Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported breaches and vulnerabilities

Philips

Vulnerabilities have been discovered in multiple versions of Philips cardiovascular imaging devices. One vulnerability is a high-severity flaw that affects the Philips IntelliSpace Cardiovascular and Xcelera IntelliSpace Cardiovascular products. The flaw could allow attackers to escalate privileges and access folders containing executables. To read more: https://www.zdnet.com/article/philips-reveals-code-execution-vulnerabilities-in-cardiovascular-devices/

Ransomware campaign

A new ransomware campaign is targeting large organizations around the world and appears to be connected to Lazarus. The ransomware is called Ryuk and first appeared in August. It is similar to the SamSam ransomware. To read more: https://www.zdnet.com/article/this-new-ransomware-campaign-targets-business-and-demands-a-massive-bitcoin-ransom/

Facebook VPN

Apple required Facebook to remove its mobile VPN app called Onavo Protect from the iOS App Store. The app violated Apple’s App Store guidelines on data collection. To read more: https://thehackernews.com/2018/08/facebook-vpn-app-apple-store.html

T-Mobile

T-Mobile has reported a data breach that may have exposed the personal data for two million customers. To read more: https://www.zdnet.com/article/international-hackers-help-themselves-to-data-belonging-to-2-million-t-mobile-customers/

Cheddar’s Scratch Kitchen

Customers of Cheddar’s Scratch Kitchen restaurants are being warned that their credit card information may have been exposed in a data breach. While 567,000 customers are believed to be affected, the company is still investigating so the number impacted may rise. To read more: https://www.zdnet.com/article/the-credit-card-data-of-500000-cheddars-scratch-kitchen-customers-has-been-stolen/

SpyFone

Oversight by spyware developer SpyFone led to the leak of terabytes of data belonging to both customers and their targets. A researcher uncovered an Amazon S3 bucket belonging to the company which had been left online unprotected. To read more: https://www.zdnet.com/article/spyware-firm-spyfone-leaves-customer-data-recordings-exposed-online/

Universities

Iranian hackers are targeting universities in 14 countries in an attempt to steal intellectual property. The campaign was designed to steal credentials from academic staff using spoof websites. To read more: https://www.zdnet.com/article/iran-hackers-target-70-universities-in-14-countries/

Legacy Health

A data breach at Legacy Health may have compromised the information of 38,000 patients. The data breach was discovered in June but was not publicly announced until last week. To read more: https://www.thelundreport.org/content/briefly-data-breach-could-affect-38000-patients-legacy-health

Sitter

A babysitting-booking app called Sitter accidentally exposed the personal data of 93,000 account holders. A security researcher found the 2GB MongoDB database containing the personal information by using the Shodan IoT search engine. To read more: https://nakedsecurity.sophos.com/2018/08/23/babysitting-app-suffers-temporary-data-breach-of-93000-users/

Texas Voters

Voting records for 14.8 million Texas residents were left exposed online. Most of the information is public record but the files also include data that is considered confidential. To read more: https://gizmodo.com/nearly-15-million-texas-voters-reportedly-exposed-by-da-1828579189

GOMO

After a port was left open, more than 50.55 million user accounts of GOMO apps were accidentally exposed. The incident potentially compromised personal data which includes usernames, passwords, mobile numbers and unique device information. To read more: https://www.zdnet.com/article/open-port-exposes-data-of-50m-gomo-app-users/

Reported Vulnerabilities

.EGG

Researchers at Trend Micro found that criminals are spamming ransomware to victims disguised as .EGG files. An .EGG is a compressed archive file format. Most of the world does not commonly use this format, however, it is very popular in South Korea where the attacks take place. To read more: https://www.grahamcluley.com/rotten-egg-ransomware-south-korea/

Canadian Telcos

Canadian telcos patched a local file-disclosure flaw in their disability services. The vulnerability exists in the seven-year-old SOLEO IP Relay platform that telcos can implement to allow hearing-impaired customers to initiate and conduct outbound voice via a web browser application. To read more: https://threatpost.com/canadian-telcos-patch-an-apt-ready-flaw-in-disability-services/136704/

Apache Struts

A security researcher has disclosed a critical remote code execution vulnerability in the Apache Struts framework that could allow remote attackers to run malicious code on affected servers. The vulnerability originates because of insufficient validation of user-provided untrusted inputs. To read more: https://thehackernews.com/2018/08/apache-struts-vulnerability.html

Ghostscript

Project Zero’s security researchers discovered a critical remote code execution vulnerability in Ghostscript. Ghostscript is a software package that runs on a variety of platforms and converts PostScript language files to other raster formats. To read more: https://thehackernews.com/2018/08/ghostscript-postscript-vulnerability.html

Airmail 3

Attackers can steal an Airmail 3 user’s past emails and file attachments without requiring user interaction beyond opening a weaponized message. An attacker sends an email to an Airmail 3 user containing a link with a URL request that triggers the “send mail” function of the application. To read more: https://threatpost.com/airmail-3-exploit-instantly-steals-info-from-apple-users/136737/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.