Polyverse Weekly Breach Report – Sept. 3

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Hostinger

Web-hosting provider Hostinger suffered a data breach after attackers found an authorization token on one of the company’s servers, and used it to gain access to an internal system API. Hostinger ring-fenced the vulnerable system and reset 14m customer passwords. To read more: https://thehackernews.com/2019/08/web-hosting-hostinger-breach.html

Binance

The cryptocurrency exchange Binance confirmed that know-your-customer images that hackers leaked online earlier this month came from a third-party vendor. Some of the leaked images matched actual accounts while others did not. The investigation is still ongoing. To read more: https://thehackernews.com/2019/08/binance-kyc-data-leak_26.html

Nemty ransomware

Researchers found new ransomware that they named Nemty after the extension it adds to files after encrypting them. The malware is supposedly deployed via compromised remote desktop connections. To recover their data, victims are asked to pay approximately $1,000. To read more: https://www.bleepingcomputer.com/news/security/new-nemty-ransomware-may-spread-via-compromised-rdp-connections/

Imperva

Cybersecurity company Imperva alerted customers to a data breach that exposed email addresses, scrambled passwords, API keys and more for some of its firewall users. The exposure was limited to its Cloud WAF product. To read more: https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/

RETADUP malware

French law enforcement announced that it had taken down the RETADUP botnet malware, remotely disinfecting more than 850,000 computers worldwide by causing the malware to self-destruct. To read more: https://thehackernews.com/2019/08/retadup-botnet-malware.html

Apple

Apple announced that it will no longer retain audio recordings of Siri interactions by default. To read more: https://thehackernews.com/2019/08/apple-siri-recording-privacy.html

Magecart

Researchers discovered 80 Magecart-compromised e-commerce websites that are stealing credit-card information from victims. To read more: https://thehackernews.com/2019/08/magecart-hacking-credit-card.html

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

iPhones

Project Zero announced a new iPhone-hacking campaign that is able to install malware on iOS devices if victims simply visit an infected website. To read more: http://telecoms.com/499429/google-exposes-massive-iphone-hacking-operation/

Ransomware payments

Ransomware continues to spread through American city governments, schools and police departments. The role that the insurance industry is playing in the crisis is often overlooked. While insurers do not release information about ransom payments, they often pay the demands even if alternatives exist. To read more: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks

Dental data

DDS Safe, an online backup system used by dental offices specifically to protect their data from ransomware, fell victim to ransomware. The backend system was hit with what is likely the Sodinokibi malware. How the attackers managed to compromise the company’s infrastructure is unclear. To read more: https://thehackernews.com/2019/08/dds-safe-dental-ransomware-attack.html

Capital One hacker

The woman arrested last month in connection with a large Capital One data breach has now been accused of hacking more than 30 other companies. She is indicted for mining cryptocurrency in addition to stealing data. To read more: https://thehackernews.com/2019/08/paige-thompson-capital-one.html

Russell Stover Chocolates

Russell Stover Chocolates announced that a data breach potentially affected customer credit- and debit-card information. To read more: https://www.foxbusiness.com/personal-finance/russell-stover-chocolates-latest-in-data-breach-what-customers-need-to-know

Foxit Software

PDF-software company Foxit disclosed a data breach that enabled third-parties to access it customers’ personal information. Foxit has more than 525m users worldwide. To read more: https://www.bleepingcomputer.com/news/security/foxit-software-discloses-data-breach-exposing-user-passwords/

Jack Dorsey Twitter

The founder of Twitter had his account hacked last week. Twitter said its own systems were not compromised. To read more: https://www.bbc.com/news/technology-49532244

Starbucks

A security researcher found a Starbucks subdomain had a DNS pointer that was accidentally abandoned. By claiming the Azure resource name an attacker could use the subdomain to carry out cross-site scripting attacks. To read more: https://www.bleepingcomputer.com/news/security/starbucks-abandons-azure-site-exposed-subdomain-to-hijacking/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.