Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Spectre variant 4

Intel’s updates that address the just-revealed Spectre variant 4 attack are likely to put a significant drain on CPU performance. There is a noticeable 2–8% impact. To read more: https://www.zdnet.com/article/new-spectre-variant-4-our-patches-cause-up-to-8-performance-hit-warns-intel/

DrayTek

A Taiwanese network-kit maker, DrayTek, has reported a vulnerability in many of its routers that could enable hackers to hijack internet traffic or steal personal data. Attackers can remotely alter DNS settings on 28 of the company’s available routers. To read more: https://www.theregister.co.uk/2018/05/21/draytek_routers_security_vulnerability/

Xfinity

A bug on Comcast’s website, used to activate Xfinity routers, returns sensitive information on the company’s customers. The website can be tricked into displaying the home address where the router is located as well as the wi-fi name and password. To read more: https://www.zdnet.com/article/comcast-bug-leaks-xfinity-home-addresses-wireless-passwords/

Corporation Service Company

The Corporation Service Company notified several thousand California residents that their personally identifiable information was stolen by hackers who accessed the company’s network. The hack was discovered during routine security monitoring. To read more: https://www.cyberscoop.com/csc-california-data-breach/v

Verge

A cryptocurrency service that is attempting to bring back anonymity to trading was hacked via the firm’s blockchain. The hacker was able to exploit vulnerabilities present in the blockchain infrastructure to steal 35 million Verge coins. To read more: https://www.zdnet.com/article/verge-blockchain-comes-under-attack-again/

Bitcoin Gold

Bitcoin Gold was the target of a 51% attack leading to the theft of $17.5 million from cryptocurrency exchanges. 51% attacks force reorganization in the blockchain. If a hacker gains control of more than 50% of a network’s computing power, they can modify and exclude transactions of their own coins from blocks. To read more: https://www.zdnet.com/article/bitcoin-gold-hit-with-double-spend-attacks-18-million-lost/

T-Mobile

A bug in T-Mobile’s website enabled anyone to access the personal account details of any customer simply by knowing their cellphone number. The flaw has since been fixed. To read more: https://www.zdnet.com/article/tmobile-bug-let-anyone-see-any-customers-account-details/

Alexa

A couple in Portland received a phone call from a coworker telling them that she had received a recording of the couple talking privately in their home. The recording was sent through the couple’s Alexa. The couple had not instructed Alexa to record or share a copy of their conversation. To read more: https://www.theregister.co.uk/2018/05/24/alexa_recording_couple/

Reported Vulnerabilities

Dell EMC

Foregenix, an information-security company, has uncovered six vulnerabilities in Dell EMC’s data-protection platform RecoverPoint. Three of the flaws have since been fixed. To read more: https://www.theregister.co.uk/2018/05/21/dell_emc_recoverpoint_flaws/

BMW
A security lab revealed a number of vulnerabilities in the onboard computer systems in some BMW vehicles. Impacted models include the i Series, X1 sDrive, 5 Series and 7 Series. To read more: https://www.zdnet.com/article/over-a-dozen-vulnerabilities-uncovered-in-bmw-vehicles/

Roaming Mantis

The Roaming Mantis banking trojan is evolving and now targeting Europe and the Middle East in addition to Asian countries. The malware spreads via DNS hijacking. To read more: https://threatpost.com/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining/132149/

VPNFilter

A new malware infection has compromised 500,000 home and small-office routers and network-attached-storage devices. VPNFilter listens in on traffic and steals website credentials; it also hacks Modbus SCADA traffic. To read more: https://www.theregister.co.uk/2018/05/23/vpnfilter_malware_menacing_routers_worldwide/

Smart locks

Hackers may be able to remotely unlock smart locks if the lock relies on the Z-Wave wireless protocol. Z-Wave is vulnerable to an attack that forces the secure pairing mechanism to an earlier version with known weaknesses. To read more: https://www.zdnet.com/article/smart-lock-user-z-wave-pairing-flaw-lets-attackers-open-your-door-from-yards-away/

AMD Epyc server

German researchers found a method to stop the security mechanisms that AMD’s Epyc server-chips use to automatically encrypt virtual machines in memory. The researchers say they can exfiltrate plain-text data from an encrypted guest via a hijacked hypervisor and simple HTTP requests. To read more: https://www.theregister.co.uk/2018/05/25/amd_epyc_sev_vm_encryption_bypass/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.