Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

US Customs and Border Protection

US Customs and Border Protection confirmed a data breach that exposed photos of travelers and vehicles entering and leaving the country. The photos, which were unauthorized copies stored on a subcontractor’s network, were stolen in a cyberattack. To read more: https://techcrunch.com/2019/06/10/cbp-data-breach/

Vim and Neovim

Researchers found a high-severity arbitrary OS command-execution vulnerability in Vim and Neovim, which are command-line text-editing applications that come pre-installed on most Linux operating systems. To read more: https://thehackernews.com/2019/06/linux-vim-vulnerability.html

WordPress Live Chat Support

Researchers found a vulnerability in WordPress Live Chat Support, a plugin that more than 50,000 businesses use to provide customer support. The vulnerability is due to improper validation checks that could enable unauthenticated users to access REST API endpoints. To read more: https://thehackernews.com/2019/06/wordpress-live-chat-plugin.html

Amcrest HDSeries Camera

Two vulnerabilities that enable hackers to take over Amcrest HDSeries model IPM-721s security cameras have been publicly disclosed. The first allows an unauthenticated user to download admin credentials, and the second enables an attacker to execute code on a camera. To read more: https://threatpost.com/amcrest-critical-security-issues/145507/

OTP Bank and Home Credit Bank

Almost 900,000 Russian citizens’ personal data was leaked from four archives, two of which belong to OTP Bank and Home Credit Bank. The data was first traded on the black market and later leaked online to the public. To read more: https://indiablooms.com/world-details/F/20339/personal-data-of-900k-russians-leaked-online-from-3-russian-banks.html

Chinese University

A Chinese university leaked 8TB of email metadata via an unsecured Elasticsearch database. A security researcher discovered the database after conducting a simple Shodan search. To read more: https://www.infosecurity-magazine.com/news/chinese-uni-exposes-8tb-of-email-1/

US government website misconfigurations

Multiple US government websites contain a flaw that enables hackers to redirect users to external sites. The Justice Department’s Amber Alert site, for instance, redirected users to erotic material. Over the past year, a handful of offices have changed their settings to solve the problem, but other websites continue to be impacted. To read more: https://gizmodo.com/a-year-later-u-s-government-websites-are-still-redire-1835336087

VLC Player

Maintainers of the open-source VLC media player patched two high-severity bugs. The flaws were an out-of-bounds write vulnerability and a stack-buffer-overflow bug. There are currently no details on how the bugs could be exploited. To read more: https://threatpost.com/vlc-player-gets-patched-for-two-high-severity-bugs/145518/

Have I Been Pwned

Troy Hunt, the security researcher who owns the breach-notification service Have I Been Pwned, is looking for someone to acquire his site. Hunt can no longer manage the site alone because site traffic has increased exponentially in the wake of recent years’ data breaches. To read more: https://techcrunch.com/2019/06/11/have-i-been-pwned-is-looking-for-a-new-owner/

Windows SymCrypt

Google Project Zero published details of a bug in a core Windows crypto library called SymCrypt. SymCrypt is one of Microsoft’s open-source projects and is a primary crypto library for symmetric algorithms. According to a Google researcher, the bug causes “an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.” To read more: https://www.zdnet.com/article/google-warns-this-unpatched-bug-could-quickly-take-down-a-windows-fleet/

RAMBleet attack

Researchers revealed details of a new side-channel attack on dynamic random-access memory that could enable malicious programs to read sensitive memory data from other processes running on the same hardware. By repeatedly and rapidly accessing a row of memory, a hacker can cause bit flips in adjacent rows. To read more: https://thehackernews.com/2019/06/rambleed-dram-attack.html

Evite

Evite, an online e-invite service, belatedly disclosed a security breach from earlier this year. The breach occurred in February, when a hacker stole a file with information on some of Evite’s users. The hacker claimed to be selling 10m Evite user records. To read more: https://www.zdnet.com/article/evite-e-invite-website-admits-security-breach/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Telegram

Messaging app Telegram was hit by a DDoS attack and users in the US and other countries experienced connection issues. Telegram believes that the attack was perpetrated by China. To read more: https://thehackernews.com/2019/06/telegram-ddos-attack.html

