Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

CoinDash

Last year an attacker changed the CoinDash wallet address to one they personally owned, leading to the theft of millions of dollars in Ethereum. However, in September, the attacker returned 10,000 ETH and since then a further 20,000 ETH has been returned to the platform. To read more: http://www.zdnet.com/article/hacker-returns-20000-eth-stolen-during-coindash-ico/

Trustico

The CEO of Trustico, a reseller of TLS certificates, accidentally emailed a partner the private keys for 23,000 certificates. The email was sent to an executive vice president at DigiCert. Several hours after this notice was broadcast Trustico’s website went offline due to an exposed critical vulnerability. To read more: https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/

Equifax

Equifax discovered another 2.4 million people who had their information stolen by hackers. The stolen data includes partial driving-license information. To read more: https://www.theregister.co.uk/2018/03/01/equifax_discovers_24_million_more_customers_hit_by_breach/

Github

Github revealed that it was targeted by the largest-known DDoS attack ever reported. The attackers took over a memory system and amplified the volume of data by 51,000 times normal traffic. The attack lasted eight minutes with 1.35 terabits of data per second hitting the platform. To read more: https://www.wired.com/story/github-ddos-memcached/

Reported Vulnerabilities

Parity

A user triggered a major vulnerability in the Parity multi-sig wallet making himself the owner of the smart-contract-controlling user wallets in the entire chain. The user then wiped out some of the core library code, freezing $150 million dollars worth of Ethereum. To read more: http://www.zdnet.com/article/smart-contracts-leave-millions-of-dollars-in-ethereum-vulnerable/

Cisco

Cisco’s Elastic Services Controller’s release 3.0.0 software has a critical vulnerability. An attacker could exploit the flaw by submitting an empty password value to an affected portal. To read more: https://www.theregister.co.uk/2018/02/26/cisco_elastic_services_controller_critical_vulnerability/

T-Mobile

A vulnerability was found and reported by a security researcher on December 19th but has not been revealed until now. The bug allowed hackers to log into T-Mobile’s account website as any customer. To read more: https://motherboard.vice.com/en_us/article/437759/critical-t-mobile-bug-allowed-hackers-to-hijack-users-accounts

RedDrop

RedDrop is an invasive form of spyware that harvests information from devices, including live recordings of its surroundings, user data and information about saved Wi-Fi networks. Currently, 53 apps are distributing the malware. To read more: http://www.zdnet.com/article/sophisticated-android-malware-spies-on-smartphones-users-and-runs-up-their-phone-bill-too/

Ad Network

Researchers at Netlab 360 recently spotted an advertising network using a domain-generation algorithm to evade ad-blocking tools and serve ads that link to pages containing the cryptominer, Coinhive. The researchers are not publicly identifying the network, but said that the provider has used this algorithm since 2017. To read more: https://threatpost.com/ad-network-circumvents-ad-blocking-tools-to-run-in-browser-cryptojacker-scripts/130161/

Spectre

A new variant of the Spectre attack can be used to open Intel’s secure enclaves to view their memory. The side-channel attack affects programs with sensitive components protected by Intel’s SGX or Software Guard Extensions enclaves. To read more: http://www.zdnet.com/article/new-spectre-attack-variant-can-pry-secrets-from-intels-sgx-protected-enclaves/

4G LTE

Newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and texts, knocking devices offline and spoofing emergency alerts. Ten of these attacks are detailed in a new paper by researchers at Purdue and the University of Iowa. To read paper: https://www.documentcloud.org/documents/4392401-4G-LTE-attacks-paper.html To read more: http://www.zdnet.com/article/new-lte-attacks-eavesdrop-on-messages-track-locations-spoof-alerts/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.