Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Disqus

Disqus announced that its user database leaked in 2012, exposing the usernames, email addresses and other information of over 17 million users. The data included SHA1 hashed passwords of about one-third of users. To read more: https://hotforsecurity.bitdefender.com/blog/disqus-reveals-data-breach-but-wins-points-for-transparency-19047.html

NFL players

A misconfigured database containing records from 1,133 NFL players and agents was exposed via an unsecured Elasticsearch server. The database included home addresses, phone numbers and IP addresses of the players and agents. To read more: https://threatpost.com/nfl-players-agents-targeted-in-database-extortion-attempt/128320/

Accenture

Accenture has confirmed that it left a massive store of private data across four unsecured cloud servers, exposing passwords and secrete decryption keys. The servers were hosted on Amazons S3 service and contained hundreds of gigabytes of data for the company’s cloud offering. To read more: http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/

US-SK wartime plans

A lawmaker in Seoul said Tuesday that North Korean hackers stole classified US and South Korean military documents. The hackers broke into the Defense Integrated Data Center in September to steal the files. To read more: http://www.chicagotribune.com/news/nationworld/ct-north-korea-hack-war-plans-20171010-story.html

T-Mobile Website

A bug on the T-Mobile website let hackers access the personal data of customers. There was no mechanism in place to prevent anyone from writing a script and automatically retrieving everyone’s account details. To read more: https://motherboard.vice.com/en_us/article/wjx3e4/t-mobile-website-allowed-hackers-to-access-your-account-data-with-just-your-phone-number

Taiwanese Bank

A hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers. The Far Eastern International Bank confirmed the malware had been found on PCs and servers. To read more: https://www.tripwire.com/state-of-security/security-data-protection/hackers-steal-60-million-from-taiwanese-bank-using-bespoke-malware/

Kaspersky

In 2014 Israeli intelligence officers hacked the Kaspersky network and discovered Russian government hackers exploiting the antivirus software to search computers for US intelligence programs. To read more: http://www.zdnet.com/article/israeli-hackers-caught-russian-hackers-using-kaspersky-nyt-reports/

SEC spoof

Researchers have discovered a new version of the DNS Messenger attack that masqueraded as the SEC to compromise US government servers. The file-less attack uses DNS queries to push malicious PowerShell commands on compromised computers. To read more: http://www.zdnet.com/article/sec-spoofed-malware-hosted-on-us-govt-servers-in-new-dns-attack/

Victory Phones

A phone-polling firm has been hacked and the data of hundreds of thousands of Americans who donated to political campaigns was exposed. Several database files were stolen last year. To read more: http://www.zdnet.com/article/republican-polling-firm-hacked-exposing-donor-records/

Hyatt Hotels

Hackers infected Hyatt POS systems with malware and have potentially stolen visitor names and credit card details for the second time in two years. To read more: http://www.zdnet.com/article/hyatt-hotels-hit-by-credit-card-data-stealing-malware-again/

Reported Vulnerabilities

Hola Senorita

A smart camera supposedly tracked its Dutch owner’s movement around the room. This is not the first time an IoT device has been caught spying on its owners. To read more: https://www.grahamcluley.com/hacked-smart-camera-hola/

PornHub

The Kovter malware was spread via poisoned ads served up by the PornHub site. The ads tricked users of Chrome, Firefox and Internet Explorer into installing critical updates to their browsers. To read more: https://www.grahamcluley.com/pornhub-malware-ads/

KnockKnock

Hackers are targeting admin and systems accounts to gain access to corporate Office 365 email accounts. The attackers are attempting to knock on backdoor system accounts and have targeted organizations in manufacturing, financial services, healthcare, consumer products and others. To read more: http://www.zdnet.com/article/forgotten-office-365-accounts-targeted-by-stealthy-attack-campaign/

BPC Banking Technologies

The ecommerce platform suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched. Rapid7 publicly disclosed details on the bug, which requires an attacker to be authenticated to a computer running the software in order to exploit. To read more: https://threatpost.com/vendor-bpc-banking-silent-on-patching-sql-injection-in-smartvista-ecommerce-software/128386/

Outlook

Researchers found a bug in the Outlook software that causes encrypted messages to be sent out with their unencrypted versions attached. The bug is activated when S/MIME is used to encrypt the messages and format their emails as plain text. To read more: https://www.theregister.co.uk/2017/10/11/outlook_smime_bug/

GoDaddy

The company’s WAF lets through some commands allowing access to vulnerable databases. A researcher was able to bypass the firewall with a simple SQL injection string. To read more: http://www.zdnet.com/article/security-bug-let-hacker-bypass-godaddy-site-firewall-tool/

Android ransomware

DoubleLocker is ransomware spread as a fake Adobe Flash update via compromised websites. Once downloaded, it asks for certain permissions that, when installed, makes the ransomware the default home application. The next time the user visits their home screen, they are faced with a ransom note. To read more: http://www.zdnet.com/article/this-nasty-new-android-ransomware-encrypts-your-phone-and-changes-your-pin/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.