Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

AUR package repository

Malware was discovered in at least three Arch Linux packages available on the official Arch Linux repository of user-submitted packages. The malware incident happened because AUR allows anyone to take over and make changes to “orphaned” repositories that have been abandoned by their original authors. To read more: https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/

US Air Force

US Air Force documents were found on the dark web as part of an attempted sale of drone manuals. The documents found pertain to the MQ-9 Reaper drone. To read more: https://www.theregister.co.uk/2018/07/11/us_military_manual_dark_net_sale/

Thomas Cook Airlines

A programmer came across an enumeration bug in the systems of Britain’s Thomas Cook Airlines. The bug leaked the full name of all travelers and flight details of booked flights. To read more: https://www.theregister.co.uk/2018/07/10/thomas_cook_privacy_flap/

Macy’s

This American retailer’s website was hit by a data breach: hackers stole the names and passwords of some customers, and also potentially accessed credit card information. The breach affected about 0.5% of customers registered on macys.com or bloomingdales.com. To read more: http://fortune.com/2018/07/11/macys-data-breach/

MyEtherWallet

An Ether wallet service informed users that the Google Chrome Hola VPN extension was breached, enabling the hackers to monitor customer wallet activity. MEW advised users to immediately move their funds to a secure wallet in order to mitigate the risk of theft. To read more: https://ethereumworldnews.com/myetherwallet-cyberattack-holavpn/

Bancor

Bancor, a crypto-asset exchange, suffered a cyberattack in which hackers attempted to steal up to $23.5 million in cryptocurrencies. The wallet being used to “upgrade” smart contracts was compromised, and the hackers successfully withdrew $12.5 million worth of Ethereum and $1 million of Pundi X tokens. To read more: https://www.zdnet.com/article/another-hack-rocks-cryptocurrency-trading-bancor-loses-23-5-million/

Spectre

Researchers published a MIT paper called Speculative Buffer Overflows: Attacks and Defenses, which examines two new Spectre-style CPU attacks. To read more: https://www.zdnet.com/article/the-return-of-spectre/

Bitcanal

A Portuguese web-hosting firm accused of helping spammers hijack large sections of dormant internet address space was kicked off the web last week. Dormant address ranges are easy to abuse because of the way the global-routing system works. To read more: https://krebsonsecurity.com/2018/07/notorious-hijack-factory-shunned-from-web/

Airport security

Researchers at McAfee found remote access to a major airport’s security system for sale on the dark web. The access came from an online market for remote-desktop-protocol accounts. To read more: https://www.axios.com/cybersecurity-major-airport-security-systems-sale-dark-web-10-dollars-4c1f80cf-f4f5-4ad1-978e-3c5b1057813d.html

Reported Vulnerabilities

Cisco

Cisco patched a variety of security flaws discovered in VoIP phones. The most critical would enable command injection and remote code execution on IP phones. To read more: https://threatpost.com/cisco-patches-high-severity-bug-in-voip-phones/133905/

Dorkbot

Dorkbot, a banking trojan that steals credentials by using web-injects that are activated when a customer tries to log in to their bank’s website, has resurfaced after a six-year absence. To read more: https://threatpost.com/threatlist-6-year-old-dorkbot-banking-malware-resurfaces-as-big-threat/133898/

JavaScript

A hacker gained access to a developer’s npm account and injected code into a popular JavaScript library. The code attempted to steal the npm credentials of users who utilize the package inside their projects. To read more: https://www.bleepingcomputer.com/news/security/compromised-javascript-package-caught-stealing-npm-credentials/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.