Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Mega

A text file containing over 15,500 user names, passwords and file names was published online. A security researcher found the file after it was uploaded to malware analysis site VirusTotal. The data was verified that it belonged to Mega, a New Zealand-based file-sharing site. To read more: https://www.zdnet.com/article/thousands-of-mega-logins-dumped-online-exposing-user-files/

DVRs

A researcher discovered a way to hack an IoT enabled DVR. The vulnerability was first discovered five years ago, but numerous devices have still not been patched. The flaw enables remote attackers to bypass authentication checks, obtain sensitive data, alter passwords, clear log files and perform other actions. To read more: https://www.bitdefender.com/box/blog/smart-home/iot-search-engine-exposes-passwords-30000-vulnerable-dvrs/

Robocent

This Virginia-based political robocalling company left files containing hundreds of thousands of voter records in a public Amazon S3 bucket. Anyone was able to access the bucket as no password was required to access it. To read more: https://www.zdnet.com/article/us-voter-data-exposed-by-robocall-firm/

Ukrainian government

A cyber-espionage campaign is targeting the Ukrainian government with three types of malware. The most potent is a remote-access trojan called Vermin, which creates a backdoor into systems for stealing data such as login credentials and even audio recordings of surroundings. To read more: https://www.zdnet.com/article/password-stealing-eavesdropping-malware-targets-ukrainian-government/

Telefonica

Telefonica suffered a data breach that exposed personal details of millions of Spanish users. The telecoms company’s customers have been urged to update their password. To read more: https://www.informationsecuritybuzz.com/expert-comments/telefonica-data-breach/

LabCorp

Samsam ransomware was used to attack and force LabCorp’s systems offline. One of America’s biggest healthcare-diagnostics companies, LabCorp was able to neutralize the attack within 50 minutes, but during this time the ransomware was able to encrypt thousands of the firm’s systems and servers. To read more: https://www.csoonline.com/article/3291617/security/samsam-infected-thousands-of-labcorp-systems-via-brute-force-rdp.html

Singapore Health Services

SingHealth, Singapore’s largest healthcare company, suffered a cyberattack affecting 1.5 million patients of its outpatient clinics. Information stolen included names, National Registration Identity Card numbers, address, gender, race and date of birth. To read more: https://www.cio-asia.com/article/3290392/data-breach/singapore-suffers-largest-data-breach-in-its-history-1-5m-affected.html

Level One Robotics

UpGuard Cyber Risk, a security-research firm, disclosed that sensitive documents from more than 100 auto companies — including GM, Fiat Chrysler, Ford, Tesla and others — were exposed on a publicly accessible server belonging to Level One Robotics. The exposure came through rsync, a common file transfer protocol that is used to back up large data sets. To read more: https://techcrunch.com/2018/07/20/data-breach-level-one-automakers/

MoneyTaker

Hackers stole almost $1 million from a Russian bank after breaching its network via an outdated router. PIR Bank was attacked by a hacking group called MoneyTaker. To read more: https://www.theregister.co.uk/2018/07/20/moneytaker_russian_bank_hack/

Clash of Clans

Popular smartphone games are being used to launder money on behalf of hackers. Researchers at Kromtech Security came across the money-laundering ring when analyzing an unsecured MongoDB database. To read more: https://www.tripwire.com/state-of-security/featured/hackers-automate-the-laundering-of-money-via-clash-of-clans/

ComplyRight

ComplyRight, a cloud-based human-resources firm, said that a security breach may have exposed sensitive consumer information. To read more: https://krebsonsecurity.com/2018/07/human-resources-firm-complyright-breached/

Reported Vulnerabilities

GandCrab

A new version of the GandCrab ransomware was found by researchers. The new version self-propagates via the Windows transport protocol Server Message Block. To read more: https://threatpost.com/no-evidence-of-gandcrab-leveraging-smb-exploit-yet/134017/

Australian Taxation Office

The Australian Taxation Office unintentionally prevented customers from accessing its website if certain adblockers, firewalls or anti-virus software was in place. The bug has since been removed. To read more: https://www.zdnet.com/article/ato-removes-bug-preventing-use-of-website-with-security-measures-in-place/

Huawei-based botnet

Researchers spotted a recent uptick in Huawei device scanning. The traffic was due to a vulnerability that can be exported through port 37215. A hacker calling him or herself “Anarchy” has created an 18,000-device botnet in less than 24 hours exploiting this vulnerability. To read more: https://www.zdnet.com/article/iot-hacker-builds-huawei-based-botnet-using-18000-devices-in-one-day/

Airport wi-fi

Coronet, a company that makes wireless-network security devices, published a list of the least-secure wi-fi services offered at 45 of America’s busiest airports. San Diego International Airport is apparently the riskiest. To read more: https://threatpost.com/threatlist-a-ranking-of-airports-by-riskiest-wifi-networks/134229/

D-Link

Unpatched vulnerabilities in routers made by Taiwan’s D-Link and South Korea’s Dasan are being targeted by hackers. There was an uptick in exploit attempts from more than 3,000 different source IPs targeting specific models. To read more: https://threatpost.com/d-link-dasan-routers-under-attack-in-yet-another-assault/134255/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.