Polyverse Weekly Breach Report – Dec. 2nd

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

VNC software

An analysis of four open-source virtual network computing (VNC) desktop applications revealed a total of 37 vulnerabilities, most of which had gone undetected for the past 20 years. The analysis focused on widely used VNC software, specifically LibVNC, UltraVNC, TightVNC and TurboVNC. To read more: https://thehackernews.com/2019/11/vnc-remote-software-hacking.html

OnePlus

Chinese smartphone maker OnePlus experienced a data breach that exposed personal and order information for an undisclosed number of customers. To read more: https://thehackernews.com/2019/11/oneplus-store-data-breach.html

NextCry

NextCry, a new ransomware strain, encrypts data on NextCloud Linux servers and evades most antivirus engines. No free decryption tools currently exist. To read more: https://linuxsecurity.com/features/features/nextcry-ransomware-targets-nextcloud-linux-servers-and-remains-undetected

Chrome, Safari, Edge

While attending a security event, Chinese white-hat hackers were able to exploit vulnerabilities in major browsers and other commonly used software. To read more: https://www.ibtimes.com/chinese-hackers-break-chrome-safari-edge-reveal-browsers-vulnerabilities-2869812

Kazakhstan

Researchers discovered a hacking operation aimed at Kazakhstan. Targets include government agencies, military personnel, diplomats, researchers and journalists. To read more: https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/

Obstruction lighting

A researcher discovered 46 control panels for obstruction lighting that were open on the internet. Hackers could have turned off the lights, which are placed on tall structures in order to warn airplanes not to hit them. The FAA is working to fix the issue. To read more:https://www.vice.com/en_us/article/7x5nkg/airplane-warning-lights-hacked

Online server

A dark-web researcher found a server with 1.2bn records exposed on the internet. The data contains personal information associated with profiles on social media such as Facebook, Twitter, LinkedIn and Github, including almost 622m unique email addresses. To read more: https://www.wired.com/story/billion-records-exposed-online/

Allied Universal

After not receiving a ransom payment from Allied Universal, the group behind Maze Ransomware published 700 MB of data and files that it had stolen from the security-staffing company. This makes up only 10% of the stolen files, and the attackers threaten to release the rest if payment is not made. To read more: https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/

Virtual Care Provider

Hackers are holding data hostage from Milwaukee-based Virtual Care Provider, a company providing internet security and data storage to more than 100 nursing homes across the US. The company is working to restore data and handle any life-threatening situations caused by the hack. To read more: https://www.jsonline.com/story/news/local/2019/11/23/milwaukee-firm-falls-victim-hackers-100-plus-nursing-homes-affected/4285213002/

NYPD fingerprint database

The fingerprint database of the New York Police Department (NYPD) was shut down after a contractor at its Queens training facility plugged in a mini-PC that was infected with a virus. The virus spread to 23 NYPD machines. To read more: https://nypost.com/2019/11/24/how-the-nypds-fingerprint-database-got-shut-down-by-a-computer-virus/

Louisiana

The governor of Louisiana declared a state of emergency after ransomware knocked key state services offline. Most affected was the Office of Motor Vehicles, which had still not recovered a week later. Although only 132 of 5,000 servers were compromised, the state is struggling to return services to normal. To read more: https://www.wwltv.com/article/news/crime/louisiana-omv-remains-closed-thursday-morning-due-to-ransomware-attack/289-15121f96-883a-4cd6-b7a9-5d8c85e51a47

California DMV

The California Department of Motor Vehicles is generating $50m a year by selling drivers’ personal information to commercial entities. To read more:https://www.vice.com/en_us/article/evjekz/the-california-dmv-is-making-dollar50m-a-year-selling-drivers-personal-information

Android SDKs

Two software-development kits that are integrated into thousands of Android apps were found to be accessing user data connected to social media accounts. To read more: https://thehackernews.com/2019/11/sdk-twitter-facebook-android.html

Credit and debit cards

One of the largest dark-web bazaars is selling 4m credit and debit cards stolen in security breaches at four restaurant chains. The breaches occurred in August 2019 at Krystal, Moe’s, McAlister’s Deli and Schlotzsky’s. To read more: https://krebsonsecurity.com/2019/11/sale-of-4-million-stolen-cards-tied-to-breaches-at-4-restaurant-chains/

Fortinet

Fortinet, a cybersecurity vendor, was shipping hard-coded encryption keys on its hardware for 18 months. The keys were found inside FortiOS for FortiGate firewalls and FortiClient endpoint-protection software. To read more: https://www.zdnet.com/article/some-fortinet-products-shipped-with-hardcoded-encryption-keys/

Docker

A new hacking campaign was discovered looking for Docker platforms with exposed API endpoints. Hackers scanned 59,000 IP networks to find the platforms, which were then compromised with cryptomining malware. To read more: https://www.computing.co.uk/ctg/news/3084249/exposed-docker-platforms

Google

Google informed more than 12,000 users that they were targeted by government-backed hacking in Q3 this year. More than 90% of the users were hit with phishing attempts to trick them into handing over Google account credentials. To read more: https://thehackernews.com/2019/11/google-government-hacking.html

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.