Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Facebook

Facebook was found to be have been scraping call and text-message data from Android phones for years. To read more: https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/

Boeing

Boeing is the latest victim of the WannaCry ransomware attack. To read more: http://www.zdnet.com/article/boeing-confirms-malware-attack-downplays-production-impact/

Baltimore 911

Unknown hackers temporarily caused a shutdown of Baltimore’s automated emergency-dispatch system. Following the breach, the dispatchers faced 17 hours of disruption. To read more: http://www.zdnet.com/article/cyberattack-disrupted-baltimore-emergency-responders/

Under Armour

Under Armour announced that a security breach affected 150 million users of the food app MyFitnessPal. The hackers stole usernames, email addresses and hashed passwords. To read more: https://www.cnbc.com/2018/03/29/under-armour-stock-falls-after-company-admits-data-breach.html

Saks, Lord & Taylor

Hudson’s Bay Company was hit by a security breach that compromised payment-card data at its Saks and Lord & Taylor stores in North America. To read more: https://www.reuters.com/article/us-hudson-s-bay-databreach/saks-lord-taylor-hit-by-payment-card-data-breach-idUSKCN1H81E8

Reported Vulnerabilities

AVCrypt ransomware

A new type of ransomware, AVCrypt, tries to remove existing antivirus products from a victim’s PC before encrypting the compromised computer. It also deletes a selection of Windows services. To read more: http://www.zdnet.com/article/avcrypt-ransomware-attempts-to-eradicate-your-antivirus/

GoscanSSH malware

A new malware family known as GoScanSSH targets public-facing SSH servers, but avoids those linked to government and military IP addresses. The malware is written in Go and tailors binaries for each target. To read more: https://threatpost.com/goscanssh-malware-targets-ssh-servers-but-avoids-military-and-gov-systems/130812/

Sanny Malware

This malware, which has been active since 2012 and delivers its payload via compromised Word documents, has been made significantly more effective and sophisticated, and now uses a multi-stage approach that, among other things, now enables it to infect Windows 10. To read more: https://threatpost.com/sanny-malware-updates-delivery-method/130803/

Coinhive

Multiple security firms have identified Coinhive, the cryptocurrency mining server, as the top malicious threat to Web users. To read more: https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/

Branch predictors

A processor’s branch predictor is one core piece of speculative execution machinery. Researchers from a variety of universities have uncovered an attack, similar to Spectre, that uses this feature to leak sensitive information and undermine security. To read more: https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-more-branch-prediction-attacks/?amp=1

Drupal

Anyone running a website built with Drupal needs to patch immediately. There is a remote code-execution vulnerability in multiple subsystems of Drupal’s content-management system software. To read more: https://www.theregister.co.uk/2018/03/28/drupal_urgent_security_software_patch/

Cisco

Cisco has released patches for 34 vulnerabilities affecting IOS and IOS XW networking software. The most serious flaw could enable a remote unauthenticated hacker to exploit the client and reload an affected device to cause a DoS. To read more: http://www.zdnet.com/article/cisco-critical-flaw-at-least-8-5-million-switches-open-to-attack-so-patch-now/

Fauxpersky

A newly discovered keylogger malware called Fauxpersky is infecting computers in the wild. The malware impersonates the antivirus software Kaspersky and is built off AutoHotKey, which lets users write small scripts for automating tasks. To read more: http://www.zdnet.com/article/fauxpersky-malware-steals-sends-passwords-google-forms/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.