Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Military data

Hackers affiliated with the Chinese government breached a US Navy contractor to steal “massive amounts” of military secrets from the Naval Undersea Warfare Center, based in Rhode Island. To read more: https://threatpost.com/report-chinese-hackers-siphon-off-massive-amounts-of-undersea-military-data/132718/

Weight Watchers

A critical server for Weight Watchers was left unprotected, enabling researchers to look through dozens of exposed S3 buckets containing contained corporate data and AWS access keys. To read more: https://threatpost.com/unprotected-server-exposes-weight-watchers-internal-it-infrastructure/132713/

CoinRail

After this South Korean cryptocurrency exchange was hacked, the value of Bitcoin fell sharply, wiping out billions of dollars in cryptocurrency value. CoinRail’s website claims that only a part of its digital currency was stolen, and that 70% of the digital assets held by the exchange are safely stored in a cold wallet. To read more: https://www.grahamcluley.com/bitcoin-price-takes-a-dive-after-another-cryptocurrency-exchange-hack/

Dixons Carphone

Britain’s Dixons Carphone disclosed a data breach involving 5.9 million payment cards and 1.2 million personal records. The company claims that it has not found any evidence of fraud from the illegally accessed data. To read more: https://gizmodo.com/breach-at-one-of-europes-biggest-pc-superstore-chains-e-1826791837

LuckyMouse

A Chinese hacker group known as LuckyMouse has launched an attack against a national data center in an unnamed central Asian country, an apparent (and probably state-sponsored) attempt to compromise government resources. To read more: https://www.zdnet.com/article/luckymouse-campaign-strikes-national-data-center-to-snag-government-targets/

North Korean cyberattack

Two days after the summit between the US and North Korea, a North Korean cyberattack campaign was detected by US intelligence agencies. An FBI and DHS analysis showed that the hackers had deployed Trojan malware known as “Hidden Cobras” in an effort to disable targeted US computer systems. To read more: https://pilotonline.com/news/government/nation/article_c33cb057-dd06-51cc-9ce9-139c589c2404.html

Liberty Life

Last week Liberty Life, an insurance company, disclosed a cyberattack that had potentially compromised customer data. The firm claims that there is no evidence of financial loss. To read more: https://www.timeslive.co.za/news/south-africa/2018-06-17-no-customer-losses-yet-says-liberty-ceo-after-vicious-cyber-attack/

Reported Vulnerabilities

VMware

VMware is warning users that the agent used by its AirWatch mobile-device-management product has a vulnerability that could allow remote control of mobile devices running Android or Windows Mobile. To read more: https://www.theregister.co.uk/2018/06/12/vmware_airwatch_remote_execution_vulnerability/

Webcam spyware

A new malware tool known as InvisiMole is turning PCs into listening posts, enabling hackers to eavesdrop on conversations and take photos using the compromised machine. To read more: https://www.zdnet.com/article/cover-your-webcam-this-stealthy-spyware-records-video-and-audio/

GnuPG flaw

A security researcher discovered a vulnerability in some of the most popular email-encryption clients that rely on GnuPG. The vulnerability affects email applications such as GnuPG, Enigmail, GPGTools and python-gnupg. To read more: https://thehackernews.com/2018/06/gnupg-encryption-signature.html

Android devices

Multiple vendors are shipping Android devices with open port setups. The port, 5555, enables hackers to communicate with devices remotely in order to control and execute commands. To read more: https://www.zdnet.com/article/vendors-are-shipping-thousands-of-android-devices-with-port-access-exposed/

Intel chip flaw

A security flaw within the Intel Core and Xeon processors can be exploited to take sensitive data from the math-processing units. Modern Linux and Windows operating systems are not affected by the flaw. To read more: https://www.theregister.co.uk/2018/06/13/intel_lazy_fpu_state_security_flaw/

Tapplock

A security researcher found that anyone can obtain sensitive information to locate and open a Tapplock smart lock by pulling the information directly from a leaky API server. To read more: https://www.zdnet.com/article/another-security-flaw-tapplock-smart-lock-hacking/

Banking trojan

Researchers have discovered a new Android banking trojan that is similar to Lokibot. But this trojan, MysteryBot, can also make phone calls, scrape contact-list data, copy keystrokes and much more. To read more: https://threatpost.com/new-banking-trojan-can-launch-overlay-attacks-on-latest-android-versions/132858/

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.