Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Cambridge Analytica

This data-analysis firm and its related entity, Strategic Communications Laboratories, stole data on 50 million Facebook users and leveraged it to manipulate the US electoral process (among other things), rather than destroying the data as Facebook had apparently requested. Facebook has since suspended all accounts related to Cambridge Analytica. To read more: https://www.wired.com/story/cambridge-analytica-50m-facebook-users-data/

To read Facebook’s response to the breach: http://www.zdnet.com/article/mark-zuckerberg-outlines-facebooks-response-to-cambridge-analytica-controversy/

Orbitz

Travel-company Orbitz announced a data breach impacting 880,000 payment forms. The customers associated with those forms may have had personal information stolen. To read more: http://www.travelmarketreport.com/articles/Orbitz-Data-Security-Breach-Likely-Impacted-Hundreds-of-Thousands-Users

Telegram

Telegram was ordered by Russian authorities to hand over the encryption keys for 9.5 million active users. If the app does not comply it could be blocked by authorities. To read more: https://threatpost.com/telegram-ordered-to-hand-over-encryption-keys-to-russian-authorities/130581/

Guccifer 2.0

A hacker known as Guccifer 2.0 is most notable for claiming to have hacked the Democratic National Committee in 2016. A new report from a source close to the US government said that Guccifer failed to use a VPN on one occasion and accidentally left his IP address open. This identified the hacker as an officer of GRU, a key Russian intelligence agency. To read more: https://techcrunch.com/2018/03/22/more-evidence-ties-guccifer-2-0-to-russian-intelligence/?utm_medium=TCnewsletter

Shodan

A security researcher ran a query on the hacker search engine Shodan and it returned 2,300 servers running etcd databases. He then ran a simple script that gave him the login credentials stored on the servers, which could be used to gain access to CMS, MySQL and PostgreSQL databases, among others. To read more: https://fossbytes.com/hacker-search-engine-shodan-password-etcd-server-exposed/

City of Atlanta

The city of Atlanta was the target of a ransomware attack impacting several departments. The ransom note demanded six bitcoins for all computers in exchange for keys to decrypt systems. To read more: https://threatpost.com/ransomware-attack-cripples-several-atlanta-city-systems/130739/

Major university breaches

The US government charged nine Iranian hackers with a campaign to steal more than 31 terabytes of information from 300 American and foreign universities. To read more: https://www.wired.com/story/iran-cyberattacks-us-universities-indictment/

Reported Vulnerabilities

Linux Servers

Hackers are using a five-year-old security vulnerability to infect Linux servers with Monero cryptomining malware. The vulnerability enables attackers to inject HTML and JavaScript into the title of maps in the network editor. To read more: http://www.zdnet.com/article/cryptocurrency-mining-malware-uses-five-year-old-vulnerability-to-mine-monero-on-linux-servers/

Drupal

Drupal developers are giving themselves extra time to fix a critical flaw in Drupal 7 and 8 core. To read more: https://threatpost.com/drupal-forewarns-highly-critical-bug-to-be-patched-next-week/130733/

Github

In a security sweep, GitHub revealed that more than four million vulnerabilities are present in 500,000 repositories. The platform has since alerted the repository admins about the flaws. To read more: https://www.silicon.co.uk/projects/devops/github-4-million-flaws-public-code-230507?inf_by=5ab94135671db8111e8b5000

Zenis Ransomware

This week a new ransomware was discovered called Zenis. Not only does it encrypt your files but also deletes any backups. To read more: https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.