Polyverse Weekly Breach Report – Nov. 18th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Riot Games

Co-founder of Riot Games Marc Merrill was the victim of fraud, losing $5m in a cryptocurrency scam. A criminal took Merrill’s credit-card details to purchase cloud-computing services under his name and then used the services to mine cryptocurrency. To read more: https://finance.yahoo.com/news/riot-games-co-founder-defrauded-090018893.html

ZoneAlarm

ZoneAlarm, an internet-security software company owned by Check Point Technologies, suffered a data breach resulting from the vulnerability in the vBulletin forum software that was disclosed in September. The breach only impacted the subset of subscribers who use the domain forums.zonealarm.com. To read more: https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html

Florida Blue

Health-insurance provider Florida Blue announced that it is notifying members that their information may have been exposed in a data breach at a third-party vendor. To read more: https://www.beckershospitalreview.com/cybersecurity/florida-blue-alerts-members-of-data-breach.html

Texas Health and Human Services Commission

The Texas Health and Human Services Commission is being fined $1.6m in connection with a data breach. Personal information of over 6,000 people was exposed when the commission moved an internal application from a private server to a public one. To read more: https://www.infosecurity-magazine.com/news/texas-health-agency-fined-for-data/

Orvis.com

For several weeks, the retailer Orvis.com leaked hundreds of internal passwords on pastebin.com. Orvis says the exposure was inadvertent and that many credentials were expired. To read more: https://krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/

Buran ransomware

The operators of Buran, a new ransomware-as-a-service (RaaS) offering, are focused on establishing personal relationships with customers. The malware is advertised as a stable offline cryptolocker with 24/7 support, and the authors take 25% of the illicit earnings, which is a discount compared to other RaaS operators. To read more: https://www.zdnet.com/article/vegalocker-evolves-into-buran-ransomware-as-a-service/

Private S3 buckets

S3 buckets with private mode enabled are still vulnerable to cyberattacks. Recent attacks on private Amazon S3 buckets exposed 140,000 Social Security numbers, bank account information and more. To read more: https://news.sophos.com/en-us/2019/11/08/exposed-private-amazon-s3-bucket-exposure/

Zombieload

The so-called Zombieload vulnerability that was disclosed earlier this year has a new, second variant. This variant works not just against older Intel processors but also against recent ones, including the latest line of Cascade Lake CPUs. To read more: https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/

Aventura Technologies

Aventura Technologies has been charged with fraud after selling surveillance equipment to the US government with known security vulnerabilities. The company also falsely claimed that its products were made in the US when in fact they were manufactured in China. To read more: https://www.zdnet.com/article/firm-charged-for-flogging-chinese-spy-equipment-to-us-govt-with-known-security-vulnerabilities/

UK Labour party

The Labour party experienced a cyberattack that attempted to disrupt its digital systems. A distributed denial-of-service (DDos) attack flooded servers in an attempt to overwhelm them and take the party offline. To read more: https://www.theguardian.com/politics/2019/nov/12/labour-reveals-large-scale-cyber-attack-on-digital-platforms

Update: The Labour party suffered a second cyberattack a day after the DDoS.

Pemex

Mexico’s state oil company Pemex said that cyberattacks undertaken against it were neutralized and ultimately affected less than 5% of its computers. Operations have returned to normal. To read more: https://www.reuters.com/article/us-mexico-pemex-cyber/mexicos-pemex-says-operations-normal-after-cyber-attack-idUSKBN1XM07U

Google

Google is collecting detailed health data on 50m American patients, often without patient consent. To read more: https://www.wsj.com/articles/behind-googles-project-nightingale-a-health-data-gold-mine-of-50-million-patients-11573571867

TPM-Fail

Researchers disclosed two CPU vulnerabilities, collectively dubbed TPM-Fail, that enable attackers to retrieve cryptographic keys protected inside trusted platform modules (TPMs).  Affected TPMs are manufactured by STMicroelectronics and Intel. To read more: https://thehackernews.com/2019/11/tpm-encryption-keys-hacking.html

PureLocker

Researchers found new ransomware that is targeting enterprise servers. Named PureLocker, the ransomware is written in PureBasic and is transferable between Windows, Linux and OS-X. To read more: https://www.zdnet.com/article/this-unusual-new-ransomware-is-going-after-servers/

SmarterAsp.net

SmarterASP. NET, a Microsoft ASP.NET hosting company, was attacked by ransomware. The company advised customers that all data was encrypted and that it was working with experts to decrypt. To read more: https://nakedsecurity.sophos.com/2019/11/12/asp-net-hosting-provider-recovering-from-ransomware-attack/

Cost to launch a cyberattack

While enterprises spend an average of $9m annually on their security budgets, hackers spend relatively little to launch attacks. Malware is available for as little as $45 on the dark web, and a large expense for hackers would be the $28,000 cost of a cell-tower simulator kit used to intercept call data. To read more: https://www.csoonline.com/article/3340049/how-much-does-it-cost-to-launch-a-cyberattack.html

Qualcomm chipsets

Android smartphones and tablets using Qualcomm chipsets are vulnerable to attacks. The vulnerabilities are in Qualcomm’s Secure Execution Environment, which enables attackers to steal sensitive data stored in a secure area. To read more: https://thehackernews.com/2019/11/qualcomm-android-hacking.html

Microsoft and Linux kernels

Both Microsoft and Linux have added ways to disable Intel Transactional Synchronization Extensions. This technology opens CPUs to attacks via the Zombieload v2 vulnerability, which is discussed above. To read more: https://www.zdnet.com/article/windows-linux-get-options-to-disable-intel-tsx-to-prevent-zombieload-v2-attacks/

Solara Medical Supplies

Solara Medical Supplies announced that it was impacted by a data breach due to a phishing attack on employees’ Office 365 accounts. To read more:https://www.tripwire.com/state-of-security/security-data-protection/solara-medical-supplies-notifying-individuals-affected-by-data-breach/

InfoTrax Systems

Utah-based technology company InfoTrax Systems discovered a data breach only after receiving an alert that its servers had reached maximum storage capacity due to a data archive file that a hacker created. To read more: https://thehackernews.com/2019/11/hacking-file-storage.html

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.