Polyverse Weekly Breach Report -Sept. 30

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

YouTube accounts

Many high-profile YouTube accounts in various communities were hijacked, and the owners of the 23m channels on the platform have been warned of security risks. The hacks were the result of a coordinated campaign luring users to phishing sites where hackers then stole account credentials. To read more: https://www.zdnet.com/article/massive-wave-of-account-hijacks-hits-youtube-creators/

 

Microsoft

Microsoft released an emergency patch to fix two security issues, a zero-day vulnerability and a Microsoft Defender bug. Usually Microsoft releases its patches on the first Tuesday of each month, but this patch is out of sync with the regular schedule because it was deemed important to fix the issues as soon as possible. To read more: https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/

 

Facebook

Facebook suspended thousands of apps in response to an investigation that started after the Cambridge Analytica scandal. These apps may have misused personal data. To read more: https://www.washingtonpost.com/technology/2019/09/20/facebook-suspends-tens-thousands-apps-following-data-investigation/

 

vBulletin

A hacker revealed details and exploit code for an unpatched zero-day remote code-execution vulnerability in the forum software vBulletin. The vulnerability is not only remotely exploitable but also does not require authentication. To read more: https://thehackernews.com/2019/09/vbulletin-zero-day-exploit.html

 

Poison Carp

A hacking group is targeting mobile devices of high-profile Tibetan groups. Researchers believe that the Chinese government sponsors the group, dubbed Poison Carp. To read more: https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html

 

DataBook

After discovering one last week, researchers found a second unsecured server that exposed data on Ecuadorian citizens. The server is used by a company called DataBook and hosts the details of 17m citizens. To read more: https://www.computing.co.uk/ctg/news/3081923/ecuador-data-breach

 

Heyyo

A hacktivist group found a publicly accessible database belonging to the dating app Heyyo. The Elasticsearch database contained information on 70,000 users from around the world. To read more: https://www.wizcase.com/blog/heyyo-leak-research/

 

Apple keyboards

Apple announced that there is a bug in iOS13 that impacts third-party keyboards that have the ability to request full-access permissions. Full access enables the keyboard maker to capture keystroke data of anything a user types, and the bug may grant the access without approval. To read more: https://techcrunch.com/2019/09/24/apple-bug-full-access-keyboards/

 

Fleeceware

Researchers at Sophos discovered very simple Android apps on Google’s Play Market that likely exist only so that developers can overcharge for them. Users can download these so-called fleeceware apps at no charge for a short trial period, but when the trial ends the app developer charges hundreds of dollars unless users have both uninstalled the app and given notice that they no longer want it. To read more: https://news.sophos.com/en-us/2019/09/25/fleeceware-apps-overcharge-users-for-basic-app-functionality/

 

Windows Narrator

Hackers replaced the Narrator app on targeted Windows systems with a trojan version that gives them remote access. After entering a password that is hardcoded in the malware, attackers are able to gain elevated permissions. To read more: https://www.bleepingcomputer.com/news/security/hackers-replace-windows-narrator-to-get-system-level-access/

 

iOS jailbreak

A researcher publicly released a supposedly unpatchable exploit that works on most generations of iOS devices. To read more: https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html

 

Divergent malware

New fileless malware is infecting Windows computers worldwide. The malware uses built-in system utilities to compromise computers instead of using malicious code. To read more: https://thehackernews.com/2019/09/windows-fileless-malware-attack.html

 

DoorDash

The on-demand food-delivery service DoorDash confirmed a data breach that impacted almost 5m people including customers, delivery workers and merchants. To read more: https://thehackernews.com/2019/09/doordash-data-breach.html

 

Cool Ideas

Attackers used a DDoS technique called carpet bombing to take down Cool Ideas, a South African internet-service provider. As soon as Cool Ideas mitigated the first DDoS attack, another one began. To read more: https://www.zdnet.com/article/carpet-bombing-ddos-attack-takes-down-south-african-isp-for-an-entire-day/

Check out Have I Been Pwned to see if any of your accounts have been exposed by the above breaches.

 

Demant

Danish hearing-aid producer Demant lost 500,000 DKr in a cyber attack earlier this month. Markets in the US, Australia, Canada and the UK were affected by the issues in production and distribution. To read more:https://www.thelocal.dk/20190926/danish-company-lost-over-half-a-million-in-hacker-attack

 

Defence Construction Canada

A cyberattack disrupted the computer systems of Defence Construction Canada, which manages defense projects and infrastructure. The company’s response team is working to restore IT systems. To read more: https://ottawacitizen.com/news/national/defence-watch/defence-construction-canada-hit-by-cyber-attack-corporations-team-trying-to-restore-full-it-capability

 

Airbus

Airbus was hit with a series of cyberattacks that targeted suppliers in an attempt to steal trade secrets. Four major attacks have hit Airbus in the last 12 months. To read more: https://www.france24.com/en/20190926-airbus-hit-by-series-of-cyber-attacks-on-suppliers

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.