ASCO

ASCO, a Belgian aircraft-parts manufacturer, shut down operations following a cyberattack. Until the company can resume operations, 1,000 people are on temporary unemployment. To read more: https://www.brusselstimes.com/all-news/belgium-all-news/58414/banking-secret-tax-department-has-examined-3600-accounts-since-2011/

Luzerne County

Philadelphia’s online court system for e-filing and docketing services has not yet fully recovered from a May cyberattack. The computer network for the Luzerne County Correctional Facility is still impacted and leaves inmates unable to order items from the commissary. To read more: https://www.infosecurity-magazine.com/news/philly-courts-still-down-after-1/

Google Calendar notifications

Hackers are targeting Google services through malicious Google Calendar notifications. Attackers spam users with phishing links to sites that then steal their credentials. To read more: https://www.forbes.com/sites/daveywinder/2019/06/11/new-security-warning-issued-for-googles-1-5-billion-gmail-and-calendar-users/#3eb78c9e565e

Evernote Web Clipper Extension

Researchers discovered a flaw in a popular Evernote extension for Chrome that enables hackers to hijack browser sessions and steal sensitive information from any website accessed. Evernote is a note-taking service used by more than 4m people. The flaw is a Universal Cross-site Scripting issue. To read more: https://thehackernews.com/2019/06/evernote-extension-hacking.html

Gaming websites

According to an Akamai report, hackers targeted the gaming industry by carrying out 12bn credential-stuffing attacks against various websites over a 17-month period. The gaming community is quickly becoming one of the most lucrative targets for hackers, because they can easily exchange in-game items for profit. To read more: https://irishtechnews.ie/hackers-targeted-gaming-industry-with-over-12-billion-attacks/

Yubico security keys

Yubico is recalling a line of security keys due to a flaw in the firmware. The security keys enable federal employees to securely log on to their devices. The bug keeps some supposedly “predictable content” inside the device’s data buffer, which may impact the level of randomness that is generated. To read more: https://www.engadget.com/2019/06/13/yubico-recalls-government-grade-security-keys-due-to-bug/

Exim mail servers

Attackers are gaining permanent root access to Exim mail-transfer agent versions via SSH using a flaw that enables them to remotely run arbitrary commands as root on exposed servers. A Shodan search indicated more than 3m servers are running a vulnerable version of Exim. To read more: https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-are-currently-being-attacked/

Google invoice submission portal

A bug bounty hunter found that he could upload an HTML file containing a cross-site scripting payload to Google’s invoice-submission portal. He found that the payload was executed on Google’s intranet, googleplex.com. To read more: https://www.securityweek.com/xss-vulnerability-exposed-google-employees-attacks

Symantec

Symantec, a platform-security company, was breached in February. Hackers gained access to customer account numbers and passwords, and claimed to have been able to extract a list of prominent Australian clients. The breach affected a self-enclosed demo lab in Australia that apparently wasn’t connected to Symantec’s corporate network. To read more: https://www.crn.com.au/news/symantec-breach-revealed-client-list-passwords-report-526694

Alaris Gateway Workstation

Researchers found two vulnerabilities in an infusion-pump system called the Alaris Gateway Workstation, which hospitals use to administer medications. One of the vulnerabilities is in the firmware, which an attacker could use to “brick” the workstation and render it useless. To read more: https://www.cyberscoop.com/medical-infusion-pump-system-two-critical-bugs-researchers-say/

Emuparadise

A retro gaming website called Emuparadise experienced a data breach that exposed 1.1m user accounts. Passwords for the accounts were stored as salted MD5 hashes, an algorithm that has been considered unsafe since 2012. To read more: https://www.zdnet.com/article/emuparadise-gaming-rom-repository-suffers-data-breach/

Cetera

Cetera Financial Group was hit by a breach that put 2,000 clients’ data at risk. A hacker gained access to two employees’ email accounts, compromising the clients’ personal information. To read more: https://www.investmentnews.com/article/20190613/FREE/190619958/cetera-latest-to-be-hit-with-data-breach-of-personal-information

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.