Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

National Cyber Security Centre
In a UK Cyber Survey, the National Cyber Security Centre (NCSC) found that 23.2m accounts used “123456” as their password. The NCSC also published a separate analysis of the 100,000 most commonly recurring passwords that have been breached. To read more: https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security

WiFi-finder app
A popular hotspot-finder app exposed the WiFi passwords for more than two million networks. The database of passwords was left exposed and unprotected enabling anyone to download its contents. To read more: https://techcrunch.com/2019/04/22/hotspot-password-leak/

Bodybuilding.com
One of the internet’s biggest online stores/forums for fitness and bodybuilding disclosed a security breach. Customer data may have been exposed, but the company is not yet sure what data the attacker accessed. To read more: https://www.zdnet.com/article/bodybuilding-com-discloses-security-breach/

Evisort
A document and contract-management company called Evisort left one of its document databases unsecured. The company left an Elasticsearch database open without a password, enabling anyone to search the files inside. To read more: https://techcrunch.com/2019/04/22/evisort-data-exposed/

ShadowHammer
ASUS was not the only company targeted by ShadowHammer’s supply-chain attacks. Researchers were able to find several other malware samples that were signed with valid and legitimate certificates. The other compromised companies included three Asian gaming companies and three other South Korean organizations. To read more: https://www.bleepingcomputer.com/news/security/shadowhammer-targets-multiple-companies-asus-just-one-of-them/

Marcus Hutchins
The “accidental hero” who inadvertently stopped the spread of WannaCry pleaded guilty to two charges related to writing malware before his security career. While creating malware is a form of protected speech you cannot sell or disseminate it. To read more: https://krebsonsecurity.com/2019/04/marcus-malwaretech-hutchins-pleads-guilty-to-writing-selling-banking-malware/

Amnesty International
Amnesty International’s Hong Kong office was hit by a cyberattack from hackers with links to the Chinese government. Amnesty detected the breach when it was migrating its IT infrastructure to a more secure international network. To read more: https://www.france24.com/en/20190425-amnesty-says-hong-kong-office-hit-china-linked-cyber-attack

Docker Hub
Docker Hub alerted users that someone gained unauthorized access to a single Hub database that stored non-financial user data. To read more: https://success.docker.com/article/docker-hub-user-notification

GoDaddy
GoDaddy removed a cluster of 15,000 fraudulent websites. The hackers sold products such as weight-loss pills that used fake celebrity endorsements and breached sites. The hackers even set up subdomains on legitimate websites. To read more: https://www.axios.com/godaddy-scam-fake-sales-sites-celebrity-endorsements-d7bf0722-5b71-4cc3-9cac-ab5279bc701a.html

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Tchap
The French Government launched a messaging app called Tchap, which was supposed to be more secure than Telegram. Unfortunately, the platform has already been hacked. A French security researcher discovered an email validation error that could be used to create an account and gain access to messaging groups. To read more: https://threatpost.com/frances-secure-telegram-messaging-hacked/144010/

Carbanak
Security researchers discovered the full source code for the Carbanak malware. Security researchers found the source code, builders and unseen plugins after they were uploaded on the VirusTotal malware scanning engine. To read more: https://thehackernews.com/2019/04/carbanak-malware-source-code.html

Social Warfare
A recently disclosed bug in the WordPress plugin Social Warfare is putting 40,000 websites at risk. The vulnerability is both a stored cross-site scripting vulnerability and a remote code-execution bug. Social Warfare is a plugin that enables websites to add social sharing buttons to their pages. To read more: https://threatpost.com/exploits-social-warfare-wordpress/144051/

Malicious apps
Fifty malicious apps managed to bypass Google’s security checks and end up in the Google Play store. These apps were downloaded 30m times and pretend to be lifestyle services. Some of the apps include Pro Piczoo, Photo Blur Studio, Mov-tracker, and Pro Photo Eraser. To read more: https://www.zdnet.com/article/30-million-android-users-have-installed-malicious-lifestyle-apps/

WebMonitor RAT
A program called “WebMonitor” was designed to allow users to control a computer via a web browser remotely. The makers of the program say their product is legal and that it helps users handle the security of owned devices. However, WebMonitor is far more likely to be deployed on hacked devices. The software is classified as malware by most antivirus companies. To read more: https://krebsonsecurity.com/2019/04/whos-behind-the-revcode-webmonitor-rat/

IP spoofing
An internet traffic-mapping company noticed a surge in traffic mimicking the IP addresses of US banks, including Bank of America, JPMorgan Chase, and SunTrust. According to researchers, concentrated spoofing at this scale is unusual. To read more: https://www.cyberscoop.com/spoofed-bank-ip-address-greynoise-andrew-morris-bank-of-america/

Qualcomm
Qualcomm deployed patches for a bug that enables attackers to retrieve private data and encryption keys that are stored in a secure area of the chipset known as the Qualcomm Secure Execution Environment. It is up to Android OS updates to deploy the patches. To read more: https://www.zdnet.com/article/security-flaw-lets-attackers-recover-private-keys-from-qualcomm-chips/

iTrack and ProTrack
A hacker broke into 7,000 iTrack and 20,000 ProTrack accounts. These apps are used by companies to monitor and manage vehicle fleets through GPS tracking. In some cases, the hacker was able to remotely turn off the engines of vehicles traveling 12 miles per hour or slower. To read more: https://motherboard.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps

WooCommerce Checkout Manager
An unpatched vulnerability exists in a plugin called WooCommerce Checkout Manager that extends the functionality of WooCommerce. The vulnerability is an “arbitrary file upload” flaw that can be exploited. To read more: https://thehackernews.com/2019/04/wordpress-woocommerce-security.html

Oracle WebLogic
Researchers warned of an unpatched zero-day in Oracle WebLogic server. The vulnerability is a critical deserialization remote-code-execution vulnerability that affects all versions of the software. To read more: https://thehackernews.com/2019/04/oracle-weblogic-hacking.html

iLnkP2P
Researchers found security flaws in iLnkP2P, software that is bundled with millions of IoT devices. iLnkP2P devices have no authentication or encryption and can be easily enumerated. To read more: https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.