Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

ReCAPTCHA

Google patched a security vulnerability in reCAPTCHA that enabled hackers to bypass the system. The hack required the application using reCAPTCHA to craft a request to /recaptcha/api/siteverify in an insecure way. To read more: https://www.zdnet.com/article/google-patches-recaptcha-bypass-vulnerability/

Taylor

This cryptocurrency trading-assistant startup was hacked and all of its roughly $1.5 million in funds stolen. To read more: https://www.zdnet.com/article/all-of-cryptocurrency-trading-app-taylors-funds-have-been-stolen/

Facebook

Facebook has data-sharing partnerships with at least 60 device makers including Apple, Amazon, Blackberry, Microsoft and Samsung. The social-media giant allowed the companies to access the data of users’ friends without explicit consent. To read more: https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html

Ticketfly

This concert-ticketing service worked to get its system back online after a data breach leaked users’ personal information and disrupted services at music venues. The stolen information included names, physical and email addresses, and phone numbers. To read more: http://www.pahomepage.com/news/ticket-service-data-breach-disrupts-music-venues/1216091236

PumpUp

This fitness app left a server that contained personal information and health data unsecured. The app lets users send photos to their social network and tracks fitness progress. To read more: https://globalnews.ca/news/4249893/pumpup-security-breach-fitness-app/

Coca-Cola

Coca-Cola announced a data breach after a former employee downloaded personnel data to a hard drive. The incident impacted 8,000 workers. To read more: https://www.bleepingcomputer.com/news/security/coca-cola-suffers-breach-at-the-hands-of-former-employee/

Google Groups

Thousands of organizations are leaking sensitive email data because of a widespread misconfiguration in Google Groups. The organizations range from Fortune 500 companies to hospitals and universities, among others. To read more: https://threatpost.com/public-google-groups-leaking-sensitive-data-at-thousands-of-orgs/132455/

Reported Vulnerabilities

Brazilian banking trojan

Researchers at IBM X-Force revealed that attackers are using MnuBot malware to perform illegal transactions during victims’ open banking sessions. MnuBot has the same capabilities as most remote-access trojans. To read more: https://threatpost.com/brazilian-banking-trojan-communicates-via-microsoft-sql-server/132325/

AMD Secure Encrypted Virtualization

Virtual machines that use AMD’s Secure Encrypted Virtualization (SEV) are vulnerable to attacks that can extract the full contents of their main memory in plain text. SEV was built to encrypt individual virtual machines using a secure processor. To read more: https://threatpost.com/severed-attack-extracts-the-memory-of-amd-encrypted-vms/132359/

Acoustic attacks

Researchers have demonstrated that its possible for attackers to physically damage hard drives, or cause PCs to crash, by playing sounds through a computer speaker. To read more: https://www.welivesecurity.com/2018/05/30/acoustic-attack-blue-screen-windows-computer/

Microsoft Windows

Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code. The flaw enables code execution within a sandboxed environment, although to complete an attack hackers would need additional exploits. To read more: https://threatpost.com/researchers-warn-of-microsoft-zero-day-rce-bug/132473/

Valve Steam client

Valve patched a critical vulnerability in its Steam client, which remained undetected for ten years. The vulnerability impacted every version of the gaming platform. To read more: https://www.zdnet.com/article/remote-code-execution-vulnerability-patched-in-valve-steam-client/

Git

A severe vulnerability was patched in Git software source code to prevent remote code execution attacks. The vulnerability occurs due to flawed management of remote repository definitions and data. To read more: https://www.zdnet.com/article/critical-git-repository-security-flaw-leads-to-remote-code-execution-attacks/

Jira

A bug found in Atlassian software enables anyone to easily obtain the secret access keys to the AWS instance it is hosted on. The attack is possible because older versions of the software contain a vulnerable proxy, which can be abused to carry out cross-site scripting (XSS) attacks, among others. To read more: https://www.zdnet.com/article/jira-bug-exposed-private-server-keys-at-major-companies-researcher-finds/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.