Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Orangeworm

A cybercriminal group known as Orangeworm is installing custom malware known as Kwampirs onto the systems of large healthcare-related corporations across the US, Europe and Asia. To read more: https://www.zdnet.com/article/mysterious-cyber-worm-targets-medical-systems-found-on-x-ray-machines-and-mri-scanners/

Ukrainian Energy Ministry

The Ukrainian Energy Ministry has been hit by a ransomware attack. The hackers were able to use a recently patched Drupal vulnerability, highlighting that patch management remains a problem. To read more: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Careem

The ride-hailing app company from Dubai revealed that it was the victim of a data breach. The breach involved access to data related to 14 million customers and 558,800 drivers. To read more: https://techcrunch.com/2018/04/23/careem-data-breach/

Metamorfo

A new financial-malware campaign, Metamorfo, is targeting Brazilian companies. The malware uses a multi-stage infection path and a legitimate Windows tool as a side-loader. To read more: https://threatpost.com/metamorfo-targets-brazilian-users-with-banking-trojans/131441/

Total Meltdown

The source code for Total Meltdown, the vulnerability created when Microsoft initially tried to patch the Meltdown flaw, is available on GitHub. To read more: https://www.zdnet.com/article/it-must-patch-against-total-meltdown-now-the-source-code-is-on-github/

MEDantex

MEDantex, a company that provides medical transcription services for hospitals, clinics and physicians was notified by KrebsOnSecurity that it was leaking sensitive patient medical records from thousands of physicians. To read more: https://krebsonsecurity.com/2018/04/transcription-service-leaked-medical-records/

Hotel keycard systems

A security vulnerability in hotel keycard systems is enabling criminals to break into hotel rooms across the world. The flaws were discovered in lock-system software made by a company called VingCard. To read more: https://www.theregister.co.uk/2018/04/25/hotel_room_key_security_flaw/

Facebook

Facebook may be facing another data breach similar to that executed by Cambridge Analytica. Facebook wrote in its quarterly report “more instances of misuse of user data or other undesirable activity by third parties” were expected. To read more: https://inc42.com/buzz/facebook-hints-another-cambridge-analytica-like-data-breach/

Reported Vulnerabilities

Nvidia Tegra

A security researcher released proof-of-concept code that exploits a bug in Nvidia’s Tegra chipset. The researcher developed this cold-boot hack for the Nintendo Switch games console. To read more: https://www.theregister.co.uk/2018/04/23/nintendo_switch_nvidia_tegra_boot_rom_flaw/

Quihoo 360

The Chinese company Quihoo 360, says it has found a Windows zero-day in the wild, but it’s not telling anyone but Microsoft how it works. To read more: https://www.theregister.co.uk/2018/04/23/quihoo_360_yes_we_found_a_windows_0day_no_you_cant_know_what/

PyRoMine

A new form of cryptocurrency-mining malware uses a leaked NSA exploit to spread through Windows machines. This Python-based Monero miner was uncovered by Fortinet researchers. To read more: https://www.zdnet.com/article/this-cryptocurrency-mining-malware-also-disables-your-security-services/

WebEx

A critical vulnerability was found in Cisco’s WebEx software that could be exploited by an attacker to spread malware to meeting participants. The vulnerability allows a corrupted Flash file to be uploaded to attendees thanks to insufficient input validation. To read more: https://www.welivesecurity.com/2018/04/23/firms-using-webex-risk-poisoned-flash-attacks/

Cheaper crimeware kit

The price of a new crimeware kit called Rubella Macro Builder has been reduced to $120 for a three-month license. The kit is available on high-profile Russian and English-speaking underground forums, and is designed to be used in massive spam campaigns. To read more: https://www.zdnet.com/article/cheap-crimeware-kits-help-wannabe-hackers-get-into-the-malware-business/

ThaiCERT

Thailand’s Computer Emergency Response Team seized a server operated by North Korea’s Hidden Cobra APT. The North Koreans had been carrying out data reconnaissance on a wide number of industries in at least 17 countries. To read more: https://threatpost.com/thaicert-seizes-hidden-cobra-server-linked-to-ghostsecret-sony-attacks/131498/

SamSam Ransomware

The latest version of SamSam ransomware launches thousands of copies of the ransomware at once into organizations. It uses various vulnerability exploits rather than phishing and spam to gain access to corporate networks. To read more: https://threatpost.com/samsam-ransomware-evolves-its-tactics-towards-targeting-whole-companies/131519/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.