Polyverse Weekly Breach Report – Jan. 13th

Jan 13, 2020By Shaina Raskin

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Starbucks

Developers at Starbucks accidentally left an API key exposed that attackers could use to access internal systems. A security researcher found the key in a public GitHub repository and disclosed it on HackerOne. To read more: https://www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/

 

Austria

Austria’s foreign ministry was targeted by a cyberattack that may have been perpetrated by another country. To read more: https://www.bbc.com/news/world-europe-50997773

 

ACTIVE Network

ACTIVE Network, which provides web-based accounting software to schools, non-profits and others, disclosed a security breach last week. To read more:https://www.zdnet.com/article/school-management-software-provider-discloses-severe-security-breach/

 

Cambridge Analytica

A leak of thousands of documents from the data firm Cambridge Analytica reveals more details about the company, which misappropriated 87m Facebook profiles among other digital assets. To read more: https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation

 

HappyHotel

HappyHotel, a Japanese search engine for booking rooms in so-called love hotels, disclosed a security breach in December. To read more: https://www.zdnet.com/article/search-engine-for-japanese-sex-hotels-announces-security-breach/

 

US Federal Depository Library Program

Attackers hacked the website of the US Federal Depository Library Program, inserting pro-Iranian, anti-US messages on its homepage. To read more: https://www.cbsnews.com/news/iran-hackers-briefly-deface-website-for-u-s-government-library-with-pro-iranian-message/

 

 

Clop ransomware

Researchers discovered a new variant of Clop ransomware capable of terminating 663 Windows processes prior to encrypting files. Clop first appeared in March 2019 and evolved from targeting individual Windows machines to infecting entire networks. To read more: https://www.forbes.com/sites/daveywinder/2020/01/05/alarming-new-windows-10-security-threat-as-app-killing-clop-malware-evolves/#7b35ad615a9f

 

Website defacement

Individual hacktivists appear to be defacing random websites with pro-Iranian propaganda. To read more: https://www.theverge.com/2020/1/9/21058689/iran-teen-hacker-website-defaced-america-cyberwar

 

TrickBot trojan

The hackers behind the TrickBot trojan developed a private post-exploitation toolkit instead of relying on premade options. The toolkit is a fileless framework that enables hackers to laterally compromise networks that are considered to be of high value. To read more: https://www.bleepingcomputer.com/news/security/trickbot-gang-created-a-custom-post-exploitation-framework/

 

Unimax U673c

A security firm found unremovable malware on low-end smartphones issued via a government-subsidized program in the US. One of the phone’s components contains Adups malware, a malicious firmware component created by a Chinese company. To read more: https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/

 

Office 365

A stealthy phishing campaign is targeting Microsoft Office 365 users. The phishing starts with a link that leads to the real login page for a cloud email service. By exploiting Outlook’s add-in feature, attackers trick victims into providing access to their email and files. To read more: https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/

 

Texas Department of Agriculture

The Texas Department of Agriculture’s website was hit by a cyberattack that replaced its homepage with a picture of former Iranian commander Soleimani. To read more: https://thehill.com/policy/cybersecurity/477408-texas-department-of-agriculture-website-featured-pro-iran-image-after

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.