Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Bitcoin ATM malware

Malware designed to target cryptocurrency ATMs is for sale on the Dark Web. The Bitcoin malware costs $25,000. The seller is also offering regular ATM malware, which is able to disconnect ATM’s from their network to prevent alarms from sounding. To read more: https://www.zdnet.com/article/you-can-buy-bitcoin-atm-malware-for-25000-in-the-dark-web/

GPS apps

US military personnel on active duty are banned from using apps that are GPS enabled. GPS is commonly found in map software and fitness trackers. The DoD believes the technology could be used to “present enemies with information on military operations”. To read more: https://www.zdnet.com/article/pentagon-bans-military-from-using-devices-with-gps/

OpenEMR

Twenty critical vulnerabilities in OpenEMR potentially left health records for millions of patients open to attack. OpenEMR is an open-source software solution for the management of electronic patient records. The bugs included multiple instances of SQL injection flaws, vulnerabilities leading to unauthenticated information disclosure among others. To read more: https://www.zdnet.com/article/openemr-security-flaws-left-millions-of-patient-records-open-to-attack/

Snapchat

Snap revealed that an update to Snapchat from earlier this year accidentally exposed some of its source code. The exposed code was found posted online on GitHub. To read more: https://hotforsecurity.bitdefender.com/blog/snapchats-source-code-leaked-out-and-was-published-on-github-20209.html

PGA of America

The PGA of America’s computer servers were hacked and its files encrypted. The hackers provided a Bitcoin wallet but no ransom amount was given. To read more: https://www.si.com/golf/2018/08/08/pga-championship-bitcoin-extortion-hackers

Bitfi

A 15 year old hacking prodigy demonstrated that Bitfi’s “unhackable wallet” could be hacked. The company claimed the device’s security was “absolute” but it did not take long for reports of successful hacks to appear. In this case the 15 year old enjoyed a game of Doom on the purportedly unhackable device. To read more: https://www.zdnet.com/article/challenge-accepted-15-year-old-hacking-prodigy-plays-doom-on-unhackable-bitfi/

Comcast

Comcast has resolved two vulnerabilities which had the potential to expose confidential information of 26.5 million customers. The vulnerabilities were discovered by Ryan Stevenson, a security researcher. To read more: https://www.zdnet.com/article/comcast-vulnerabilities-exposed-sensitive-data-customers-allowed-brute-force-attacks/

MongoDB

A MongoDB database containing the health care information for 2 million patients in Mexico was exposed online. The exposed data included full name, gender, DOB, insurance information and more. The database was fully exposed to the internet and could be accessed and edited by anyone without a password. To read more: https://www.bleepingcomputer.com/news/security/health-care-data-of-2-million-people-in-mexico-exposed-online/

GoDaddy

A misconfiguration of an AWS S3 bucket led to the exposure of internal information belonging to GoDaddy. The information included “high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios.” To read more: https://www.zdnet.com/article/aws-error-exposed-godaddy-server-secrets/

Mention

A brand monitoring service called Mention has blamed a third-party supplier for a data breach that occured back in July. The hacked information includes the data held within a customer’s account profile such as names, emails and plan details. To read more: https://www.enterprisetimes.co.uk/2018/08/06/mention-blames-third-party-for-data-breach/

Swiss Emails

An investigation by the SonntagsZeitung newspaper found the email addresses and passwords of 15,000 employees of Swiss federal or state-related bodies had been hacked and traded on the darkweb. To read more: https://www.swissinfo.ch/eng/cyber-extorsion_hackers-gain-access-to-thousands-of-swiss-email-accounts/44301896

North Korean attacks

Through the analysis of new malware campaigns, researchers found that North Korean hackers were re-using previously used malware making the hackers easier to trace. To read more: https://www.zdnet.com/article/north-koreas-hackers-are-re-using-old-code-to-build-new-attacks/

Reported Vulnerabilities

Linux Kernel

Security researchers are warning Linux users of a bug in the Linux kernel that can lead to a denial of service. The kernel can be “forced to make expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet”. To read more: https://www.zdnet.com/article/linux-kernel-bug-tcp-flaw-lets-remote-attackers-stall-devices-with-tiny-dos-attack/

Ramnit

A recently uncovered “Black” botnet campaign using Ramnit malware has already infected 100,000 systems in just two months. The malware authors enhanced the attack by using evasion techniques to protect the malware and manage the bots. To read more: https://threatpost.com/ramnit-changes-shape-with-widespread-black-botnet/134727/

WhatsApp

A flaw in WhatsApp could allow hackers to modify and send fake messages. To read more: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

Inverse Spectre

Researchers found a ret2spec (return-to-speculation) vulnerability in Intel chips that would allow attackers to read data without authorization. Malicious web pages could interpret the memory of the web browser in order to access and copy critical data. To read more: http://www.digitaljournal.com/tech-and-science/technology/new-security-flaw-with-intel-processors/article/529077

‘God Mode’

Some x86 CPUs have hidden backdoors that let you access root by sending a command to an undocumented RISC core that is managed by the main CPU. The command — “.byte 0x0f, 0x3f” in Linux — is not supposed to exist but immediately gives root. To read more: https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.