Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Facebook

Mark Zuckerberg mentioned a well-known Russian hacking group during his testimony before Congress last week. Prior to the 2016 US election, Facebook shut down accounts related to “Group APT28,” which is part of GRU, the main Russian foreign-intelligence agency. To read more: https://techcrunch.com/2018/04/09/facebook-apt28/?utm_medium=TCnewsletter

Great Western Railway

Great Western Railway, a British train operator, is telling all of its customers to change their passwords after a cyberattack exposed accounts last week. About 1,000 customers are believed to have been affected. To read more: https://www.theregister.co.uk/2018/04/11/great_western_rail_advises_customers_to_change_passwords_following_breach/

Youtube

Hackers defaced a variety of popular YouTube videos including Despacito. The thumbnails were changed and the message “Free Palestine” was added. To read more: https://www.welivesecurity.com/2018/04/10/worlds-popular-youtube-video-hacked/

Inogen

Inogen, a company that makes portable oxygen devices, notified 30,000 customers that their personal information was leaked after an employee’s email was hacked. To read more: https://www.fiercehealthcare.com/tech/inogen-data-breach-30k-device-manufacturer-sec

Various Websites

Hackers have been exploiting legitimate websites by disguising malware as fake software updates. The websites are running the popular content-management systems SquareSpace, WordPress and Joomla. To read more: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/thousands-compromised-websites-spreading-malware-via-fake-updates/

Coinsecure

Some 438 Bitcoins (currently valued at around US$3.5 million) belonging to customers of this Indian Bitcoin exchange were stolen on April 9th. To read more: https://www.theregister.co.uk/2018/04/13/coinsecure_btc_missing_bitcoin/

Reported Vulnerabilities

Power-line attacks

Researchers have shown that an air-gapped PC is not safe from a determined hacker: even a CPU’s low-frequency magnetic radiation can be harnessed to leak data. To read more: https://www.zdnet.com/article/how-safe-is-your-air-gapped-pc-attackers-can-now-suck-data-out-via-power-lines/

Adobe Flash

Adobe patched 19 critical vulnerabilities in Flash and InDesign. To read more: https://www.zdnet.com/article/adobe-patches-critical-vulnerabilities-in-flash-indesign/

Android

A research lab found that top vendors including HTC, Huawei and Motorola are leaving some of their Android-powered technology unpatched. To read more: https://www.theregister.co.uk/2018/04/13/slow_android_security_fixes/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.