Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Twitter

Twitter confirmed that Cambridge Analytica purchased one-time API access to a random sample of public tweets from December 2014 to April 2015. Following an internal review, Twitter did not find any access to private data of Twitter users. To read more: https://techcrunch.com/2018/04/30/twitter-also-sold-data-access-to-cambridge-analytica-researcher/?utm_medium=TCnewsletter

Twitter redux

All users should change their passwords immediately. Twitter revealed that a bug caused the platform to store user passwords in unmasked form. The company also did not hash an internal log. To read more: https://techcrunch.com/2018/05/03/twitter-password-bug/?utm_medium=TCnewsletter

Mexico Central Bank

The Mexican central bank said it was investigating an attempt to hack into the payments systems of three financial institutions. No funds were stolen. To read more: https://www.reuters.com/article/us-mexico-cyber/mexico-central-bank-says-possible-cyber-attack-targets-payment-systems-idUSKBN1I12CJ

Zippy’s restaurants

The Hawaii-based restaurant chain reported that its point-of-sale system at 25 locations has been compromised. To read more: https://www.scmagazine.com/zippys-restaurants-suffers-pos-data-breach/article/762902/

Huawei and ZTE

Smartphones made by ZTE and Huawei have been banned from sale at US military bases around the world. The Pentagon imposed the ban due to concerns that the Chinese manufacturers could be implanting spyware on the devices. To read more: https://www.grahamcluley.com/the-pentagon-bans-huawei-and-zte-smartphones-from-military-bases-worldwide/

Reported Vulnerabilities

Home gateways

Over a million fiber routers can be remotely accessed due to an authentication bypass bug. The bug lets anyone bypass the login page by adding “?images/” to the end of the web address on the configuration pages. To read more: https://www.zdnet.com/article/over-a-million-vulnerable-fiber-routers-can-be-easily-hacked/

TPLink router

A researcher from Fidus Infosec went public with an old remote-code execution flaw in TPLink router firmware. These security flaws were reported to TPLink in October 2017 and subsequently patched, but the bug has resurfaced in newer units. To read more: https://www.theregister.co.uk/2018/04/28/security_roundup/

VW-Audi

Researchers from Computest have disclosed multiple vulnerabilities in the infotainment system of some VW and Audi models. The flaw can be remotely exploited if the vehicle connects to an attacker’s wi-fi network. To read more: https://www.zdnet.com/article/vw-audi-security-multiple-infotainment-flaws-could-give-attackers-remote-access/

Facebook Messenger

A form of malware uses fake Facebook Messenger messages to spread and steal passwords and cryptocurrency. To work, the malware must be installed on the victims system. To read more: https://www.zdnet.com/article/this-password-stealing-malware-uses-facebook-messenger-to-spread-further/

KRACK wi-fi

Some medical devices produced by Becton Dickinson are vulnerable to the KRACK bug. KRACK stands for Key Reinstallation Attack and exploits a flaw in the WPA2 protocol, which is used to secure wireless networks. To read more: https://www.zdnet.com/article/krack-wi-fi-vulnerability-strikes-medical-devices/

Oracle

A bug that Oracle recently patched broke the functionality of Oracle Access Manager. OAM provides authentication for web applications based on Oracle Fusion Middleware. However, due to the patch an attacker could impersonate any legitimate user and access web apps that OAM should be protecting. To read more: https://www.zdnet.com/article/oracle-access-manager-security-bug-so-serious-it-let-anyone-access-protected-data/

Hacking rewards programs

Cybercriminals are now exploiting rewards-points programs, especially those associated with travel. Boutique stores on the Dark Web are selling stolen rewards-related credentials. To read more: https://threatpost.com/boutique-shops-offering-rewards-points-pop-up-on-the-dark-web/131636/

Microsoft and Docker

There is a remote code execution vulnerability in the wrapper used to launch Windows Server Containers from Go. The issue occurs when importing a container image due to a failure of the library to validate what was on the way in. To read more: https://www.theregister.co.uk/2018/05/03/docker_for_windows_vuln/

Kitty malware

The latest version of the Kitty malware family is targeting Drupal websites to mine cryptocurrency. What makes Kitty different is that it not only targets the internal network, server and website itself, but also targets visitors in order to compromise domains. To read more: https://www.zdnet.com/article/hello-kitty-malware-targets-drupal-to-mine-for-cryptocurrency/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.