Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

PageUp

PageUp confirmed that some data was actually stolen in the cyberattack from last week. The personal data is from employees who currently or previously had access to the client’s PageUp instance. To read more: https://www.zdnet.com/article/pageup-confirms-some-data-compromised-in-breach/

Bithumb

A south Korean cryptocurrencyexchange, Bithumb, was hacked with 31.5 million worth of tokens stolen. Bithumb has asked customers to stop depositing new funds as all deposit and withdrawal services were halted. To read more: https://www.zdnet.com/article/south-korean-crypto-exchange-bithumb-hacked/

Tesla

Elon Musk sent an email to all of Tesla stating an employee had conducted “quite extensive and damaging sabotage”. The rogue employee made direct code changes to the operating system under false usernames. To read more: https://www.zdnet.com/article/elon-musk-emails-tesla-workers-weve-been-extensively-sabotaged-by-employee/

Intel hyper-threading

OpenBSD has disabled Intel’s hyper-threading technology. Simultaneous Multi-Threading implementations typically share TLBs and L1 caches between threads, which means that several Spectre-class bugs were made more easily exploitable. To read more: https://www.theregister.co.uk/2018/06/20/openbsd_disables_intels_hyperthreading/

Chromecast

Google is fixing a location privacy leak in Google Home and Chromecast devices. A security researcher discovered an authentication weakness that if exploited, leaks accurate location information of users devices. To read more: https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/

PDQ

A chicken restaurant from North Carolina called PDQ is alerting customers of a data breach. The breach occurred between May 2017 until April of 2018 and included names, credit card numbers and other personal information. To read more: http://www.cbs17.com/news/local-news/wake-county-news/pdq-restaurant-customer-credit-card-info-hacked-in-cyber-attack-officials-say/1258717197

DNS Rebinding

A programmer attempted a retro web attack called DNS rebinding on a few modern devices and found unexpected results. DNS rebinding gives controls and data access to a hacker by exploiting known browser weaknesses. The programmer found that there are DNS rebinding vulnerabilities in virtually every model of Google Home, Chromecast, Sonos WIFI speakers, Roku devices and some smart thermostats. To read more: https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/

Reported Vulnerabilities

Mylobot

A new malware campaign called Mylobot, comes equipped with three layers of evasion techniques that have not been seen in the wild before. The attack ropes systems into a botnet, provides the attacker with complete control over infected victims and the ability to deliver payloads. To read more: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

IoT cameras

There are vulnerabilities within 400 different models in Axis Communication’s internet connected video cameras. By exploiting the vulnerabilities, researchers found that remote attackers could take over devices using just the IP address. To read more: https://www.zdnet.com/article/vulnerabilities-in-these-iot-cameras-could-give-attackers-full-control-warn-researchers/

MacOS
A bug in MacOS can expose the contents of a user’s files including text and photo thumbnails even if the drive is encrypted. To read more: https://www.zdnet.com/article/macos-quick-look-bug-leaks-encrypted-data-researchers-find/

TLBleed

Intel has no plans to address a side-channel vulnerability called TLBleed. Using this vulnerability, a team of researchers were able to extract crypto keys from another running program. To read more: https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/

Drupal vulnerability

Attackers are exploiting the three-month-old vulnerability in Drupal to create cryptocurrency miners. The vulnerability is being exploited to deliver cryptojacking malware that then uses the power of the victim’s machine to mine Monero. To read more: https://www.zdnet.com/article/three-month-old-drupal-vulnerability-is-being-used-to-deploy-cryptojacking-malware/

WebAssembly

Changes in the WebAssembly standard may render some of the patches against Spectre and Meltdown at the browser level useless. WebAssembly is a compact binary language that a browser will convert into machine code and run directly on the CPU and is supported within all major browsers. To read more: https://www.bleepingcomputer.com/news/security/changes-in-webassembly-could-render-meltdown-and-spectre-browser-patches-useless/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.