Polyverse Weekly Breach Report – Apr 6th 2020

Apr 6, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Signaling System 7

To spy on its citizens in the US, the Saudi Arabian regime is allegedly exploiting weaknesses in Signaling System 7, a set of protocols used by phone networks to route and direct calls and messaging around the world. The weaknesses, which enable hackers to listen in on calls and read text messages, have been known for years and have previously been exploited by other attackers. To read more: https://techcrunch.com/2020/03/29/saudi-spies-ss7-phone-tracking/

 

DrayTek enterprise routers

A hacker group is exploiting a zero-day vulnerability in DrayTek enterprise routers to eavesdrop on FTP and email traffic. To read more: https://www.zdnet.com/article/a-mysterious-hacker-group-is-eavesdropping-on-corporate-ftp-and-email-traffic/

 

Marriott

Marriott announced a major data breach, the second to affect the company in the last two years. This breach impacts 5.2m guests worldwide. To read more:https://abcnews.go.com/Technology/wireStory/marriott-data-breach-affects-52-million-guests-69895558

 

Zoom information leaks

The video-conferencing app Zoom is leaking some users’ personal information due to an issue in the Company Directory setting. The setting automatically adds contacts who share a domain to the contact list of any user with that domain—the intention being to make it easy for users to find others in their company. The information of users who’ve joined with a personal email address is being shared with strangers. To read more: https://www.vice.com/en_us/article/k7e95m/zoom-leaking-email-addresses-photos

 

Zoom Mac bugs

A security researcher found two zero-day bugs in Zoom that can be exploited to take over a user’s Apple Mac. To read more: https://techcrunch.com/2020/04/01/zoom-doom/

 

Fake Zoom domains

Hackers are registering fake Zoom domains to trick people into downloading malware onto their devices. Over 1,700 new domains have been registered since the beginning of the coronavirus pandemic. To read more:https://thehackernews.com/2020/03/zoom-video-coronavirus.html

 

OpenWRT

For three years, the operating system OpenWRT was vulnerable to remote code-execution attacks because of the way updates were delivered to devices. To read more: https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/

 

MakeFrame

Researchers discovered a new Magecart skimmer, dubbed MakeFrame, that injects HTML iframes into web pages to garner payment data. To read more: https://thehackernews.com/2020/04/magecart-digital-skimmer.html

 

Vollgar

Researchers discovered a hacking campaign that targets Microsoft SQL servers to deploy backdoor and other malware, such as cryptominers. The attack, named Vollgar, uses brute force to breach servers with weak credentials. To read more: https://thehackernews.com/2020/04/backdoor-.html

 

Mandrake spyware

Researchers uncovered an Android spying campaign targeting Australians. The campaign has been active for four years, using the so-called Mandrake platform to subvert banking and other mobile apps. To read more: https://www.zdnet.com/article/bitdefender-reveals-mandrake-spyware-targeting-aussie-android-users/

 

MBR malware

New coronavirus-themed malware is infecting systems, wiping files, and rewriting computers’ master boot records. To read more: https://www.zdnet.com/article/theres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbr/

 

Italy’s social-security website

Hackers attacked Italy’s social-security website, forcing its shutdown last week. To read more: https://www.reuters.com/article/us-health-coronavirus-italy-cybercrime/italys-social-security-website-hit-by-hacker-attack-idUSKBN21J5U1

 

VPN appliances

Microsoft issued a warning to hospitals alerting them to vulnerabilities in their VPN appliances. With increased use of VPN during the coronavirus outbreak, hospitals with unpatched servers are particularly vulnerable to ransomware attacks. To read more: https://www.zdnet.com/article/coronavirus-microsoft-directly-warns-hospitals-fix-your-vulnerable-vpn-appliances/

 

GoDaddy.com

A spear-phishing attack snagged a customer-service employee at the domain-name registrar GoDaddy.com. As a result, hackers were able to change the settings for various GoDaddy domains, including the transaction-brokering website escrow.com. To read more: https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/

 

Safari

A researcher found several new vulnerabilities in Apple’s Safari browser that could enable a hacker to access a device’s camera, microphone or location. Apple has since fixed the issues and sent patches to users. To read more:https://thehackernews.com/2020/04/hacking-iphone-macbook-camera.html

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.