Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Bulletproof Coffee

Bulletproof Coffee says code was injected into its website and stole customers payment card details for months. To read more: https://www.theregister.co.uk/2017/11/27/bulletproof_coffee_hacked/

Red Disk

The contents of a sensitive hard drive belonging to a division of the NSA was left online. The virtual disk image contained 100 gigabytes of data from an Army intelligence project. The image was left on a public AWS storage server. To read more: http://www.zdnet.com/article/nsa-leak-inscom-exposes-red-disk-intelligence-system/

Apple

Apple fixed the bug that allowed anyone to log into computers running MacOS High Sierra with admin rights, no password required. To read more: https://www.grahamcluley.com/apple-fixes-root-password-bug-install-update-soon-possible/

PayPal

Paypal said that PII for 1.6 million users has potentially been compromised at a company it acquired. TIO Networks makes digital bill-payment tools for utilities and other firms. To read more: http://www.zdnet.com/article/paypals-tio-networks-reveals-data-breach-impacted-1-6-million-users/

Reported Vulnerabilities

Microsoft Office

Hackers are using Cobalt malware, which is a well-known and legitimate pen-testing tool, to hack Microsoft Office. The exploit is a remote-code execution vulnerability, which exists as a result of the way the software handles objects in memory. To read more: http://www.zdnet.com/article/hackers-are-exploiting-microsoft-word-vulnerability-to-take-control-of-pcs/

Tizi

This malware, which was spotted in the Google Play store, is able to steal data from social-media apps and spy on WhatsApp, Viber and Skype. The malware is a fully featured backdoor that can root-target Android devices. To read more: https://hotforsecurity.bitdefender.com/blog/android-spyware-found-secretly-recording-whatsapp-viber-and-skype-chats-19285.html

JS cryptocurrency miner

A new cryptocurrency miner was discovered that forces a page to continue mining even after the browser is closed. The miner is specific to Windows devices. To read more: http://www.zdnet.com/article/windows-this-sneaky-cryptominer-hides-behind-taskbar-even-after-you-exit-browser/

UBoatRAT

This new trojan is targeting individuals and organizations linked to South Korea or the video-game industry. UBoatRAT uses Google Drive as a distribution hub for malware, and URLs that connect to GitHub repositories that act as a C2. To read more: https://threatpost.com/rat-distributed-via-google-drive-targets-east-asia/129047/

Dirty COW patch

A flaw was found in the Dirty COW patch (CVE-2016–5195). The current bug is not applicable to Android and Red Hat Enterprise Linux, but other distributions suffer from the issue. To read more: https://threatpost.com/flaw-found-in-dirty-cow-patch/129064/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.