Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

GitHub

Hackers are uploading cryptocurrency mining code to GitHubby forking random projects and hiding malicious executables in the directory structure of the new projects. To read more: http://www.zdnet.com/article/cybercriminals-spotted-hiding-cryptocurrency-mining-malware-in-forked-projects-on-github/

MailChimp

MailChimp is still being abused by hackers to spam-out malware. The hackers either compromise an existing MailChimp account or set up fraudulent accounts from which they send out scams or links to malicious content. To read more: https://hotforsecurity.bitdefender.com/blog/hackers-continue-to-exploit-hijacked-mailchimp-accounts-in-cybercrime-campaigns-19687.html

Google Ads

On Thursday the top Google result for Amazon was pointing to a scam site. Anyone who clicked on the ad was sent to a page that tricked users into calling a number for fear that their computer was infected with malware. To read more: http://www.zdnet.com/article/scammers-tricked-google-into-posting-amazon-scam-ads/

BitTorrent Client

Microsoft recently detailed how a massive malware distribution campaign attempted to infect over 400,000 Windows PCs with cryptomining software. The attackers planted a malicious version of the Russian BitTorrent, MediaGet, on an update server in order to spread the malware. To read more: https://www.tripwire.com/state-of-security/featured/bittorrent-client-malware-outbreak/

Walmart Partner

A misconfigured Amazon S3 bucket, managed by a Walmart jewelry partner, left personal details and contact information of 1.3 million customers exposed on the internet. To read more: https://threatpost.com/walmart-jewelry-partner-exposes-personal-data-of-1-3m-customers/130486/

Reported Vulnerabilities

VPNs

A researcher tested Pure VPN, Zenmate and Hotspot Shield and found IP leaks in all three products. One of the vulnerabilities enabled an attacker to hijack a user’s traffic and redirect it to a malicious site. To read more: https://www.theregister.co.uk/2018/03/15/vpn_tests_reveal_privacy_leaking_bugs/

SAP NetWeaver

A pair of security vulnerabilities in SAP NetWeaver Application Server Java could have been combined to hack CRM systems. The vulnerabilities have since been patched. To read more: https://www.theregister.co.uk/2018/03/15/sap_crm_vulnerabilities/

Flash

A group of hackers known as Fancy Bear is using a Flash vulnerability to deliver a malicious Trojan malware payload. The malware is called DealersChoice and contains new evasion techniques where the Flash object only loads when a specific page of the malicious document is viewed. To read more: http://www.zdnet.com/article/hackers-are-using-a-flash-flaw-in-fake-document-in-this-new-spying-campaign/

PinkKite

Researchers have discovered a new family of point-of-sale malware called PinkKite. To avoid detection PinkKite is less than 6k in size. It comes with memory-scraping tools, hard-coded encryption and a backend infrastructure for data exfiltration. To read more: http://www.zdnet.com/article/pinkkite-point-of-sale-malware-spotted-in-the-wild/

Scarlett Johansson malware

A security firm has uncovered an attack that delivers malware that cryptomines Monero on PostgreSQL servers through an image of Scarlett Johansson. 710,000 Postgre SQL servers are open to this hack. To read more: http://www.zdnet.com/article/meet-the-scarlett-johansson-postgresql-malware-attack/

GandCrab

According to new research by Check Point, the hackers behind GandCrab has infected over 50,000 victims with the ransomware. The hackers are using an unprecedented agile malware-development approach to create their ransomware, reviewing and fixing reported bugs in real time. To read more: https://threatpost.com/gandcrab-ransomware-crooks-take-agile-development-approach/130490/

BlackTDS

BlackTDS is a new traffic-distribution system for malware that is being offered as a service on the Dark Web. It promises to use a victim’s profile data to optimize what exploit kits or malware potential victims should be exposed to. To read more: https://threatpost.com/new-web-based-malware-distribution-channel-blacktds-surfaces/130431/

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.