Polyverse Weekly Breach Report – Nov. 11th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

rConfig

A security researcher published proof-of-concept exploits for two unpatched remote code-execution vulnerabilities in rConfig. An open-source utility, rConfig enables engineers to configure and take snapshots of their networks. To read more: https://thehackernews.com/2019/11/rConfig-network-vulnerability.html

 

BlueKeep

Microsoft released a patch for Windows XP in May 2019 to mitigate the vulnerability known as BlueKeep. Hackers are actively exploiting BlueKeep, however, as approximately 700,000 XP-based systems remain unpatched. To read more: https://www.forbes.com/sites/daveywinder/2019/11/03/windows-bluekeep-attack-that-us-government-warned-about-is-happening-right-now/#201a715831a0

 

NCR

This mostly financial-software company temporarily blocked third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, a platform used by financial institutions. The ban came as a response to account takeovers where attackers used the aggregation sites to surveil and drain consumer accounts. The ban has since been lifted. To read more: https://krebsonsecurity.com/2019/11/ncr-barred-mint-quickbooks-from-banking-platform-during-account-takeover-storm/

 

Cat@Net

A journalist spent six months working undercover for a so-called troll farm, creating fake social media accounts and trolling both sides of the political spectrum. The experience gave her insight into how fake accounts are used to influence political discourse. To read more: https://nakedsecurity.sophos.com/2019/11/04/undercover-reporter-tells-all-after-working-for-a-polish-troll-farm/

 

WebAssembly

A German study found that among websites ranking in the top 1m according to the Alexa list, one in 600 executes programs in WebAssembly—a low-level language supported by all major browsers—and 50% of those sites are malicious. To read more: https://www.tu-braunschweig.de/Medien-DB/ias/pubs/2019-dimva.pdf

 

Vedantu

A data breach at the Indian educational platform Vedantu exposed the personal data of 687,000 users. To read more: https://www.medianama.com/2019/11/223-vedantu-data-breach/

 

LendingCrowd

LendingCrowd, a peer-to-peer lending company, discovered a security incident where a hacker accessed the personal data of a subset of investors. To read more: https://www.finextra.com/pressarticle/80479/lendingcrowd-reports-data-breach/retail

 

VTS Media

VTS Media exposed millions of sex workers and website users after leaving back-end databases for a number of websites unprotected. Most of the sites’ users are based in Spain and elsewhere in Europe, but some are in the US and other countries around the world. To read more: https://techcrunch.com/2019/11/03/camgirl-network-exposed-millions-users/

 

BitMEX

BitMEX, a Seychelles-based bitcoin futures exchange, accidentally exposed thousands of its users’ email addresses, causing traders to panic. The exchange claims to have identified and fixed the bug that caused the leak. To read more: https://www.forbes.com/sites/billybambrough/2019/11/03/a-major-bitcoin-exchange-has-a-serious-problem/#6e7572524fda

 

Android Beam

Google patched a bug that enabled hackers to spread malware using near-field communication (NFC) via Android Beam, a service that allows an Android device to send data to another device using NFC radio waves instead of WiFi or Bluetooth. To read more: https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/

 

Siri, Alexa, Google Home

Researchers discovered a way to inject inaudible commands into voice-controlled assistants such as Siri, Alexa and Google Home. The hack uses a vulnerability in devices’ microphones  that unintentionally responds to light. To read more: https://thehackernews.com/2019/11/hacking-voice-assistant-laser.html

 

Everis

One of Spain’s largest IT consulting companies, Everis, was forced to shut down all computer systems after a ransomware attack. To read more: https://thehackernews.com/2019/11/everis-spain-ransomware-attack.html

 

Boeing

A security researcher announced that Boeing’s test-development networks are publicly exposed to the internet, which could threaten aviation safety. In addition, at least one of the company’s email servers is infected with multiple strains of malware. To read more: https://www.csoonline.com/article/3451585/boeings-poor-information-security-posture-threatens-passenger-safety-national-security-researcher-s.html

 

Fortune 500 companies

According to research from ImmuniWeb, over 21m credentials belonging to Fortune 500 companies are available for purchase online. Of these credentials, 95% contain unencrypted plaintext passwords. To read more:https://www.techradar.com/in/news/millions-of-stolen-corporate-logins-are-available-to-buy-online

 

Trend Micro

The cybersecurity company Trend Micro disclosed a breach that resulted in the disclosure of some customers’ personal data. Trend Micro found that one of its employees, who has since been terminated, improperly accessed the data with criminal intent. To read more: https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/

 

