Polyverse Weekly Breach Report – Aug. 26th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

[24]7.ai

Delta Air Lines is suing chatbot company [24]7.ai over a breach of passenger data. A hacker broke into delta.com through [24]7.ai’s systems and stole 825,000 customers’ records. Delta is hoping to recover the costs incurred dealing with the breach, which it says amount to millions of dollars. To read more: https://skift.com/2019/08/19/delta-sues-chatbot-vendor-faulted-for-data-breach/

Jailbreak for iPhones

With the latest iOS update, Apple unpatched a vulnerability that it had previously fixed. Attackers could conceivably hack any up-to-date phone. Security experts are warning iPhone users to be careful about downloading apps. To read more: https://www.vice.com/en_us/article/qvgp77/hacker-releases-first-public-iphone-jailbreak-in-years

Residential Networking Solutions

Hackers are anonymizing malicious traffic by routing it through residential broadband and wireless data connections. KrebsOnSecurity received a tip from a retailer that saw suspicious transactions originating from a new internet provider called Residential Networking Solutions. References to the provider came up on hackforums.net, a community that hosts hackers looking for anonymous ways to monetize their activities. To read more: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/

Nest Cam IQ

Google’s Nest Cam IQ camera has eight security vulnerabilities that could be hacked. The bugs include information leaks, denial-of-service issues, and code-execution vulnerabilities. To read more: https://www.zdnet.com/article/vulnerabilities-in-google-nest-cam-iq-can-be-used-to-hijack-your-camera/

Silence APT

The Russian hacking group Silence APT is targeting banks in 30 different countries. Their most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank. To read more: https://thehackernews.com/2019/08/silence-apt-russian-hackers.html

MoviePass

MoviePass exposed thousands of member- and credit-card numbers thanks to an unprotected server. A security researcher found an exposed database containing 161m records. While most of the records were computer-generated logging messages, some included sensitive user data. To read more: https://techcrunch.com/2019/08/20/moviepass-thousands-data-exposed-leak/

NordVPN

Hackers are spreading a banking Trojan by copying legitimate software, including that of NordVPN. By creating a website identical to NordVPN’s — a common attack strategy— hackers hope to trick users into downloading malicious software. To read more: https://www.hackread.com/hackers-cloned-nordvpn-website-for-banking-trojan/

Xbox

In an effort to improve voice-command features, Microsoft contractors heard audio of Xbox users that should never have been recorded. While only certain commands were supposed to trigger recording, systems sometimes captured audio of users simply talking in their homes. To read more: https://www.vice.com/en_us/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana

Steam

After fixing one zero-day vulnerability in its gaming platform last week, Steam disclosed a second this week that affects more than 98m users. The bug is a zero-day privilege escalation that impacts only the Windows version of the client. To read more: https://www.bleepingcomputer.com/news/security/second-steam-zero-day-impacts-over-96-million-windows-users/

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

PokerTracker.com

Attackers injected Magecart malware — which steals victims’ payment information — into the PokerTracker website, which provides software that online poker players can use to improve their odds. The compromise was possible because the site was running an outdated version of Drupal with known vulnerabilities. To read more: https://www.bleepingcomputer.com/news/security/pokertrackercom-hacked-to-inject-payment-card-stealing-script/

Ruby libraries

Staff who maintain the RubyGems package repository have removed 18 versions of 11 Ruby libraries that contained malicious code. The code would collect and send the URL and environment variables of a compromised system to a remote server in Ukraine. To read more: https://www.zdnet.com/article/backdoor-code-found-in-11-ruby-libraries/

Russian voting system

A security researcher found a critical vulnerability in the blockchain-based voting system that Russian officials plan to use in September 2019. To read more: https://www.zdnet.com/article/moscows-blockchain-voting-system-cracked-a-month-before-election/

Webmin

A zero-day vulnerability was found in Webmin, a Unix administration tool. The vulnerability was apparently a secret backdoor that was planted a year before its discovery. To read more: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/

Fortnite

Fortnite players are being targeted by ransomware pretending to be an in-game hack. The ransomware masquerades as an aimbot that improves a player’s aim and helps identify the location of other players. To read more: https://siliconangle.com/2019/08/21/fortnite-players-targeted-ransomware-fake-aimbot/

Facebook disconnect tool

A new tool is rolling out that enables users to disconnect from their individual accounts any information that other apps and websites send Facebook. While the tool does not delete browsing history, Facebook will no longer associate the information with specific users. To read more: https://www.helpnetsecurity.com/2019/08/21/off-facebook-activity/

Luscious

The pornography website Luscious exposed user data after a database containing 1.2m user accounts was left unprotected. An authentication error on the website enabled complete access to all user accounts in the database. To read more: https://www.zdnet.com/article/adult-content-sharing-website-leaked-private-user-information/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.