Polyverse Weekly Breach Report – Dec. 9th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Imminent Monitor RAT

Europol announced the shutdown of the criminal network behind Imminent Monitor RAT, a widely used hackers’ tool. IM-RAT was sold to more than 14,500 buyers and used against thousands of victims around the world. To read more:https://thehackernews.com/2019/11/europol-imminent-monitor-rat.html

TrueDialog

Researchers found a database belonging to TrueDialog, a business SMS provider that exposed millions of SMS text messages. The service enables companies and universities to send bulk text messages to their customers and students. To read more: https://techcrunch.com/2019/12/01/millions-sms-messages-exposed/

Mixcloud

A hacker is selling Mixcloud user data on a dark web marketplace. The hack was first announced last Friday and includes usernames, email addresses, hashed password strings, and other personal information. To read more: https://www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/

Palo Alto Networks

Cybersecurity company Palo Alto Networks announced that it had suffered a data breach due to a third-party vendor error. To read more: https://www.techradar.com/news/palo-alto-networks-hit-by-major-data-breach

Chrome

A new Windows trojan is trying to steal passwords from Google Chrome browsers. The malware uses a remote MongoDB database to store the stolen passwords. To read more: https://www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/

Netflix

Hackers found a way to reactivate canceled Netflix accounts without the victim knowing. Netflix stores customer data for ten months after someone cancels a subscription, which makes reactivation possible. To read more: https://www.businessinsider.com/netflix-hackers-reactivating-canceled-accounts-2019-11

Strandhogg vulnerability

Researchers found a new unpatched vulnerability, known as Strandhogg, in Android. The vulnerability is in the multitasking feature that can be exploited by a malicious app installed on a device. To read more:https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html

Microsoft

Microsoft fixed a vulnerability that enabled hackers to trick victims into handing over complete access to their online accounts. The bug enabled hackers to steal account tokens, which websites and apps use to grant users access without needing a password. To read more: https://techcrunch.com/2019/12/02/microsoft-login-flaw-account-hijack/

Tuft & Needle

Mattress company Tuft & Needle accidentally left an unprotected cloud server containing shipping information open on the internet. The unprotected AWS S3 bucket exposed more than 236,400 shipping labels. To read more: https://techcrunch.com/2019/12/02/tuft-and-needle-exposed-shipping-labels/

Smith & Wesson

Gun maker Smith & Wesson’s online store was compromised by attackers who added code in an attempt to steal payment information. To read more: https://www.bleepingcomputer.com/news/security/smith-and-wesson-web-site-hacked-to-steal-customer-payment-info/

Solara Medical

Solara Medical Supplies disclosed a data breach that impacted 114,000 patients. Patients filed a lawsuit against the company for failure to protect patients’ personal and medical information. To read more:https://healthitsecurity.com/news/solara-medical-faces-lawsuit-over-data-breach-impacting-117k-patients

GoAhead

Researchers discovered two vulnerabilities in the GoAhead web server software found in IoT devices. One of the weaknesses is a code execution flaw that could enable an attacker to take control of a device. To read more: https://thehackernews.com/2019/12/goahead-web-server-hacking.html

Avast

If you have Avast and its subsidiary AVG installed on a Firefox or Chrome browser, you should disable it immediately. The browser extensions were collecting data, including browsing history on millions of users. To read more: https://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html

Python libraries

The Python security team removed two Python libraries from the Package Index that were stealing SSH and GPG keys. To read more: https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

New Zealand gun buyback

A data breach hit New Zealand’s gun-buyback scheme due to human error at SAP. Personal information and bank-account details were accessible during the breach. To read more: https://www.zdnet.com/article/new-zealands-gun-buyback-scheme-suffers-data-breach-sap-to-blame/

F-15s

A team of hackers gained access to an F-15 fighter in a US military test. It was the first time that researchers were allowed physical access to the jets to find weaknesses. To read more: https://nationalinterest.org/blog/buzz/how-hackers-could-shut-down-americas-f-15s-101432

HackerOne

The bug bounty platform paid $20,000 to a hacker after it accidentally enabled users to read and modify customer bug reports. After learning about the incident, HackerOne was able to revoke the session cookie in two hours. To read more: https://www.techradar.com/in/news/hackerone-pays-up-after-data-breach

ZeroCleare

A new form of “wiper” malware is attacking companies in the Middle East. Researchers believe the malware is from Iranian state-sponsored groups. To read more: https://arstechnica.com/information-technology/2019/12/new-iranian-wiper-discovered-in-attacks-on-middle-eastern-companies/

OpenBSD

This open-source operating system has four severe security vulnerabilities, one of which is an authentication bypass in the BSD Auth framework. The other three are privilege escalation bugs. To read more: https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html

Chinese VC firm

Researchers found evidence that Chinese hackers stole $1m in seed money during a wire transfer between a Chinese venture capital firm and an Israeli startup. To read more: https://www.vice.com/en_us/article/mbmmaq/hackers-trick-venture-capital-firm-into-sending-them-dollar1-million

Healthcare Administrative Partners

Medical billing provider Healthcare Administrative partners notified 17,693 patients of a data breach that may have exposed their health information. To read more: https://www.beckershospitalreview.com/cybersecurity/healthcare-administrative-partners-warns-18-000-patients-of-data-breach.html

Evil Corp

The US Justice and Treasury departments took action against a hacking group known as Evil Corp, which stole at least $100m from banks using malware. To read more: https://www.cnbc.com/2019/12/05/russian-malware-hackers-charged-in-massive-100-million-bank-scheme.html

VPNs

Researchers discovered a new vulnerability in Linux that enables hackers to hijack VPN connections. The vulnerability impacts most Linux distributions as well as macOS, iOS, and Android. To read more: https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/

Microsoft

Microsoft researchers scanned all Microsoft user accounts and found that 44m users used the same username and passwords that leaked online in other security breaches. To read more: https://www.zdnet.com/article/44-million-microsoft-users-reused-passwords-in-the-first-three-months-of-2019/

Great Cannon

The Chinese government deployed a DDoS tool known as the Great Cannon to launch attacks at an online forum where Hong Kong residents organized anti-Beijing protests. To read more: https://www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/

CyrusOne

Ransomware impacted CyrusOne, one of the largest data center providers in the US. Six of their managed-service customers experienced issues due to the ransomware encrypting devices on their networks. To read more: https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/

Sprint contractor

A contractor of Sprint stored an unprotected cloud server with thousands of customer bills online. The bucket had more than 260,000 publicly available documents. To read more: https://techcrunch.com/2019/12/04/sprint-contractor-cell-phone-bills-exposed/

New Jersey Shakespeare Theater

A ransomware attack took down the ticket system and database for the New Jersey Shakespeare Theater, and impacted another organization in the area. The theater had to cancel its first show to create a new method of ticket sales. To read more: https://www.bleepingcomputer.com/news/security/ransomware-writes-drama-at-shakespeare-theatre/

Ethiopia

The country of Ethiopia shut down the internet of the country for some 20 minutes to stop a cyberattack against multiple financial institutions. To read more: https://borkena.com/2019/12/05/ethiopia-briefly-shut-internet-as-a-cyber-attack-hits/

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.