Polyverse Weekly Breach Report – May 4th 2020

May 4, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Microsoft Teams

Microsoft patched a vulnerability in its Teams collaboration platform. The flaw had the potential to give hackers access to all of the information in an organization’s Teams accounts, including competitive data and business plans. To read more: https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html

 

Adobe

Adobe released emergency updates for Illustrator, Bridge and Magento. The software contained multiple flaws that could have enabled attackers to execute arbitrary code. To read more: https://thehackernews.com/2020/04/adobe-software-updates.html

 

WordPress

Hackers created backdoor admin accounts on WordPress sites using the free Onetone theme. The theme developer did not release a patch, and WordPress has since removed Onetone from its theme directory. To read more: 

https://www.zdnet.com/article/hackers-are-creating-backdoor-accounts-and-cookie-files-on-wordpress-sites-running-onetone/

 

Mail.ee

Attackers sent email messages containing malicious code to select account holders at Estonian email provider Mail.ee. When the victims, who are presumed to be individuals of particular interest to a foreign country, opened the messages, all other email intended for them was redirected to an account under the attacker’s control. To read more: 

https://www.zdnet.com/article/estonia-foreign-hackers-breached-local-email-provider-for-targeted-attacks/

 

Chegg

Hackers stole 700 current and former employee records from US education-technology company Chegg. To read more: 

https://techcrunch.com/2020/04/29/hackers-chegg-employee-breach/

 

Zaha Hadid Architects

Hackers demanded a ransom from London-basedZaha Hadid Architects after breaching its servers and stealing confidential information. The firm is investigating the incident. To read more: 

https://hypebeast.com/2020/4/zaha-hadid-architects-ransomware-attack-hackers-data-stolen

 

Clearview AI

Clearview AI, which makes facial recognition software, has had a number of security problems, including a leak of 70,000 security-camera videos from a trial program at a residential building, and a misconfigured database that exposed source code and revealed the company’s client list. To read more: 

https://www.cpomagazine.com/data-privacy/breach-of-clearview-ai-source-code-renews-concerns-about-law-enforcement-facial-recognition-programs/

 

PrimoHoagies

This Philadelphia sandwich-shop chain is being sued over its failure to protect payment-card information from hackers. In a breach that went undetected for seven months, hackers broke into the chain’s online-payment platform and stole customers’ financial data. To read more:https://www.infosecurity-magazine.com/news/primohoagies-sued-over-data-breach/

 

Usenet providers

Two Usenet providers, UseNeXT and UseNet.nl, experienced data breaches that potentially led to the theft of customer payment information. Both companies have blamed a third-party partner for the breach. To read more:https://securityboulevard.com/2020/04/two-european-usenet-providers-announce-data-breach-and-blame-anonymous-third-party-company/

 

Warwick University

This UK university neglected to notify victims of a data breach that impacted its administrative network last year. An employee accidentally installed malware that enabled hackers to steal personal data on students, staff and volunteers. To read more: https://www.infosecurity-magazine.com/news/warwick-uni-under-fire-reported/

 

ExecuPharm

US pharmaceutical firm ExecuPharm was hit by a cyberattack in March that encrypted its servers with ransomware. To read more: https://www.oodaloop.com/briefs/2020/04/30/pharma-giant-execupharm-suffers-data-breach-ransomware-combo/

 

SaltStack

Researchers discovered two security flaws in SaltStack open-source software. The flaws enable hackers to execute arbitrary code on remote servers deployed in the cloud and in datacenters. To read more: https://thehackernews.com/2020/05/saltstack-rce-vulnerability.html

 

Ghost

Hackers broke into Ghost, a Node.js blogging platform that is an alternative to WordPress. The hackers exploited the vulnerabilities in Ghost’s Salt master server to take control and install a cryptocurrency miner. To read more: https://www.zdnet.com/article/ghost-blogging-platform-servers-hacked-and-infected-with-crypto-miner/

 

 

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.