Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported breaches and vulnerabilities

MikroTik Routers

Out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy. This allows attackers to actively eavesdrop on the targeted network traffic. To read more: https://thehackernews.com/2018/09/mikrotik-router-hacking.html

3D printers

3,800 3D printers were left exposed online without a password. These printers utilize the OctoPrint project which is a free web interface that allows users remote access to printing stations. To read more: https://www.zdnet.com/article/thousands-of-3d-printers-may-be-leaking-private-product-designs-online/

Websites

A security researcher is warning website operators to take a closer look at how they configure their sites because he found 390,000 web pages with an open .git directory. An attacker could use this access to reconstruct a site’s git repository and discover potential vulnerabilities. To read more: https://www.zdnet.com/article/almost-400k-websites-risk-hacking-data-theft-via-open-git-repos-researcher-warns/

mSpy

For the second time in three years, mSpy the makers of a product that helps customers spy on the mobile devices of their kids and partners has leaked millions of sensitive records online. This data includes passwords, call logs, texts, contacts, notes and location data. To read more: https://krebsonsecurity.com/2018/09/for-2nd-time-in-3-years-mobile-spyware-maker-mspy-leaks-millions-of-sensitive-records/

British Airways

British Airways alerted customers who booked flights on its website and mobile app that they were compromised. The personal details stolen in the breach included names, addresses, and financial information. To read more: https://thehackernews.com/2018/09/british-airways-data-breach.html

Schneider Electric

Schneider Electric warned customers that the USB drives shipped to them were potentially infected with malware. USB’s sent with Conext Combox and Conext Battery Monitor products were contaminated during the initial manufacturing process. To read more: https://www.zdnet.com/article/schneider-electric-shipped-usb-drives-infested-with-malware/

Symantec Certs

Chrome and Firefox are set to distrust Symantec TLS certificates starting after their October releases. Everyone using Symantec as well as Thawte, GeoTrust or RapidSSL might be subject to being blocked from Chrome and Firefox users. To read more: https://www.zdnet.com/article/symantec-secured-website-shutdown-coming-soon/

DDos for hire

Last week the leader of a DDoS for hire gang pleaded guilty to making bomb threats against thousands of schools. This person was a part of the internet group called “Apophis Squad” who launched DDoS attacks against multiple websites including KrebsOnSecurity and Protonmail.com. To read more: https://krebsonsecurity.com/2018/09/leader-of-ddos-for-hire-gang-pleads-guilty-to-bomb-threats/

Reported Vulnerabilities

Wireshark

The Wireshark team recently patched a few severe vulnerabilities which could be used to force a system crash and create a DoS state. To read more: https://www.zdnet.com/article/wireshark-fixes-serious-security-flaws-that-can-crash-the-system-cause-dos/

WMIC

Researchers have found a new attack chain that exploits little known Microsoft Windows utilities. The attack utilizes a tool found on all Windows machines called the Windows Management Instrumentation Command-line utility. To read more: https://www.zdnet.com/article/windows-utility-used-by-malware-in-new-information-theft-campaigns/

MEGA.nz

The official Chrome extension for the MEGA file sharing service has been compromised with malicious code. The code steals usernames, passwords and private keys for cryptocurrency accounts. To read more: https://www.zdnet.com/article/mega-nz-chrome-extension-caught-stealing-passwords-cryptocurrency-private-keys/

Apple

Apple removed a popular anti-malware app called Adware Doctor from the App Store because it was gathering browsing history and other information without a user’s permission. After the data was gathered it was then uploaded to someone in China. To read more: https://www.bleepingcomputer.com/news/security/apple-removes-top-security-app-for-stealing-data-and-sending-it-to-china/

Supermicro servers

The firmware responsible for remote management features of Supermicro servers has vulnerabilities that allow attackers to gain footholds on the servers even after an OS reinstall. To read more: https://www.zdnet.com/article/vulnerabilities-found-in-the-remote-management-interface-of-supermicro-servers/

Schneider Electric

A security vulnerability was discovered in Schneider Electric Modicon controllers. The bug “severely exposes the safety and availability of the ICS networks on which these devices were installed”. To read more: https://www.zdnet.com/article/schneider-electric-modicon-vulnerability-impacts-ics-operation-in-industrial-settings/

Cisco

Two high severity vulnerabilities have been disclosed in Cisco’s security platform. The vulnerabilities affect a secure internet gateway that acts as a cloud-delivered security service for corporate networks. Cisco has released software updates addressing the vulnerabilities. To read more: https://threatpost.com/high-severity-flaws-in-cisco-secure-internet-gateway-service-patched/137219/

Want to learn more?

Sign up below and receive these reports and more directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.