Polyverse Weekly Breach Report – Nov. 25th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

WhatsApp

A new vulnerability in the WhatsApp messaging platform enables hackers to remotely compromise targeted devices. The vulnerability is a stack-based buffer overflow issue that can result in denial-of-service or remote code-execution attacks. To read more:https://thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html

Louisiana state government

Targeted ransomware forced the state government of Louisiana offline, impacting websites, email systems and other internal applications. To read more:https://thehackernews.com/2019/11/louisiana-ransomware-attack.html

Phineas Fisher

A hacktivist known as Phineas Fisher published a manifesto announcing a program that pays up to $100,000 for politically motivated hacks. The program targets mining and livestock companies in South America and an Israeli spyware vendor, oil companies and banks. To read more:https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies

Qualcomm chips

Researchers discovered vulnerabilities in Qualcomm chipsets that enabled attackers to steal information from affected phones. Samsung and LG have applied patches while Motorola is working on a fix. To read more:https://thenextweb.com/security/2019/11/15/bugs-in-qualcomm-chips-leaked-private-data-from-samsung-and-lg-phones/

Disney+

Hackers began hijacking Disney+ user accounts as soon as the service was launched. In some cases hackers gained access to accounts by using email and passwords leaked at other sites. To read more: https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/

Android 

A new report revealed 146 different Android vulnerabilities that are present on devices right out of the box. The vulnerabilities span a wide range of exploits. To read more: https://www.androidauthority.com/kryptowire-android-vulnerabilities-report-1055020/

Port Neches-Groves ISD, Texas

The FBI is working to restore ownership of the Port Neches-Groves Independent School District’s database to the district after hackers deployed ransomware. To read more: https://www.12newsnow.com/article/news/education/port-neches-groves-isd-computers-attacked-by-ransomware/502-dd9746e2-1ad4-413e-94fc-323dde5555eb

Magic: The Gathering

Wizards of the Coast, the maker of the game Magic: The Gathering, left a database backup-file in a public Amazon S3 bucket. Since the bucket had no password, anyone could access the file. The database stored information on 452,634 players, including email addresses. To read more: https://techcrunch.com/2019/11/16/magic-the-gathering-wizards-data-exposure/

Cayman National Bank

Cayman National Bank confirmed a data breach. The bank was targeted by Phineas Fisher in his manifesto, which is referenced above. To read more: https://www.vice.com/en_us/article/ne8p9b/offshore-bank-targeted-phineas-fisher-confirms-hack-cayman-national-bank

Intel

Intel is removing old drivers and BIOS updates, released between the 1990s and mid-2000s, from its official website. Removing them causes problems for administrators running legacy systems, some of whom apparently had thought that they would always have access to them. To read more: https://www.zdnet.com/article/intel-to-remove-old-drivers-and-bios-updates-from-its-site-by-the-end-of-the-week/

Veterinary hospitals

National Veterinary Associates is working to recover from a ransomware attack that impacted half of its properties. Many veterinary practices could not access their patient records, payment systems and management software. To read more: https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/

Macy’s 

Macy’s announced that it had suffered a data breach after the department store’s website was hacked with the purpose of stealing customer payment information. To read more: https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/

National Milk Records

UK-based dairy and livestock group National Milk Records announced that its revenue fell 14% in the third quarter after the company suffered a cyberattack. The attack was initially announced on September 25, 2019.https://www.sharesmagazine.co.uk/news/market/6676278/National-Milk-Records-revenue-hit-by-cyber-attack

Monero

The official website of Monero cryptocurrency was hacked and attackers replaced legitimate Linux and Windows binaries with malicious versions. To read more:https://thehackernews.com/2019/11/hacking-monero-cryptocurrency.html

Gatehub and EpicBot

Researchers found a database with personal information from 2.2m users of Gatehub, a cryptocurrency wallet service, and EpicBot, a gaming bot provider. To read more: https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/

PAYDAY

Researchers are working with Oracle to fix several remaining critical vulnerabilities in Oracle E-Business Suite. The vulnerabilities, dubbed PAYDAY, were first patched in April 2018. To read more: https://www.onapsis.com/blog/oracle-payday-vulnerabilities

PayMyTab

Personal information belonging to PayMyTab customers was exposed due to a public Amazon bucket. To read more: https://www.zdnet.com/article/paymytab-data-leak-exposes-personal-information-belonging-to-mobile-diners/

Gekko Group

Researchers found a database belonging to Gekko Group, one of Europe’s largest hotel-booking companies, exposed on a public server. The database has information on 140,000 clients, both individuals and organizations. To read more: https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/

Phoenix keylogger

The new keylogger Phoenix is gaining a following because of its anti-antivirus and anti-virtual-machine module that keeps the malware from being detected while deployed. To read more: https://www.zdnet.com/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/

Titan M chip

Google set up a bug bounty of up to $1.5m for hackers to compromise the Titan M chip in Pixel devices. To read more: https://thehackernews.com/2019/11/google-pixel-titan-m-chip.html

T-Mobile

T-Mobile announced a data breach impacting prepaid customers’ account information. To read more: https://www.tmonews.com/2019/11/t-mobile-data-breach-prepaid-customers/

WeWork

Developers at WeWork accidentally exposed contracts for customers based in India, China and Europe on GitHub. WeWork removed the repository from the internet after they were informed. To read more: https://www.vice.com/en_us/article/bjwqxz/wework-developers-exposed-contracts-and-customer-data-on-github

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.