Polyverse Weekly Breach Report – Jan. 6th

Jan 6, 2020By Shaina Raskin

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Wyze

This IoT device company confirmed that an exposed database shared the details of 2.4m customers. The Elasticsearch database was not a production system; however, the server was storing valid user data. To read more: https://www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/

 

Moss Adams

One of the largest US-based accounting firms announced that a data breach potentially exposed user data. The hacker had access to an employee email account from October 2019. To read more: https://latesthackingnews.com/2019/12/29/us-accounting-firm-moss-adams-discloses-data-breach/

 

RavnAir

An Alaskan air carrier experienced a cyberattack that disrupted flights. Complete system restoration will take up to a month. To read more: https://www.sfchronicle.com/news/article/RavnAir-revises-estimate-of-damage-from-cyber-14941645.php

 

Sinai Health System

Sinai Health System notified the federal government of a data breach that exposed the personal data of 12,578 people. The breach happened in October after hackers gained access to employee email accounts. To read more:https://chicago.suntimes.com/2019/12/31/21044739/data-breach-sinai-health-system-chicago

 

Citrix

A vulnerability in the Citrix Application Delivery Controller could potentially expose the networks of more than 80,000 firms. To read more: https://www.bleepingcomputer.com/news/security/critical-citrix-flaw-may-expose-thousands-of-firms-to-attacks/

 

DNA Kits

The pentagon is advising members of the military not to use consumer DNA kits from companies such as 23andMe because they pose a security risk. To read more:https://www.yahoo.com/news/pentagon-warns-military-members-dna-kits-pose-personal-and-operational-risks-173304318.html

 

Discord

Discord is a black-market platform selling credit PayPal and credit card information. To read more: https://onezero.medium.com/inside-discords-thriving-black-market-for-stolen-credit-cards-and-gift-cards-323be0256586

 

The Heritage Company

The Arkansas-based company suspended all services because of a cyberattack. Hackers hit Heritage servers with ransomware, forcing the CEO to fire 300 employees days before Christmas because the company could not recover. To read more: https://www.kait8.com/2019/12/22/heritage-company-announces-temporary-closure-due-cyber-attack-before-christmas/

 

US Coast Guard

The US Coast Guard announced that Ryuk ransomware took down a port authority for more than 30 hours. The agency did not release the name or location of the facility. To read more: https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/

 

Special Olympics NY

Attackers compromised an email server owned by Special Olympics NY to send phishing emails. To read more: https://www.tripwire.com/state-of-security/security-data-protection/special-olympics-nys-email-server-abused-to-send-phishing-emails/

 

Shitcoin Wallet

Researchers caught a Google Chrome extension injecting JavaScript code on web pages to steal passwords and private keys from crypto-wallets. The extension lets users manage Ether coins and Ethereum ERC20-based tokens. To read more: https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/

 

UK New Year Honors list 

The UK government accidentally exposed the addresses of 1,000 people who received honors. The list included politicians, senior police chiefs, security operatives, politicians and Ministry of Defence staff. To read more:https://www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients

 

North Korean hackers

Microsoft announced that it successfully took down 50 web domains previously used by a North Korean-backed hacking group. To read more: https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers/

 

Travelex

Travelex, an international foreign-currency exchange, suspended some services after being hit by malware. The London-based company operates 1,500 stores globally and took systems offline as a precaution to protect data and stop the malware. To read more: https://techcrunch.com/2020/01/02/travelex-malware/

 

Poloniex cryptocurrency exchange

This exchange was forced to reset account-holder passwords following a phishing data breach. To read more: https://www.zdnet.com/article/poloniex-cryptocurrency-exchange-confirms-account-data-leak/

 

Xiaomi Mijia camera

A Xiaomi camera linked to a Google account is receiving random images from other people’s homes when trying to stream content from the camera to a Google Nest Hub. The images include people sleeping and a baby in a cradle. To read more: https://www.androidpolice.com/2020/01/02/uh-oh-xiaomi-camera-feed-showing-random-homes-on-a-google-nest-hub-including-still-images-of-sleeping-people/

 

Roosevelt General Hospital

A New Mexico-based hospital found malware on the digital imaging server of its radiology department. To read more: https://healthitsecurity.com/news/new-mexico-hospital-finds-malware-infection-on-digital-imaging-server

 

Michigan schools

A Michigan school district’s servers were attacked by ransomware during the holiday break, and three schools were closed for a week to solve the problem. To read more: https://www.cbsnews.com/news/ransomware-attack-shuts-down-richmond-michigan-school-district/

 

Landry’s

A US restaurant chain that operates brands such as Bubba Gump Shrimp Co and Rainforest Cafe disclosed a malware breach that enabled attackers to steal customer’s credit-card information. To read more: https://www.bleepingcomputer.com/news/security/popular-us-restaurant-owner-hit-by-credit-card-stealing-malware/

 

Pensacola 

Last December, hackers used Maze ransomware to attack the city of Pensacola. The city did not pay the ransom, so the group behind the threat posted a 2GB archive of the exfiltrated data. To read more: https://www.forbes.com/sites/leemathews/2020/12/31/ransomware-hackers-have-started-leaking-city-of-pensacola-data/?ss=cybersecurity#298aa382994b

 

BusKill cable

An engineer designed a USB “kill cable” that shuts down and wipes a Linux laptop if the device gets stolen in a public place. If someone yanked the computer and the USB cable disconnects, it triggers a udev script. To read more: https://www.zdnet.com/article/new-usb-cable-kills-your-linux-laptop-if-stolen-in-a-public-place/

 

Air China

An Air China employee published the personal details of 20 celebrities who flew on a flight with him. The employee posted the information on Weibo, China’s Twitter-like platform. To read more: https://www.scmp.com/news/china/society/article/3044682/air-china-suspends-flight-attendant-over-personal-data-breach

 

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.