Polyverse Weekly Breach Report – Mar. 23rd 2020

Mar 23, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Dton

Researchers discovered a prolific Nigerian hacker who, under the name of Dton, has targeted thousands of people with custom malware. To read more:https://thehackernews.com/2020/03/nigerian-hacker-million-dollars.html

 

TrueFire Guitar 

TrueFire, a guitar-tutoring website, apparently suffered a Magecart data breach that exposed customers’ personal information. TrueFire has not publicly disclosed the breach yet. To read more: https://thehackernews.com/2020/03/truefire-guitar-tutoring-data-breach.html

 

Athena Security 

This tech company is launching thermal cameras that it claims use artificial intelligence to detect fevers in people. They thus might possibly be able to screen for COVID-19, and apparently send alerts if infected individuals are detected. To read more: https://www.vice.com/en_us/article/epg8xe/surveillance-company-deploying-coronavirus-detecting-cameras

 

Chrome and Chrome OS

Google is pausing upcoming Chrome releases due to adjusted work schedules for employees during the coronavirus outbreak. To read more: https://www.zdnet.com/article/google-pauses-chrome-and-chrome-os-releases-due-to-coronavirus-outbreak/

 

NutriBullet

Researchers discovered Magecart malware on NutriBullet’s website that was stealing customer financial data. To read more: https://www.zdnet.com/article/skimming-code-lurking-on-nutribullet-website-puts-customer-credit-card-data-at-risk/

 

Trend Micro

Hackers are trying to exploit two zero-day exploits in Trend Micro’s antivirus software. Trend Micro released patches to address the vulnerabilities. To read more: https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/

 

WordPress and Apache Struts

A study found that 55% of the security bugs that attackers have weaponized and exploited were for WordPress and Apache Struts. To read more: https://www.zdnet.com/article/wordpress-and-apache-struts-account-for-55-of-all-weaponized-vulnerabilities/

 

US Health and Human Services

The US Department of Health and Human Services suffered a cyberattack that attempted to spread disinformation undermining the response to the novel coronavirus. To read more: https://www.mercurynews.com/2020/03/16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response/

 

TrickBot

A new feature of banking-trojan TrickBot was discovered. It enables attackers to use compromised systems to launch brute-force attacks against Windows computers running a Remote Desktop Protocol connection. To read more:https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html

 

Doxzoo

Online printing website Doxzoo left an Amazon S3 bucket open that contained 250,000 customer-uploaded files. To read more: https://techcrunch.com/2020/03/16/doxzoo-printing-files/

 

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.