Polyverse Weekly Breach Report

breach_report

A snapshot look at the cybersecurity breaches of last week.

VEVO

Hackers posted 3.12 terabytes of VEVO’s internal files online. The files belong to music and video services from September 15th 2017. Some of the files contain sensitive data including alarm codes for the UK office. To read more: https://www.grahamcluley.com/vevo-hack/

CCleaner

The popular Windows utility CCleaner suffered a “security incident” that saw users updated with a legitimate digitally signed version of the software that opened a malicious backdoor. To read more: https://www.grahamcluley.com/ccleaner-backdoor/. The company has since issued new code.

Pirate Bay

A cryptocurrency miner surfaced on the torrenting site for a day this weekend. Coin Hive lets companies monetize traffic by embedding a miner for Monero in the sites code. To read more: https://threatpost.com/pirate-bay-spotted-hosting-monero-cryptocurrency-miner/128004/

Viacom

Researchers found an open misconfigured AWS S3 bucket containing everything a hacker would need to take down the company’s IT systems. Some of the data was encrypted using GPG, but that would not be an issue for the hackers because the bucket also contained the decryption keys. To read more: https://www.theregister.co.uk/2017/09/19/viacom_exposure_in_aws3_bucket_blunder/

SEC

The SEC says its corporate filing system was hacked last year. To read more: https://www.cbsnews.com/news/sec-says-its-corporate-filing-system-was-hacked/

Verizon

Security researchers found another data exposure at Verizon. Confidential documents were found on an unprotected S3 storage server. These detailed server and infrastructure maps, IP addresses, global router hosts among other things. To read more: http://www.zdnet.com/article/another-verizon-leak-exposed-confidential-data-on-internal-systems/

Reported Vulnerabilities

Red Alert 2.0

The banking Trojan has infiltrated a variety of third party apps. When a victim opens the app, the malware overlays a dialog, enticing users to enter their login details. When the credentials are stolen they are passed to a remote server. To read more: https://www.tripwire.com/state-of-security/featured/red-alert-android-banking-trojan/

SafeBrowse

The Chrome browser extension is secretly mining bitcoin. If you have the extension enabled it will run continuously in the background, running crypto mining code from Coin Hive. To read more: https://hotforsecurity.bitdefender.com/blog/first-ever-crypto-mining-chrome-extension-discovered-18992.html

Security Cameras

Proof-of-concept malware called aIR-Jumper can be used to defeated air-gapped network protections and send data in and out. To read more: https://threatpost.com/malware-steals-data-from-air-gapped-network-via-security-cameras/128038/

Want to learn more?

Sign up at below and receive weekly cybersecurity updates.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.