Polyverse Weekly Breach Report – May 18th 2020

May 18, 2020By Shaina Raskin

Breach Report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Android apps expose users’ data

More than 4,000 Android apps that use Google Cloud-hosted Firebase databases are leaking sensitive user data thanks to security misconfigurations. To read more: https://thehackernews.com/2020/05/android-firebase-database-security.html

 

vBulletin

If you are running vBulletin software make sure you patch it immediately, due to a critical security vulnerability. To read more:

https://thehackernews.com/2020/05/vBulletin-access-vulnerability.html 

 

Hackers hit media law firm

The website of Grubman Shire Meiselas & Sacks, a law firm used by celebrities such as Lady Gaga, Drake and Madonna, is down, and hackers are claiming to have stolen gigabytes of data. To read more: https://www.bbc.com/news/technology-52632729

 

ShinyHunters hack

An estimated 73m user records from ten companies, including the StarTribune, Chatbooks and Zoosk, were put up for sale on the dark web by the ShinyHunters hacking group. To read more: https://www.dailymail.co.uk/sciencetech/article-8308167/Hacker-group-ShinyHunters-sells-73-MILLION-user-records-dark-web.html

 

Video-conferencing software scams

Hackers are capitalizing on the COVID-19 pandemic by registering domains impersonating Zoom, Microsoft Teams and Google Meet and using them for phishing scams. To read more:

https://www.theverge.com/2020/5/12/21254921/hacker-domains-impersonating-zoom-microsoft-teams-google-meet-phishing-covid-19

 

Malware targets air?gapped networks

Researchers discovered a new malware called Ramsay attacking high-value computers in air-gapped networks. To read more:

https://thehackernews.com/2020/05/airgap-network-malware.html

 

Flawed Microsoft patch

Microsoft released a patch to prevent reverse-RDP attacks that was easily bypassed by hackers. The company subsequently rectified the error and re-patched affected systems. To read more:

https://thehackernews.com/2020/05/reverse-rdp-attack-patch.html 

 

Huawei

Huawei denied any involvement in the Linux kernel patch that was submitted by an employee and subsequently arose security concerns. To read more:

https://www.zdnet.com/article/huawei-denies-involvement-in-buggy-linux-kernel-patch-proposal/

 

MagBo

This public-internet cybercrime store is now selling access to more than 43,000 hacked servers. To read more:

https://www.zdnet.com/article/a-cybercrime-store-is-selling-access-to-more-than-43000-hacked-servers/

 

Chinese hacking of US COVID-19 research

The US government formally accused China of hacking American organizations working on COVID-19 research. To read more:

https://www.zdnet.com/article/us-formally-accuses-china-of-hacking-us-entities-working-on-covid-19-research/

 

Magellan Health

US healthcare-insurance giant Magellan Health announced that it was hit by a ransomware attack and data breach. To read more:

https://threatpost.com/healthcare-giant-magellan-ransomware-data-breach/155699/

 

COMpfun remote access trojan

A new malware campaign is using HTTP status codes to control compromised systems at “diplomatic entities” in Europe. To read more:

https://thehackernews.com/2020/05/malware-http-codes.html 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.