Polyverse Weekly Breach Report – Nov. 4th

Nov 4, 2019By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

The Pirate Bay

The Pirate Bay was down for more than a week because of a series of distributed denial-of-service attacks against the torrent website. Attackers flooded the Sphinx search daemon with searches, which crashed the website. To read more: https://thehackernews.com/2019/10/the-pirate-bay-down.html


2020 Summer Olympics

According to Microsoft’s Threat Intelligence Center, Russian state-sponsored hackers are targeting anti-doping authorities. The attacks are thought to be connected to the 2020 Olympics, with the latest attack beginning on September 16, shortly after the World Anti-Doping Agency discovered irregularities in a database from Russia’s national anti-doping laboratory. To read more: https://thehackernews.com/2019/10/cyber-attack-tokyo-olympics.html


UniCredit Bank

UniCredit, an Italian banking and financial-services company, announced that a security incident leaked the personal information of 3m domestic customers. The company has not disclosed details on how the breach occurred, only that the breach was of a file created in 2015. To read more:https://thehackernews.com/2019/10/unicredit-bank-data-breach.html



The country of Georgia was hit by a cyberattack that knocked out more than 2,000 websites and the national TV station. To read more: https://www.bbc.com/news/technology-50207192


American Cancer Society

The American Cancer Society’s online store fell victim to malware that stole credit-card information. A researcher found the malware buried in obfuscated code that was written to look like analytics. To read more:https://techcrunch.com/2019/10/28/american-cancer-society-credit-card-malware/



Top Linux maintainers believe that CPU security vulnerabilities, such as those that led to the Spectre and Meltdown exploits, will continue to be around for many years. To read more: https://www.zdnet.com/article/top-linux-developer-on-intel-chip-security-problems-theyre-not-going-away/



Facebook filed a lawsuit against the Israeli surveillance firm NSO Group, alleging that it was involved in hacking users of WhatsApp, which is owned by Facebook. Attackers were found exploiting a vulnerability in the encrypted mobile app and using it to remotely install Pegasus spyware on targeted devices. To read more: https://thehackernews.com/2019/10/whatsapp-nso-group-malware.html


Kudankulam Nuclear Power Plant

A former analyst tied North Korean malware to a cyberattack on India’s Kudankulam Nuclear Power Plant. The malware likely targeted the plant’s technical information. To read more: https://arstechnica.com/information-technology/2019/10/indian-nuke-plants-network-reportedly-hit-by-malware-tied-to-n-korea/


However: the power-plant’s administration denies that a cyberattack would even be possible as the facility is not connected to an outside network or the internet. To read more: https://www.deccanherald.com/national/south/no-cyber-attack-on-kudankulam-nuclear-plant-systems-771810.html


Domain-name registrars

The domain-name registrars NetworkSolutions.com, Register.com and Web.com are asking users to reset their passwords because an unauthorized third party accessed customer account information. To read more: https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/


Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.



This fast-food chain has notified customers of a security breach impacting one of its payment-processing systems. To read more: https://latesthackingnews.com/2019/10/31/us-fast-food-restaurant-krystal-warns-users-of-a-security-breach/



The genealogy website GEDmatch has security vulnerabilities that could enable malicious hackers to extract sensitive genetic markers or even impersonate users’ relatives. To read more: https://www.geekwire.com/2019/univ-washington-researchers-uncover-dna-data-security-flaws-popular-genealogy-website/



Chinese hackers are using new malware, dubbed MessageTap, to spy on text messages. The malware is apparently designed and used by the group APT41, known for carrying out state-sponsored espionage. To read more: https://thehackernews.com/2019/10/sms-spying-malware.html



Bad actors hacked at least 13 managed service providers (MSPs) this year for the purpose of deploying ransomware. Once hackers compromise the network of an MSP, they can quickly infect thousands of computers. To read more: https://www.zdnet.com/article/at-least-13-managed-service-providers-were-used-to-push-ransomware-this-year/



Google is urging Chrome users to immediately update the web browser in order to patch two high-severity vulnerabilities. Hackers are actively exploiting the vulnerabilities, which are both use-after-free issues. To read more: https://thehackernews.com/2019/11/chrome-zero-day-update.html


US Department of the Interior

The US Department of the Interior grounded its fleet of aerial drones over concerns about cyberattacks involving Chinese-made drones. To read more:https://www.cnet.com/news/us-interior-department-to-ground-its-drones-over-chinese-spying-risk/


NHS pagers

A security researcher discovered that an amateur radio rig was collecting real-time medical data broadcast by pagers used by the UK’s National Health Service. The details included names, addresses and injuries. To read more: https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/



Utah-based renewable-energy company sPower experienced a cyberattack that disrupted communications with several solar and wind installations. This attack is believed to be the first cybersecurity incident to cause a “disruption” as defined by the Department of Energy. To read more: https://www.cyberscoop.com/spower-power-grid-cyberattack-foia/


APAC ports

A new study reports that a single cyberattack has the potential to cost major Asia-Pacific ports up to $110bn in damages. Currently, 92% of the economic costs from a potential cyberattack are uninsured. To read more:https://www.zdnet.com/article/one-cyber-attack-can-cost-major-apac-ports-110b/


Bed Bath & Beyond

The store Bed Bath & Beyond reported a breach of customer data. A third party gained access to less than one percent of the company’s online customer accounts, but the number of customers affected is still unknown. To read more: https://www.tomsguide.com/news/bed-bath-and-beyond-data-breach


Desjardins Group

A data breach that hit Canada’s Desjardins Group impacted all 4.2m members of the financial cooperative. To read more: https://www.reuters.com/article/us-desjardins-databreach/desjardins-group-data-breach-hit-all-4-2-million-members-quebec-finance-minister-idUSKBN1XB4N0

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.



Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.