Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

NSA tools
The NSA is planning to release its GHIDRA reverse-engineering tool for free. GHIDRA is a Java-based framework that runs on various platforms, including Windows, MacOS and Linux. To read more: https://thehackernews.com/2019/01/ghidra-reverse-engineering-tool.html

Early Warning Network: Australia
Hackers were able to send spam messages to subscribers of Australia’s Early Warning Network, a large-scale emergency-warning system. The hackers used stolen credentials to log into the system and send the messages. To read more: https://threatpost.com/hack-early-warning-network-spam/140618/

Zerodium
An exploit vendor known as Zerodium is offering to pay $2m for remote iOS jailbreaks and $1m for exploits targeting secure-messaging apps. The highest previous payout was $1.5m for an iOS jailbreak that could be executed remotely. To read more: https://thehackernews.com/2019/01/zero-day-exploit-market.html

Town of Salem
A few weeks ago a popular browser game called Town of Salem had a data breach that exposed 7.6 million hashed passwords. Since then over 27% of the passwords have been cracked. BlankMediaGames, which created the game, found and removed three different PHP files from its web server that enabled the hackers to have a backdoor and exploit the system. To read more: https://www.bleepingcomputer.com/news/security/27-percent-of-passwords-from-town-of-salem-breach-already-cracked/

Ethereum Classic
Coinbase has suspended all Ethereum Classic transactions on its trading platform after detecting an attack that enabled a hacker to spend the same digital coins twice. This attack lost $1.1 million worth of Ethereum Classic currency. To read more: https://thehackernews.com/2019/01/ethereum-double-spend-attack.html

BenefitMall
Centerstone Insurance and Financial Services, which does business as BenefitMall, announced that it had experienced a data breach that may have impacted some of its customers. The company said that an email phishing attack exposed employee login credentials. To read more: https://www.insurancebusinessmag.com/us/news/cyber/benefitmall-announces-data-breach-121182.aspx

Humana
Humana, an American health-insurance company, recently notified members that their information may have been (read: probably was) accessed in a cyberattack that occurred in May 2018 — at least seven months ago. To read more: https://www.beckershospitalreview.com/payer-issues/humana-notifies-members-of-2018-security-breach.html

DiscountMugs.com
Hackers broke into DiscountMugs.com’s website using malicious code to steal customers’ credit cards and other personal information. The breach occurred from August 5th to November 16th, 2018 — again, months ago. To read more: https://www.asicentral.com/news/newsletters/promogram/january-2019/discountmugscom-acknowledges-data-breach/

Chinese resumes
Researchers found a database online containing records of more than 202 million Chinese citizens that was accessible to anyone without authentication. An unnamed American company was hosting the database in a MongoDB instance. The database is apparently now secured. To read more: https://thehackernews.com/2019/01/mongodb-chinese-database.html

OXO International
OXO International disclosed a data breach that may have exposed customer information over two years. The company is a manufacturer of homeware, office supplies and kitchen utensils. To read more: https://www.zdnet.com/article/oxo-international-discloses-data-breach-customer-data-over-two-years-impacted/

PyLocky Ransomware
A security researcher from Cisco’s Talos cyber-unit released a free decryption tool that makes it possible for infected victims to unlock their files without paying a ransom. The limitation is that to recover the data successfully, the victim must have captured the initial network traffic between the ransomware and its command-and-control server. To read more: https://thehackernews.com/2019/01/pylocky-free-ransomware-decryption.html

Mondelez
This US food distributor, which was hit by the NotPetya ransomware, is suing its insurance company for refusing to pay out on a claim for damages caused by the hack. To read more: https://www.itpro.co.uk/security/32708/notpetya-victim-sues-its-insurance-company

Amazon
Sellers on Amazon India encountered a bug in the website where they could access the Merchant Tax Reports of other sellers besides their own. Amazon has since fixed the issue and claims that only 400,000 sellers were hit by the breach. To read more: https://www.thenewsminute.com/article/data-breach-amazon-india-exposes-financial-data-nearly-400k-sellers-94844

Reported Vulnerabilities

Skype
A bug in Skype could have enabled hackers to bypass authentication and access personal data on an Android device by answering a Skype call to that device. To read more: https://threatpost.com/skype-glitch-allowed-android-authentication-bypass/140586/

Google
Google removed 85 apps from the Play Store after discovering that they were pushing adware to users. The apps push full-screen ads at regular intervals onto user devices without consent. To read more: https://thehackernews.com/2019/01/android-adware-malware.html

Alcatel phones
A pre-installed weather app on Alcatel smartphones contained malware that subscribed device owners to premium phone numbers without their knowledge. To read more: https://www.zdnet.com/article/malware-found-preinstalled-on-some-alcatel-smartphones/

DNS hijacking
Researchers at FireEye have linked a wave of global DNS hijacking attacks to Iran. The attacks focused on government, telecom and internet-infrastructure companies. The hackers were trying to steal victims’ usernames, passwords and domain credentials. To read more: https://threatpost.com/unprecedented-dns-hijacking-attacks-linked-to-iran/140737/

Systemd
Security researchers found three vulnerabilities in Systemd, a Linux software suite, that could enable attackers to gain root access to targeted systems. The vulnerabilities are in the service that collects information from different sources and creates event logs in the journal. The bugs impact all Linux distributions, including Red Hat and Debian. To read more: https://thehackernews.com/2019/01/linux-systemd-exploit.html

Modlishka
A new penetration-testing tool can automate phishing attacks more easily than ever before. The tool is a reverse-proxy that was modified for handling traffic meant for login pages. To read more: https://www.zdnet.com/article/new-tool-automates-phishing-attacks-that-bypass-2fa/

Fuze cards
Hackers who specialize in cashing-out stolen credit cards are making heavy use of Fuze cards — smartcard devices that enable users to store dozens of credit and debit cards on a single device. To read more: https://krebsonsecurity.com/2019/01/secret-service-theft-rings-turn-to-fuze-cards/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.