Polyverse Weekly Breach Report – Oct. 21st

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Phorpiex botnet

While initially created to infect machines with ransomware, the botnet Phorpiex is now sending sextortion email to millions of people. The bot, which controls over 450,000 computers, is designed to send out more than 30,000 messages per hour. To read more: https://thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html

 

Kubernetes

Two bugs in the Kubernetes container software can be highly dangerous under certain configurations. The flaws have been patched in the latest builds, but if exploited could enable an attacker to bypass authentication controls to access a container. To read more: https://threatpost.com/kubernetes-bugs-authentication-bypass-dos/149265/

 

Adobe

Adobe released out-of-sync security patches to fix 82 security flaws in various products. To read more: https://thehackernews.com/2019/10/adobe-software-patches.html

 

Sudo 

A vulnerability was discovered in Sudo, a key utility installed on UNIX and Linux-based operating systems. The vulnerability is a security-policy bypass issue that could enable a hacker to execute arbitrary commands as root. To read more: https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html

 

California Consumer Privacy Act

California’s Attorney General published draft guidance for new privacy legislation that will go into effect on January 1st 2020. The law instructs businesses to disclose what personal data they collect, among other requirements. To read more: https://techcrunch.com/2019/10/12/californias-privacy-act-what-you-need-to-know-now/

 

Samsung Galaxy 10

A flaw in Samsung Galaxy 10 smartphones enables anyone’s fingerprint to unlock any phone. To read more: https://www.bbc.com/news/technology-50080586

 

npm

Researchers analyzed the dependencies of npm packages, which automate various processes for the JavaScript programming language, and found that hackers only had to compromise one of 391 influential maintainers to create a serious security incident. To read more: https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/

 

Docker

A worm attacked 2,000 Docker hosts, exploiting misconfigured permissions to run cryptomining software. To read more: https://www.darkreading.com/cloud/cryptojacking-worm-targets-and-infects-2000-docker-hosts/d/d-id/1336104

 

Stolen cloud-computing power

A Singapore man was indicted for using stolen identities to create fake cloud-computing accounts in order to mine cryptocurrency. He tricked cloud-computing providers to approve deferred billing, heightened account privileges, and increased processing power and storage. To read more:https://www.justice.gov/usao-wdwa/pr/citizen-singapore-indicted-scheme-steal-cloud-computing-power-cryptocurrency-mining?ck_subscriber_id=512831035

 

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Pitney Bowes

Technology company Pitney Bowes confirmed that it was hit by a cyberattack. Malware encrypted information on some systems and disrupted access to certain services. To read more: https://www.thehour.com/business/article/Pitney-Bowes-hit-by-cyber-attack-14519978.php?src=nwkhpcp

 

Baltimore

The city of Baltimore just purchased $20m in cyber-insurance. A major cyberattack that occurred five months ago cost the city approximately $18m in recovery expenses and lost revenue. To read more: https://www.wsj.com/articles/baltimore-to-buy-20-million-in-insurance-in-case-of-another-cyber-attack-11571246605

 

UC Browser apps

The UC Browser and UC Browser Mini Android apps exposed users to man-in-the-middle attacks by downloading an Android Package Kit from a third-party server insecurely. Doing so violates Google’s app-store rules. To read more: https://www.bleepingcomputer.com/news/security/500-million-uc-browser-android-users-exposed-to-mitm-attacks-again/

 

European airport attack

More than half of computing systems at an unnamed European airport were infected with a Monero cryptominer. While the malware increased power consumption, it did not impact airport operations. To read more: https://www.bleepingcomputer.com/news/security/european-airport-systems-infected-with-monero-mining-malware/

 

Realtek WiFi chips

A flaw in Linux makes it possible for nearby devices to use WiFi signals to crash vulnerable machines. To read more: https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/

 

Mystery box on ship

While assessing security on a ship, Pen Test Partners noticed a black box connected to the vessel’s onboard LAN. The box had been put there legitimately for monitoring fuel and engine efficiency but was later forgotten and left running. This brings up questions about what other technology on various networks may be forgotten but still connected. To read more: https://nakedsecurity.sophos.com/2019/10/17/pen-testers-find-mystery-black-box-connected-to-ships-engines/

 

Recruitment firms

Authentic Jobs and Sonic Jobs, two online recruitment firms, exposed resumes after leaving S3 buckets public on the internet. The mistake exposed more than 200,000 resumes. To read more: https://news.sky.com/story/job-applicants-worried-as-hundreds-of-thousands-of-cvs-exposed-online-11836935

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.