Polyverse Weekly Breach Report – Oct. 28th

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

NordVPN

Virtual private network provider NordVPN confirmed that it was hacked after an expired internal private key was exposed. This potentially enabled hackers to create their own servers imitating the organization’s. To read more: https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

 

Skip-2.0

Researchers discovered backdoor malware that specifically targets Microsoft SQL servers. The malware runs in memory and enables remote attackers to surreptitiously connect to any account on a server. To read more: https://thehackernews.com/2019/10/mssql-server-backdoor.html

 

Women’s Care Florida

This women’s health clinic discovered that some of its computer systems were infected with a virus that encrypted files. Although no patient information was apparently accessed, the data of half a million patients were exposed. To read more: https://www.insurancebusinessmag.com/us/news/cyber/womens-care-clinic-hit-by-data-breach-half-a-million-patients-info-at-risk-189200.aspx

 

Mercedes-Benz app

A remote-control app for Mercedes-Benz cars leaked data between accounts, enabling users to see information from other customers, including names, phone numbers and recent locations. To read more: https://www.engadget.com/2019/10/19/mercedes-app-leaked-car-owners-data

 

Avast

This Czech cybersecurity company discovered that hackers had targeted its CCleaner software for a second time, this time compromising the company’s internal network in an attempt to tamper with version releases. To read more:https://www.zdnet.com/article/avast-no-plans-to-discontinue-ccleaner-following-second-hack-in-two-years/#ftag=CAD-03-10abf5f

 

Home Group

Home Group, one of the biggest housing associations in the UK, warned 4,000 customers that their personal information may have been stolen in a data breach. To read more: https://www.infosecurity-magazine.com/news/home-group-data-breach/

 

Cache poisoning

Researchers discovered a new cache-poisoning attack that hackers could use to force websites into delivering error pages. The issue impacts reverse-proxy systems, such as Varnish, and Content Distribution Networks, including Amazon CloudFront and Cloudflare. To read more:https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html

 

Turla 

The US National Security Agency and Britain’s National Cyber Security Centre reported that Russian threat group Turla hijacked malware from Iranian hackers. To read more: https://www.securityweek.com/us-uk-russian-hackers-hijacked-iranian-malware-infrastructure

 

Billtrust

Cloud-based payment provider Billtrust is recovering from a ransomware attack that started in mid-October. Company systems were reportedly hit by the Bitpaymer strain of ransomware. To read more: https://krebsonsecurity.com/2019/10/ransomware-hits-b2b-payments-firm-billtrust/

 

Best Western Hotels & Resorts

An open Elasticsearch database belonging to Best Western exposed records of hotel customers and US military personnel. The database was part of the hotel’s reservation-management system. One of the platforms connected to the system is a US-government contractor. To read more:https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/

 

Joker malware

Researchers found a new infected application on the Google Play store. Users of Int App Lock are advised to delete the app from their devices immediately. The malware, dubbed Joker, accesses and exfiltrates contact lists and device information to external servers. To read more:https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play

 

Samsung Galaxy 10

Three UK banks have suspended mobile banking services for Samsung Galaxy 10 users because of  a vulnerability in the phone’s fingerprint scanner. The vulnerability could enable unauthorized users to access banking apps. To read more: https://www.bleepingcomputer.com/news/security/samsung-galaxy-s10-banned-by-banks-due-to-buggy-fingerprint-reader/

 

The Heat Group

The Heat Group, a cosmetics company, was hit by a ransomware attack. An investigation revealed that the hackers had already deleted many files, and that paying the ransom was therefore pointless. The attack cost the company at least $2m. To read more: https://www.smh.com.au/business/small-business/your-whole-business-is-basically-gone-gillian-franklin-hit-by-2-million-cyber-attack-20191021-p532ri.html

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Amazon Web Services

DNS servers at Amazon Web Services suffered a denial-of-service attack. During the downtime, websites and apps that attempted to contact back-end Amazon-hosted systems received error messages or blank pages. To read more: https://www.theregister.co.uk/2019/10/22/aws_dns_ddos/

 

Clover Sites

Clover Sites, which provides a content-management system for religious websites, exposed customer data for several months. A researcher found a public database that contained 65,800 customer records. To read more: https://threatpost.com/religious-website-data-exposed-months/149535/

 

Pilz

Pilz, one of the world’s largest producers of automation tools, has been offline for more than a week because of a ransomware attack. Every Pilz location across 76 countries was impacted and disconnected from the main company network. To read more: https://www.zdnet.com/article/major-german-manufacturer-still-down-a-week-after-getting-hit-by-ransomware/

 

TikTok

Senators have asked the intelligence community to assess whether TikTok and other China-owned platforms pose a threat to national security. TikTok, a platform for comedy and other videos, has seen more than 110m downloads to date in the US. To read more: https://www.engadget.com/2019/10/24/tiktok-bytedance-national-security-senators-schumer-cotton/

 

Android Adware

Researchers found 42 apps on the Google Play Store that were distributed as legitimate software but later updated to display malicious full-screen advertisements. To read more: https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html

 

Geezeo

Jack Henry & Associates, a technology-solutions and payment-processing company, announced that a security incident had occurred at a subsidiary that it acquired in 2019. The subsidiary, Geezeo, investigated the breach and found that the impacted data was from 2012. To read more: https://www.prnewswire.com/news-releases/geezeo-discloses-data-security-incident-regarding-a-2012-data-file-300944497.html

 

Pwnagotchi

A new open-source gadget for hacking Wi-Fi networks is designed to become smarter the more networks it is exposed to. In imitation of digital Tamagotchi toy pets from the late 1990s, the Pwnagotchi is supposed to be  carried around town and “fed” with Wi-Fi handshakes. To read more: https://www.vice.com/en_us/article/xwekw4/pwnagotchi-is-the-open-source-handheld-that-eats-wi-fi-handshakes

 

ConferenceBadge.com

ConferenceBadge.com sent a letter to users to inform them of a security vulnerability that was identified on company systems. An S3 bucket was misconfigured and any information stored there became public on the internet. The company failed to issue a statement, but email recipients posted notifications on Twitter. To read more: https://twitter.com/jpadilla_/status/1186294977367891969/photo/1

 

Fortnite

A class-action lawsuit was filed against Epic Games over a 2018 data breach that exposed Fortnite accounts. The suit claims that Epic did not address the flaw, or notify users of the breach, in a timely manner. To read more: https://www.vg247.com/2019/08/10/fortnite-security-breach-class-action/

 

7-Eleven

A popular gas-buying app from convenience-store operator 7-Eleven suffered a data breach that enabled customers to view names, email addresses and birthdates of other users. To read more: https://www.theguardian.com/technology/2019/oct/25/7-eleven-fuel-app-data-breach-exposes-users-personal-details

 

Johannesburg city council

Hackers shut down Johannesburg’s city-council network, targeting local government employees. The hackers demanded bitcoin in exchange for reactivating the internet and email. To read more: https://www.reuters.com/article/us-safrica-crime/cyber-attack-shuts-johannesburg-city-authoritys-network-idUSKBN1X41RF

 

Adobe

A data breach at Adobe exposed 7.5m Creative Cloud accounts. Researchers found a database containing sensitive user information accessible to anyone using a web browser. To read more: https://www.diyphotography.net/adobe-data-breach-exposed-almost-7-5-million-creative-cloud-accounts-to-the-public/

 

PHP 

A new vulnerability could enable unauthorized users to hack website servers remotely if PHP is running on Nginx servers and has the PHP-FPM feature enabled. To read more: https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html?utm_source=dlvr.it&utm_medium=twitter

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.