Polyverse Weekly Breach Report – Oct. 14th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Signal

A Google Project Zero researcher discovered a logic vulnerability in Signal, a secure messaging app. The vulnerability could enable a malicious caller to force a call to be answered at the receiver’s end without end-user interaction. To read more: https://thehackernews.com/2019/10/signal-messenger-bug.html

 

vBulletin

A new security patch for the forum software vBulletin addresses three high-severity vulnerabilities. The bugs are a remote code-execution flaw and SQL injection issues. To read more: https://thehackernews.com/2019/10/vBulletin-hacking-exploit.html

 

Twitter

Twitter announced that phone numbers and email addresses of some users were used in targeted advertising unintentionally. An error in Twitter’s system enabled marketers to run targeted ads based on the information, which users had supplied only for two-factor authentication purposes. To read more: https://thehackernews.com/2019/10/twitter-advertising-privacy.html

 

iTerm2

A security firm discovered a seven-year-old remote code-execution vulnerability in iTerm2, an open-source replacement for Mac’s built-in terminal app. The tmux integration feature, useful for running more than one command-line program at a time, has a bug that could enable an attacker to execute arbitrary commands. To read more: https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html

 

ClearSky Cyber Security

The hacking group known as Charming Kitten, APT35 or Phosphorus sent malware via email to researchers at ClearSky Cyber Security. The group recently targeted a US presidential campaign but also has a history of targeting cybersecurity analysts. To read more: https://www.cyberscoop.com/iran-hacking-clearsky-microsoft-charming-kitten/

 

TransUnion Canada

A hacker gained access to a TransUnion Canada web portal and retrieved customer credit files. TransUnion has sent letters to the customers who were impacted by the breach. To read more: https://www.bleepingcomputer.com/news/security/credit-info-exposed-in-transunion-data-security-incident/

 

Volusion

Hackers breached Volusion, a provider of cloud-hosted online stores, in order to deliver malicious code that records payment-card details. To read more: https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/

 

Mukstik ransomware

A programmer who was affected by Muhstik ransomware released 3,000 decryption keys and free decryptor software that he got by hacking the perpetrators of the malware. He gained access to the PHP script that generates new passwords for victim machines and created a new file to put out decryption keys. To read more: https://fossbytes.com/hacked-programmer-retaliates-hacking-hackers/

 

iTunes and iCloud for Windows

A hacker group was found exploiting a zero-day vulnerability in the Bonjour updater, which comes bundled with Apple’s iTunes and iCloud for Windows. The vulnerability allows attackers to use Bonjour to execute malicious programs. To read more: https://thehackernews.com/2019/10/apple-bonjour-ransomware.html

 

Beeline

Data belonging to 8.7m customers of the Russian internet service provider Beeline is being sold online. The original breach occurred in 2017 but the hack was not made public until now. To read more: https://www.zdnet.com/article/data-breach-at-russian-isp-impacts-8-7-million-customers/

 

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Imperva

Cybersecurity company Imperva released a statement that the data of some of its customers was exposed in a breach in September 2017. Final analysis, published last week, determined that a stolen AWS API key caused the breach. To read more: https://www.oodaloop.com/briefs/2019/10/11/imperva-blames-data-breach-on-stolen-aws-api-key/

 

Click2Mail

Email service Click2Mail announced that customer information may have been exposed in a data breach. To read more: https://www.darkreading.com/attacks-breaches/click2mail-suffers-data-breach/d/d-id/1336072

 

Hookers.nl

A hacker stole the personal information of 250,000 users of the Dutch prostitution forum Hookers.nl and is attempting to sell the data. The hack was accomplished using the vBulletin vulnerability, which this report discusses above. To read more: https://www.pcmag.com/news/371264/hacker-loots-data-on-250-000-users-of-dutch-prostitution-sit

 

Tū Ora Compass Health

A primary health organization in New Zealand announced a data breach that could have impacted 1m people. The organization, Tū Ora Compass Health, took the affected server offline as soon as it was aware of the breach. To read more: https://www.techradar.com/news/new-zealand-health-ngos-data-breach-could-affect-up-to-1-million-people

 

Healthcare breaches

Healthcare breaches exposed the data of almost 1.5m people in the month of September. This is more than double the number compromised in August. To read more:https://www.modernhealthcare.com/cybersecurity/15-million-patients-data-exposed-september-reported-healthcare-breaches

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.