Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Fasten

The Boston based ride-hailing service informed users of a million-customer data breach. The issue was due to a misconfigured Apache Hive database, which was unsecured and exposed on the internet. To read more: https://www.theregister.co.uk/2017/11/13/rideshare_upstart_fasten_data_breach/

Jewson Direct

The builders merchant confirmed that customer details could have been exposed in a cyberattack this summer. It is not known if the customer information was encrypted. To read more: https://www.theregister.co.uk/2017/11/14/jewson_suffers_data_breach/

Microsoft

Microsoft patched a remote code-execution bug that researchers found in a 17-year-old executable. The vulnerability was not stopped by Windows 10’s security. The tool is used to insert mathematical formulas into Office documents. To read more: http://www.zdnet.com/article/windows-10-defenses-open-to-17-year-old-office-bug-but-microsofts-just-fixed-it/

Forever 21

The retailer is investigating a potential data breach, which may have compromised customer information and payment. Encryption and token-based authentication systems were implemented. To read more: http://www.zdnet.com/article/forever-21-reveals-potential-data-breach/

The Pentagon

The Pentagon left an S3 bucket exposed on the internet that contained 1.8 billion documents. The database contained information going back as far as 2009. To read more: http://money.cnn.com/2017/11/17/technology/centcom-data-exposed/index.html

Reported Vulnerabilities

Hidden Cobra

The FBI and DHS have issued an alert that North Korean hackers are targeting the aerospace industry, financial services and critical infrastructure with a remote-access trojan, or RAT. The Hidden Cobra group has been using the FallChill RAT since 2016. To read more: https://hotforsecurity.bitdefender.com/blog/us-government-issues-alert-about-north-korean-hidden-cobra-cyber-attacks-19215.html

Airplane hacks

Homeland Security was able to compromise a Boeing 757 via radio-frequency communications. The details of the attack itself are classified. To read more: https://www.theregister.co.uk/2017/11/15/airplanes_vulnerable_rf_hacking/

Oracle

Oracle released an emergency patch for two vulnerabilities with top severity ratings. Five bugs were found in the Tuxedo application. The most severe flaw is a memory-leak issue similar to HeartBleed. To read more: http://www.zdnet.com/article/oracle-pushes-second-emergency-patch-this-month-for-critical-server-vulnerability/

Google Home and Alexa

Google and Amazon have patched their smarthome devices to plug the BlueBorne flaw. The flaw could be used as an entry point to attacking other devices with malware. To read more: http://www.zdnet.com/article/google-home-and-amazon-echo-hit-by-big-bad-bluetooth-flaws/

Terdot Banking Trojan

The banking trojan, discovered by researchers, can be used to view and modify traffic on email and social media platforms in addition to collection financial information. The malware derives inspiration from the Zeus banking trojan. To read more: https://www.darkreading.com/threat-intelligence/terdot-banking-trojan-spies-on-email-social-media/d/d-id/1330449?

Amazon Key flaw

Amazon is fixing a flaw in its Key service that allows a hacker to freeze the camera. The attack can be launched within wi-fi range. To read more: http://www.zdnet.com/article/amazon-were-fixing-flaw-that-leaves-key-security-camera-open-to-wi-fi-jamming/

DJI

The drone maker left AWS credentials and private SSL keys among other important information open on public forums. For example, the private keys of the HTTPS domain were exposed on GitHub for the last four years. To read more: http://www.zdnet.com/article/bug-bounty-hunter-reveals-dji-ssl-firmware-keys-have-been-public-for-years/

LibXL

Researchers identified seven vulnerabilities in the LibXL C library, which is used to read Excel files. Attackers could perform remote code execution attacks using specially crafted XLS files. To read more: https://threatpost.com/multiple-vulnerabilities-in-libxl-library-open-door-to-rce-attacks/128938/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.