Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Virginia Bank

Hackers used phishing emails to break into a Virginia bank twice, making off with more than $2.4 million. The hackers were able to disable and alter anti-theft and anti-fraud protections, including 4-digit PINs and daily withdrawal limits, among others. To read more: https://krebsonsecurity.com/2018/07/hackers-breached-virginia-bank-twice-in-eight-months-stole-2-4m/

Etherscan

An Ethereum-tracking website called Etherscan fixed a cross-site scripting issue on its domain. A security researcher discovered the flaw in an insecure custom implementation of the Disqus comment system. Disqus is used to generate pop-up alert boxes on the Etherscan site. To read more: https://www.theregister.co.uk/2018/07/25/etherscan_xss/

LifeLock

LifeLock fixed a vulnerability on its site that allowed anyone with a web browser to index email addresses associated with millions of customer accounts. The vulnerability left the identity theft protection firm exposed to attacks from ID thieves and phishers. To read more: https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/

Cosco

An international shipping company says it is recovering from a ransomware infection on its American computer network. To read more: https://www.theregister.co.uk/2018/07/26/cosco_ransomware_attack/

Reported Vulnerabilities

Microsoft

After it was supposedly patched, a remote code execution vulnerability was left open to exploitation in the Windows VBScript engine. The initial patch that Microsoft created actually made things worse by introducing another remotely exploitable bug. To read more: https://www.theregister.co.uk/2018/07/23/qihoo_360_microsoft_patches/

Spectre

New variants and sub-variants of the Spectre vulnerability keep appearing. These new exploits revive doubts whether current and past chip designs can truly be fixed. To read more: https://www.theregister.co.uk/2018/07/23/spectre_return_stack_buffer/

Apache OpenWhisk

Researchers have disclosed the existence of a severe vulnerability in Apache OpenWhisk. Under specific conditions, a remote hacker can overwrite the source code of a vulnerable function being executed in a runtime container. Commercial deployments of this technology can be found in IBM Cloud Functions. To read more: https://www.zdnet.com/article/apache-openwhisk-critical-information-leak-vulnerability-exposed/

Bluetooth

A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker to capture and decrypt data shared between paired devices. The flaw affects Apple, Broadcom, Intel and Qualcomm hardware. To read more: https://www.zdnet.com/article/bluetooth-security-flaw-could-allow-nearby-attacker-to-grab-your-private-data/

SpectreRSB:

A new Spectre style attack was found by security experts from the University of California Riverside. SpectreRSB takes a detour from other similar attacks in that it exploits the Return Stack Buffer rather than attacking the branch predictor units of CPUs or CPU cache components. To read more: https://www.zdnet.com/article/spectrersb-new-side-channel-attack-targets-cpu-components/

Kronos

The Kronos banking trojan has returned after years of lying dormant. Hackers have reworked the underlying code and are targeting Germany, Japan and Poland. To read more: https://threatpost.com/kronos-banking-trojan-resurfaces-after-years-of-silence/134364/

Intel Smart Sound

Intel patched three flaws that could allow an attacker to execute arbitrary code on impacted systems. The flawed code was found on Intel Core and Atom processor-based PCs. To read more: https://threatpost.com/intel-smart-sound-tech-vulnerable-to-three-high-severity-bugs/134395/

Solaris

A vulnerability first detected and “resolved” eleven years ago in Oracle’s Solaris has resurfaced. Security researchers discovered that the original fix wasn’t good enough and the component was still vulnerable to attack. To read more: https://www.theregister.co.uk/2018/07/24/oracle_repatch_old_solaris_bug/

Felixroot campaign

A new hacking campaign called Felixroot, uses old vulnerabilities in Microsoft Office software to create a backdoor into Windows systems. The malware campaign is targeting individuals in Ukraine. To read more: https://www.zdnet.com/article/hacking-campaign-uses-old-microsoft-office-flaws-to-create-backdoors-steal-files/

Swann

A team of security researchers found flaws in several smart security cameras that allowed anyone to access any device. For example, the Swann camera failed to check if the person viewing the video stream was an authorized user. To read more: https://www.zdnet.com/article/flaw-let-anyone-snoop-on-smart-cameras/

Pinterest

A buggy Pinterest browser button was automatically injecting malformed code into websites. The code injection was not malicious, but the incident shows how pervasive a threat a browser extension can be if used by hackers. To read more: https://threatpost.com/pinterest-browser-extension-injects-unwanted-code-into-5k-websites/134401/

Samsung

Samsung patched multiple vulnerabilities in the SmartThings Hub, which could have allowed attackers to remotely monitor and control IoT devices. To read more: https://www.zdnet.com/article/internet-of-things-samsung-patches-smartthings-hub-flaws/

NetSpectre

Researchers have discovered another new variant of Spectre, which can remotely steal data from vulnerable systems. NetSpectre can be used by an attacker to pummel a target device with malicious network traffic without running any code on the target system. To read more: https://www.zdnet.com/article/new-spectre-attack-can-remotely-steal-secrets-researchers-say/

PowerGhost

Researchers at Kaspersky Lab uncovered the PowerGhost cryptojacker and detected it on various corporate networks across the world. The fileless malware can secretly embed itself on a single system and spread itself to other PCs and servers across an organization. To read more: https://www.zdnet.com/article/this-new-cryptomining-malware-targets-business-pcs-and-servers/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.