Polyverse Weekly Breach Report – Aug. 19th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Elastic Block Storage Snapshots

Cloud administrators are misconfiguring settings on Amazon’s Elastic Block Storage Snapshots, leaving them public and unencrypted even when the content — such as application keys or sensitive data — should be private. Consequently, companies are unintentionally leaking files, as anyone can download an exposed hard disk and boot it up. To read more: https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/

Bank of Cardiff

California-based Bank of Cardiff accidentally left one million recordings of employee phone calls open on the internet. These included conversations with customers regarding loans. To read more: https://www.vice.com/en_us/article/43jkzp/one-million-bank-phone-calls-in-amazon-aws-bucket-bank-of-cardiff

Canon DSLR cameras

Researchers at Check Point, a cybersecurity firm, showed how hackers could remotely infect a Canon DSLR camera with ransomware. To read more: https://thehackernews.com/2019/08/dslr-camera-hacking.html

SQLite databases

At Black Hat, researchers demonstrated how attackers could hijack SQLite databases and take over iOS devices. Vulnerabilities in how third-party apps read data from SQLite databases could enable someone to hide malicious code in the data. To read more: https://www.zdnet.com/article/clever-attack-uses-sqlite-databases-to-hack-other-apps-malware-servers/

Windows device drivers

A researcher discovered a flaw in the hardware device drivers from 20 vendors that impacts all modern versions of Windows. Among the vendors are Huawei, Intel and NVIDIA. To read more: https://www.forbes.com/sites/daveywinder/2019/08/11/critical-windows-10-warning-confirmed-millions-of-users-are-at-risk/#6e0fd49e2b51

Robocall-blocking apps

A researcher found serious privacy issues in popular robocall-blocking apps, including TrapCall, Truecaller and Hiya. The apps send user or device data to third-party analytics companies without explicit consent. To read more: https://techcrunch.com/2019/08/09/many-robocall-blocking-apps-send-your-private-data-without-permission/

Steam

Valve fixed a zero-day vulnerability that could be used to escalate privileges in the latest version of their gaming platform, Steam. The researcher who found the exploit at first attempted to contact Valve, but went public when the company failed to respond. To read more: https://www.neowin.net/news/valve-fixes-zero-day-exploit-for-steam-in-latest-beta/

Epic Games

Epic Games is being sued over security breaches that enabled hackers to access account holders’ personal information. In January, Epic acknowledged a bug in Fortnite that could have exposed information for millions of users. To read more: https://www.polygon.com/2019/8/9/20799032/epic-games-fortnite-lawsuit-security-data

Cerberus

A new remote access Trojan called Cerberus enables hackers to take control of infected Android devices. Cerberus is coded from scratch and does not reuse any code from existing Trojans. The creator is renting out the malware to interested parties. To read more: https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html

iMessage

Google Project Zero researchers found ten new ways that an iPhone can be compromised. Many of the vulnerabilities are in iMessage, the default messaging app on iOS and Mac devices. To read more: https://www.vice.com/en_us/article/ywazj5/google-hackers-found-10-ways-to-hack-an-iphone-without-touching-it

HTTP/2

Eight security vulnerabilities were discovered in various implementations of HTTP/2. The vulnerabilities, if exploited, can launch denial-of-service attacks against online services and websites. To read more: https://thehackernews.com/2019/08/http2-dos-vulnerability.html

Wormable Windows flaws

Microsoft released update for Windows to patch four critical remote-execution flaws. The flaws are wormable, similar to the recently patched BlueKeep vulnerability, and could be exploited to infect multiple computers. To read more: https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html

Bismarck public schools

In Bismarck, North Dakota, officials are informing parents and staff that the city’s public schools are among 13,000 schools and universities impacted by a data breach. The FBI is investigating the breach, which occurred when a third-party screening company was attacked. To read more: https://www.kfyrtv.com/content/news/Bismarck-Public-Schools-warned-about-data-breach-539307521.html

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

British Airways

British Airways sent unencrypted check-in links to its customers. Hackers could intercept the link requests and gain access to customer information. To read more: https://fortune.com/2019/08/13/british-airways-new-security-vulnerablity/

LibreOffice

LibreOffice released new versions of its open-source software to fix three new vulnerabilities that bypass two previously addressed issues. To read more: https://thehackernews.com/2019/08/libreoffice-patch-update.html

Biostar 2 database

A biometrics database used by police, banks and defense contractors was discovered online unencrypted. The Biostar 2 database contained user names, passwords and other personal information. To read more: https://www.computing.co.uk/ctg/news/3080451/biometrics-of-one-million-people-discovered-on-publicly-accessible-database

Hacker forums

Hackers from Raidforums breached rival hacking forum Cracked.to and released data on 321,000 members. The data included 749,161 email addresses, among other personal data. To read more: https://arstechnica.com/information-technology/2019/08/hacker-sites-incriminating-database-published-online-by-rival-group/

Choice Hotels

A researcher discovered an unsecured database belonging to Choice Hotels online. Hackers apparently found it first, though, and are demanding 0.4 Bitcoin ($3,856) for the safe return of 700,000 guest records. While the database contained 5.6m records, most were test data not associated with real people. To read more: https://www.comparitech.com/blog/vpn-privacy/choice-hotels-data-leak/

Kaspersky Antivirus

A vulnerability in Kaspersky Antivirus exposed a unique identifier associated with each user of the software. The identifiers were available to every website that users visited over the past four years. This may have enabled sites and third parties to track users across the web even if the sites were blocked. The flaw is due to the way by which a URL scanning module is integrated into the antivirus software. To read more: https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

European Central Bank

Hackers injected malware into one of the websites of the European Central Bank. The bank was forced to shut down the affected website, which was its Banks’ Integrated Reporting Dictionary site. To read more: https://thehackernews.com/2019/08/european-central-bank-hack.html

Hy-Vee

Hy-Vee is investigating a possible breach with the payment processing systems at its fuel pumps, coffee shops and restaurants. The company detected unauthorized activity on the systems, which led to a larger investigation. To read more: https://www.usatoday.com/story/money/2019/08/14/hy-vee-data-breach-possible-customer-payment-system-vulnerability-wahlburger-fuel-restaurants-data/2014621001/

North Korean malware

U.S. Cyber Command released malware linked to North Korean hackers. They uploaded the malware, called Electric Fish, to VirusTotal, a database used for security research. To read more: https://techcrunch.com/2019/08/15/cyber-command-north-korea-malware/

Norman malware

Researchers discovered new Monero-mining malware. Dubbed Norman, the malware executes a XMRig-based cryptominer while trying to avoid detection. To read more: https://www.coindesk.com/new-malware-miner-sneakily-hides-when-task-manager-is-open

Texas

A ransomware attack hit over 20 entities in Texas last week, most of them local governments . The attacks came from a single hacker and responders are actively working to bring systems back online. To read more: https://dir.texas.gov/View-About-DIR/Article-Detail.aspx?id=210

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.