Polyverse Weekly Breach Report – May 11th 2020

May 11, 2020By Shaina Raskin

Breach Report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Xiaomi

Xiaomi smartphone users and others who have the company’s Mi Browser installed on their Android devices should enable the app’s new privacy settings. By default, the app tracks individual users’ online activities. To read more: https://thehackernews.com/2020/05/xiaomi-browser-history.html

 

Citrix ShareFile

Citrix rolled out software updates for its enterprise customers to patch security vulnerabilities in the company’s ShareFile platform. If exploited, the vulnerabilities could enable attackers to compromise the storage-zones controller and access documents and folders. To read more: https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html

 

Naikon APT

Researchers discovered that Naikon APT, a group of Chinese hackers, has been targeting governments in the Asia-Pacific region. The campaign went undetected for five years and is ongoing. To read more:https://thehackernews.com/2020/05/asia-pacific-cyber-espionage.html

 

GoDaddy

An attacker obtained login information for 28,000 GoDaddy web-hosting accounts. The company reset the information and is asking its customers to take steps to regain access to accounts. To read more:

https://www.engadget.com/go-daddy-confirms-security-breach-120534835.html

 

Wappalyzer

A hacker accessed one of Wappalyzer’s databases after the tech company left it exposed online. The hacker emailed Wappalyzer customers, whose email addresses were in the database, attempting to sell them the full contents of the database for $2,000. To read more: https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/

 

WordPress

A hacker group tried to break into 900,000 WordPress sites over the course of one week. The group exploited cross-site scripting vulnerabilities in WordPress themes and plugins to plant malicious code and redirect visitors to malicious websites. To read more: https://www.zdnet.com/article/a-hacker-group-tried-to-hijack-900000-wordpress-sites-over-the-last-week/

 

Florida Gulf Coast University

Florida Gulf Coast University’s digital commencement ceremony was supposed to take place on May 3rd, but a cyberattack caused its site to crash. To read more: https://www.infosecurity-magazine.com/news/cyberattack-delays-virtual/

 

CPC

Taiwanese oil firm CPC experienced a cyberattack that took down its website and temporarily closed its gas stations. To read more: https://www.businessinsurance.com/article/20200505/STORY/912334394/Gas-stations-closed,-unable-to-accept-payment-after-cyber-attack#

 

Unacademy

A hacker is selling data on 22m users of the online-learning platform Unacademy. Many of the impacted accounts were established using corporate email addresses, including those of Cognizant, Facebook, Google, InfoSys and Wipro. To read more: https://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/

 

SkillSelect app

A data breach of the Australian government’s SkillSelect app enabled hackers to access the personal data of 774,000 migrants and applicants for skilled visas. To read more: https://www.theguardian.com/australia-news/2020/may/05/government-investigates-data-breach-revealing-details-of-774000-migrants

 

Fresenius Group

This German healthcare company suffered a ransomware attack that caused disruptions in every part of its operations around the world. To read more: https://www.teiss.co.uk/fresenius-group-ransomware-attack/

 

Microsoft’s GitHub

A hacker claims to have stolen 500GB of data from Microsoft’s private GitHub repositories. The hacker initially planned on selling the data but instead decided to leak it for free. To read more: https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/

 

US Marshals Service

A data breach at the US Marshals Service exposed personal information of current and former prisoners. To read more: https://techcrunch.com/2020/05/08/us-marshals-prisoner-data-breach/

 

DigitalOcean

Web-hosting platform DigitalOcean suffered a data breach after the company left sensitive internal documents exposed online. To read more:https://www.hackread.com/digitalocean-data-breach-leaves-internal-doc-online/

 

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.