Tomcat
Apache Software Foundation released a new version of Tomcat to address a security vulnerability that enables a remote attacker to execute malicious code. The vulnerability is in the Common Gateway Interface Servlet. To read more: https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html

Internet Explorer
A security researcher discovered a new flaw in Internet Explorer that enables hackers to steal Windows users’ data. The victim does not even have to open the web browser for it to be exploited. To read more: https://mashable.com/article/internet-explorer-hacker-windows-pc-exploit/#dD4oBnT0KZqn

Microsoft Edge
A researcher uncovered a flaw in Windows 10 that enables remote attackers to steal data on hard drives when a user opens a malicious file downloaded with Edge. The attack surfaced when another researcher found a flaw in Internet Explorer. To read more: https://arstechnica.com/information-technology/2019/04/unexpected-security-feature-in-microsoft-edge-could-allow-for-file-theft/

Scranos
A new malware strain called Scranos has expanded its reach to infect users all over the world. The malware is a work in progress, with components in early stages of development. Once it infects a host computer, it pings a command-and-control server for additional instructions. To read more: https://www.zdnet.com/article/scranos-rootkit-expands-operations-from-china-to-the-rest-of-the-world/

TicTocTrack
This smartwatch, which enables parents to track their children’s whereabouts, was discovered to contain multiple security issues. Hackers could also track the children’s location, spoof their location, or view personal data on the victim’s accounts. To read more: https://threatpost.com/tictoctrack-smartwatch-flaws-track-kids/143791/

Drupal
Drupal addressed vulnerabilities in Drupal Core that enabled remote attackers to compromise websites. One of the flaws was a cross-site scripting vulnerability in a pre-integrated third-party plugin called JQuery. To read more: https://thehackernews.com/2019/04/drupal-security-update.html

Bad bots
“Bad bots” are often tasked with performing DoS attacks, scraping and stealing data and publishing fake content or reviews. Around 20% of the internet’s global traffic is generated by bad bots. To read more: https://www.zdnet.com/article/bad-bots-focus-on-financial-targets-make-up-20-percent-of-web-traffic/

Windows Live Tiles
A researcher demonstrated a well-known unpatched weakness in Microsoft’s Azure cloud service by exploiting it to take over Windows Live Tiles. Live tiles were designed to display content and notifications on the Start screen. Even though the service was shut down, the company forgot to delete nameserver entries, leaving the unclaimed subdomain pointing to Azure servers. To read more: https://thehackernews.com/2019/04/subdomain-microsoft-azure.html

APT34
Someone published hacking tools belonging to APT34, one of Iran’s cyber-espionage units. Several security experts have confirmed the authenticity of the tools. To read more: https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/

Medical images
A bug in a 30-year-old standard (HIPAA) used for the exchange and storage of medical images was uncovered. An attacker can embed executable code into the image files captured by CT and MRI machines. To read more: https://threatpost.com/hipaa-protected-malware-medical-images/143890/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.