Facebook

Facebook announced yet another security incident, revealing that 100 app developers may have accessed user data in certain Facebook groups. Despite changing Group API access parameters in 2018, Facebook appears to have failed to protect user data. To read more: https://thehackernews.com/2019/11/facebook-groups-data-leak.html

 

Ransomware

Security researchers no longer recommend that users reboot their computers after being infected with ransomware. Because some ransomware strains leave copies of their encryption keys, victims should instead hibernate their computers and disconnect them from any network. To read more: https://www.zdnet.com/article/experts-dont-reboot-your-computer-after-youve-been-infected-with-ransomware/

 

DarkUniverse

Researchers discovered a new hacking group deemed to be an advanced persistent threat (APT), a discovery based on a tip gleaned from an earlier breach at the National Security Agency by a group known as the Shadow Brokers. Dubbed DarkUniverse, the new APT group is most likely linked to hackers actively targeting Uyghurs and Tibetans. To read more: https://arstechnica.com/information-technology/2019/11/shadow-brokers-leak-of-nsa-code-leads-to-discovery-of-new-apt-hacking-group/

 

Firefox

Hackers are exploiting a bug in Firefox that causes the browser to lock up and display a warning message. The message advises users to call a toll-free number or face having the computer disabled. To read more: https://arstechnica.com/information-technology/2019/11/scammers-are-exploiting-an-unpatched-firefox-bug-to-send-users-into-a-panic/

 

Brooklyn Hospital Center

Brooklyn Hospital Center was hit with a ransomware attack causing permanent loss of some patient data. The hospital attempted to recover the data but was unable to. No estimate of how much data was lost exists. To read more:https://www.bleepingcomputer.com/news/security/brooklyn-hospital-loses-patient-data-in-ransomware-attack/

 

Amazon Ring doorbell

Researchers discovered a vulnerability in Amazon’s Ring Video Doorbell Pro, a wireless doorbell camera, that could enable attackers to steal WiFi passwords and launch cyberattacks. To read more: https://thehackernews.com/2019/11/ring-doorbell-wifi-password.html

 

Twitter

Two former Twitter employees were charged with spying on Twitter users on behalf of the Saudi Arabian government. To read more: https://thehackernews.com/2019/11/twitter-spying-saudi-arabia.html

 

California DMV

The DMV of California announced that a data breach involving personal Social Security data of 3,200 people had occurred. The breach was discovered in August. To read more: https://www.mercurynews.com/2019/11/06/data-breach-adds-to-dmvs-woes/

 

Keitaro TDS

Hackers are abusing the Keitaro Traffic Direction System (TDS), which is a legitimate web-based gateway designed to redirect users to specific online resources. The threat actors are manipulating the TDS to drive traffic to malware and push exploit kits. To read more: https://www.bleepingcomputer.com/news/security/legitimate-tds-platform-abused-to-push-malware-via-exploit-kits/

 

WordPress

A piece of malware that has been infecting WordPress sites since February 2017 has recently become more successful. The malware spreads through pirated versions of WordPress themes and plugins that are distributed through fraudulent sites. To read more: https://nakedsecurity.sophos.com/2019/11/07/malvertising-malware-sweeps-wordpress-sites/

 

Instagram influencers

An ethical hacker who used to help Instagram influencers regain their hacked accounts for free is now charging for the service because it has become his full-time job. The average charge is around $1,500, which is often more than the fee that the malicious hackers request. To read more:https://www.vice.com/en_us/article/xwe374/influencers-pay-thousands-to-get-back-into-their-hacked-instagram-accounts

 

Billabong and Quiksilver

Hackers launched a cyberattack on the retail websites Billabong and Quiksilver, both owned by the same California-based company. The two entities’ internal operations, IT systems, communications, sales and distribution were all impacted by the hack. To read more: https://www.dailymail.co.uk/news/article-7658579/Surf-wear-giants-Billabong-Quiksilver-hit-crippling-cyber-attack-ahead-Christmas-sales.html

 

Fatal heart attacks

Researchers at Vanderbilt University published a study that tied increases in fatal heart attacks to incidents of data breaches and ransomware attacks at hospitals. The fatalities occur in the months and years after an incident, as hospitals undertake security remediation. To read more: https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks/

 

Veritas Genetics

DNA-testing startup Veritas Genetics announced that it had a data breach where some customer information was accessed. The company declined to say what information was stolen. To read more: https://techcrunch.com/2019/11/07/veritas-genetics-data-breach/

 

Texas Health Resources

Texas Health Resources filed 15 data-breach notifications due to a misconfiguration in its billing system. To read more: https://healthitsecurity.com/news/texas-health-resources-data-breach-impacts-82k-patients

 

 

https://upscri.be/9816bc

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.