Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Operation Honeybee

A newly uncovered cyber-espionage operation is targeting humanitarian aid organizations around the world by creating backdoors in Word documents. The campaign uses a new variant of the Syscon backdoor malware mainly distributed via phishing emails. To read more: http://www.zdnet.com/article/hacking-operation-uses-malicious-word-documents-to-target-aid-organisations/

DDoS

A new world-record DDoS attack was discovered after an unnamed US service provider survived the attack. The attack reached 1.7 terabits per second; the second closest was anattack against GitHub last week that peaked at 1.35Tbps. To read more: http://www.zdnet.com/article/new-world-record-ddos-attack-hits-1-7tbps-days-after-landmark-github-outage/

Emirates

The airline leaked customer-sensitive personal information to a third-party marketing partner. After customers book a flight, the process of managing the reservation shares PII with over a dozen third-party trackers including Boxever, Coremetrics, Crazy Egg, Facebook and Google. To read more: https://www.theregister.co.uk/2018/03/05/emirates_dinged_for_slipshod_privacy_practices/

Nike

A flaw in Nike’s website enabled anyone to read server data such as passwords. The bug exploited an out-of-band XML external-entities flaw that abused how the website parses XML-based files. To read more: http://www.zdnet.com/article/nike-website-flaw-exposed-access-to-sensitive-server-data/

Ransomware Stats

A new study from CyberEdge found that less than half of those hit by ransomware end up getting their data back. To read more: https://www.theregister.co.uk/2018/03/09/less_than_half_of_ransomware_marks_get_their_files_back/

Keeper

A security researcher found a server with Keeper’s installer files exposed on the internet. Within hours of disclosure the server was secured. To read more: http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/

Giza

Scammers made off with 2 million in cryptocurrency after carrying out a fake initial coin offering. More than 1,000 people invested in the platform, known as Giza. To read more: https://www.cnbc.com/2018/03/09/cryptocurrency-scammers-of-giza-make-off-with-2-million-after-ico.html

Reported Vulnerabilities

Meltdown

SonicWall is seeing a boom in malware authors exploiting the memory side-channel attacks using the Meltdown vulnerability. The firewall company found 60 file-based malware-propagation attempts against their firewalls every day. To read more: http://www.zdnet.com/article/sonicwall-seeing-a-cambrian-explosion-of-side-channel-attacks/

Pivotal

Security researchers at Semmle went public with a remote-code-execution vulnerability in Pivotal’s Spring Framework. The flaw affects various Spring projects. If unpatched, attackers can execute arbitrary commands on any machine that runs an app built with Spring Data REST. To read more: https://www.theregister.co.uk/2018/03/05/rest_vuln/

Exim

A researcher from the security firm Devcore Security Consulting reported a remote-execution bug to Exim developers of February 2nd. Today, there are still 400,000 servers running the vulnerable unpatched version of Exim. To read more: http://www.zdnet.com/article/open-source-exim-remote-attack-bug-400000-servers-still-vulnerable-patch-now/

Slingshot

The malware Slingshot was discovered by accident when a team was analyzing a piece of keylogging code and decided to see if it could be found elsewhere. The signature turned up in a seemingly innocent file on another computer. Researchers have found around 100 infections mostly in Africa and the Middle East. To read more: https://www.theregister.co.uk/2018/03/09/slingshot_malware_uses_cunning_plan_to_find_a_route_to_sysadmins/

Windows 10

A flaw in Windows 10 enables a hacker to visit a website on a locked computer using the voice assistant Cortana. To watch the exploit in action: https://hotforsecurity.bitdefender.com/blog/windows-10-flaw-allowed-attackers-to-open-malicious-websites-even-if-your-pc-was-locked-19665.html

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.