Polyverse Weekly Breach Report- Oct. 7

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Linux Kernel

A new security feature for the Linux kernel will ship in the next update. The feature will prevent the root account from interacting with kernel code, making it harder to compromise the operating system. To read more:https://www.zdnet.com/article/linux-to-get-kernel-lockdown-feature/

 

Strathroy auto parts

A cyberattack on Meridian Lightweight Technologies came from Strathroy, a supplier of lightweight magnesium for car parts. Meridian is not commenting on the type of attack at this time. To read more: https://lfpress.com/news/local-news/fbi-called-in-as-strathroy-auto-parts-factory-suffers-cyber-attack

 

Cyberbunker 2.0

German authorities arrested seven people in connection with Cyberbunker 2.0, a hosting facility serving dark-web sites using servers housed in a former military bunker. To read more: https://krebsonsecurity.com/2019/09/german-cops-raid-cyberbunker-2-0-arrest-7-in-child-porn-dark-web-market-sting/

 

Zynga

Social gaming company Zynga released a restrained statement in September that hackers may have accessed some players’ account information. A hacker supposedly behind two data dumps in early 2019 now claims to actually have breached more than 200m Android and iOS accounts. To read more: https://www.forbes.com/sites/daveywinder/2019/09/30/data-breach-warning-for-200-million-android-and-ios-gamers/#5ed442571db3

 

Comodo Forums

Cybersecurity company Comodo is one of the victims of a recently disclosed vBulletin zero-day vulnerability. The bug exposed the login information of 245,000 users registered with the discussion board Comodo Forums. To read more: https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html

 

Exim

A critical vulnerability was discovered and patched in the open-source software for Exim email servers. Servers that are not updated to version 4.92.3 are vulnerable to the attack. To read more: https://thehackernews.com/2019/09/exim-email-security-vulnerability.html

 

Asics

Sportswear brand Asics blamed a cyberattack after a screen in a storefront played porn for nine hours. Asics has apologized to everyone who may have passed by the New Zealand store and is investigating the incident. To read more: https://www.forbes.com/sites/zakdoffman/2019/09/30/asics-blames-hackers-for-running-hours-of-porn-on-store-window-display-screens/#40f3181b6ad3

 

Hospitals

Ten hospitals around the globe were hit with ransomware attacks that have prevented them from accepting new patients. Three of the hospitals are in Alabama, where officials were attempting to get computers back online. To read more: https://arstechnica.com/information-technology/2019/10/hamstrung-by-ransomware-10-hospitals-are-turning-away-some-patients/

 

Yahoo! accounts

An ex-Yahoo! employee misused his access at the company to hack into 6,000 user accounts. The former software engineer compromised internal systems to access accounts belonging to younger women, including colleagues and personal friends. To read more: https://thehackernews.com/2019/10/yahoo-email-hacking.html

 

US schools

Over 500 US schools have been infected by ransomware in 2019 so far. The attacks picked up in September as schools started back up for the new year. To read more: https://www.zdnet.com/article/over-500-us-schools-were-hit-by-ransomware-in-2019/

 

Mariposa botnet

German police arrested the creator of the Mariposa botnet in response to a US-issued international arrest warrant. The Mariposa botnet is estimated to have infected more than 1m computers. To read more: https://krebsonsecurity.com/2019/10/mariposa-botnet-author-darkcode-crime-forum-admin-arrested-in-germany/

 

Voatz

The FBI is investigating a hack of West Virginia’s mobile voting app during the 2018 midterm elections. The app lets voters who are active military or registered to vote abroad vote from their phones. To read more: https://edition.cnn.com/2019/10/01/politics/fbi-hacking-attempt-alleged-mobile-voting-app-voatz/index.html

 

WhatsApp

WhatsApp fixed a double-free memory-corruption bug that  came not from inside WhatsApp code but from an open-source GIF-image parsing library. The bug could lead to remote code-execution attacks. To read more:https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html

SandCat

Kaspersky Lab recently discovered an Uzbekistani state-sponsored hacking group that they call SandCat. SandCat has lax operational security and used the name of a military group with ties to the state’s intelligence agency to register a domain employed in its attack infrastructure. To read more: https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

VPNs

The British National Cybersecurity Center is investigating threat groups using known vulnerabilities in virtual private network (VPN) products from Pulse Secure, Palo Alto and Fortinet. The VPN vulnerabilities enable attackers to retrieve arbitrary files and authentication credentials. To read more: https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities

 

DDoS botnet

Dutch police have taken down a hosting provider that sheltered internet-of-things botnets that were responsible for hundreds of thousands of distributed denial-of-service attacks around the world. To read more:https://www.zdnet.com/article/dutch-police-take-down-hornets-nest-of-ddos-botnets/

 

Android

Hackers are exploiting an unpatched zero-day vulnerability in Android. A proof-of-concept exploit became public seven days after it was reported to the Android security team. To read more: https://thehackernews.com/2019/10/android-kernel-vulnerability.html

 

Zendesk

Zendesk just disclosed a data breach from November 2016. A hacker accessed information on 10,000  user accounts. The breach was discovered in September of this year. To read more: https://www.zdnet.com/article/zendesk-discloses-2016-data-breach/

 

Egyptian government

The Egyptian government was found tracking its citizens. Victims downloaded apps that, while providing services, were really intended to bug their phones. To read more: https://www.theregister.co.uk/2019/10/04/egypt_smartphone_spying/

 

Sberbank

State-owned Russian Sberbank, a firm that provides banking and financial services, is investigating a data leak. While the firm says that the leak may affect 200 customers, an online data-breach seller claims to have information on 60m credit cards. To read more: https://www.techradar.com/news/russias-sberbank-hit-with-huge-data-leak

 

Focus Brands 

An investigation discovered the origin of a data breach at Focus Brands, which owns Schlotzsky’s, McAlister’s Deli and other restaurants. Hackers placed code capable of copying information from credit-card magnetic strips on the restaurant group’s servers during the spring and summer of 2019. How many customers were affected is unknown. To read more:https://www.restaurantbusinessonline.com/operations/investigation-finds-source-focus-data-breach

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.