Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

DJI Drones

A leaked memo from the Department of Homeland Security claims that drone manufacturer DJI is “providing US critical infrastructure and law enforcement data to the Chinese government.” The drones are apparently collecting detailed imagery of control panels, materials used in bridge construction and other images, which are then uploaded to cloud systems. To read more: https://www.bitdefender.com/box/blog/iot-news/dji-drones-likely-spying-china-claims-leaked-intelligence-bulletin/

AI.type

The virtual keyboard app leaked data belonging to over 31 million customers online after the developer failed to secure the database’s server. To read more: http://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/

Bitfinex

The digital currency exchange reported a cyberattack that temporarily took their systems offline. Within an hour, operations had apparently returned to normal. To read more: https://www.cnbc.com/2017/12/04/cyberattack-temporarily-hits-bitcoin-exchange-bitfinex.html

Satori botnet

The new IoT botnet hijacked more than 100,000 routers. Researchers noticed the botnet has increased its activity in recent days, propagating quickly via a zero-day remote code execution vulnerability in Huawei Home Gateway. To read more: https://www.bitdefender.com/box/blog/iot-news/satori-botnet-rears-head-exploiting-iot-vulnerabilities/

NiceHash

The Bitcoin mining and exchange platform was hacked with $68 million in Bitcoin stolen. The payment system was compromised and the contents of NiceHash’s Bitcoin wallet were stolen. To read more: http://www.zdnet.com/article/bitcoin-exchange-nicehash-hacked-70m-lost/

Obike

The bike-sharing platform suffered a global security breach that lasted two weeks. User information was leaked and made accessible online. The breach impacted people around the world. To read more: https://www.cnet.com/news/yellow-bike-sharing-firm-is-new-victim-of-global-data-breach/

Reported Vulnerabilities

Quant Trojan

Researchers noticed the Quant Trojan has been updated to target cryptocurrency wallets and Bitcoin. The Trojan is available for purchase on Russian underground forums and is advertised as “MrRaiX”. To read more: http://www.zdnet.com/article/quant-trojan-upgrade-targets-cryptocurrency-user-wallets/

TeamViewer

TeamViewer has issued an emergency patch to fix a bug that could allow attackers to take control of other PCs when in desktop session. Patches for MacOS and Linux systems are expected to be issued this week. To read more: http://www.zdnet.com/article/teamviewer-issues-emergency-fix-for-remote-access-vulnerability/

HomeKit

Apple fixed an undisclosed vulnerability in the HomeKit framework that could have allowed unauthorized remote control of devices such as smart locks and connected garage doors. To read more: https://threatpost.com/apple-fixes-flaw-impacting-homekit-devices/129114/

HP Laptops

A security researcher found keylogging code in software drivers preinstalled on HP laptops. HP said that more than 460 models were affected by the vulnerability. To read more: http://www.bbc.com/news/technology-42309371

Janus Bug

Researchers patched a vulnerability in Android that could leave users vulnerable to attack from signed apps. The bug, Janus, would allow a malicious application to add bytes of code to the APK or DEX formats used by Android applications without affecting the application’s signature. To read more: https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip_into_signed_apps/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.