Polyverse Weekly Breach Report – Mar. 9th 2020

Mar 9, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Visser

Visser, a manufacturer of parts for space and defense contractors, announced a data breach. The likely culprit is DoppelPaymer, a new kind of file-encrypting ransomware. With the object of allowing attackers to later publish stolen data, this malware exfiltrates victims’ data before encrypting files. To read more: https://techcrunch.com/2020/03/01/visser-breach/

 

WordPress plugins

Hackers continue to exploit vulnerabilities in WordPress plugins. The attacks attempt to hijack sites before administrators apply security patches. To read more: https://www.zdnet.com/article/hackers-are-actively-exploiting-zero-days-in-several-wordpress-plugins/

 

C3UK

This provider of free WiFi at UK railway stations confirmed a data breach that exposed 146m records. To read more: https://www.bbc.com/news/technology-51682280

 

Let’s Encrypt

Non-profit certificate authority Let’s Encrypt is revoking more than 3m TLS certificates. The certificates may have been issued incorrectly because of a bug. To read more: https://thehackernews.com/2020/03/lets-encrypt-certificate-revocation.html

 

US property and demographic database

Over 200m records containing property-related information on US residents were exposed in a database on Google Cloud. The database was eventually taken offline, but not until more than a month after researchers discovered it and alerted Google’s security team. To read more: https://thehackernews.com/2020/03/us-property-records-database.html

 

Toyota, Hyundai, Kia

Researchers discovered that hackers exploit radio-enabled keys to steal vehicles. These thefts are possible because of a flaw in how Toyota, Hyundai and Kia implement an encryption system called DST80. To read more:https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/

 

Virgin Media

A data breach at Virgin Media exposed the personal details of 900,000 customers. To read more: https://thehackernews.com/2020/03/virgin-media-data-breach.html

 

PPP daemon

A 17-year-old remote code-execution vulnerability exists in PPP daemon software, which is preinstalled on Linux operating systems. To read more: https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html

 

Intel CSME

A patched vulnerability in Intel CSME is worse than previously thought. All but the latest generation of chips are vulnerable to exploitation. To read more: https://www.zdnet.com/article/intel-csme-bug-is-worse-than-previously-thought/

 

Walgreens

A bug in the mobile app of Walgreens, a large US pharmacy chain, leaked customers’ prescription data. To read more: https://threatpost.com/walgreens-mobile-app-prescription-data/153361/

 

Carnival Corp

Cruise operator Carnival Corp announced that it was targeted by cyberattacks last year. To read more: https://www.reuters.com/article/us-carnival-corp-cyber/carnival-corp-units-say-were-hit-by-cyber-attack-last-year-idUSKBN20P395

 

Zynga

A lawsuit was filed against gaming company Zynga over a data breach that exposed 173m users. The breach occurred in September 2019. To read more:https://www.infosecurity-magazine.com/news/zynga-facing-lawsuit-over-data/

 

Boots

UK-based pharmacy-chain Boots suspended payments using the Boots Advantage loyalty card after a hacker broke into customer accounts. Fewer than 150,000 users were affected. To read more: https://www.bbc.com/news/technology-51742079

 

Google Authenticator

New malware was discovered that steals 2FA codes generated by the Google Authenticator app. The malware works on Android devices and is a hybrid between a banking trojan and a remote-access trojan. To read more: https://www.zdnet.com/article/google-could-have-fixed-2fa-code-stealing-flaw-in-authenticator-app-years-ago/

 

J.Crew

Clothes retailer J.Crew reported a data breach that occurred in April 2019 and exposed customer information. To read more: https://www.retaildive.com/news/j-crew-reports-data-breach-of-customer-accounts/573543/

 

Trident Crypto Fund

A hacker published the usernames and passwords of more than 120,000 customers of this “crypto investment index fund.” To read more:https://cointelegraph.com/news/trident-crypto-fund-data-breach-266-000-passwords-stolen

 

Microsoft

Microsoft is warning users about Netwalker, a new ransomware strain that injects malicious code into Windows 10 Explorer executables. To read more: https://www.forbes.com/sites/daveywinder/2020/03/06/microsoft-warns-of-devastating-cybersecurity-threat-to-windows-users-heres-what-you-need-to-know/#4ba9dbe11af8

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.