Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Microsoft

Microsoft accidentally left a Dynamics 365 TLS certificate and private key open. Unlike development and production servers, this sandbox gives admins RDP access. To read more: https://www.theregister.co.uk/2017/12/11/dynamics_365_sandbox_leaked_tls_certificates/

MoneyTaker

The newly discovered hacking group has successfully attacked more than 20 financial institutions, banks, software vendors and law firms worldwide. The group is linked to 16 victims in the US, one in the UK and three in Russia. To read more: http://www.zdnet.com/article/moneytaker-apt-steals-millions-from-us-uk-russian-banks/

Fox-IT

The Dutch security firm has announced that it suffered a cyberattack. The attacker was able to redirect emails going to the fox-it.com domain and inbound traffic to their ClientPortal. The weak link was Fox-IT’s domain registrar, which did not require two-factor authentication. To read more: https://www.grahamcluley.com/fox-it-dns-hack/

Update: Mirai Botnet

The co-authors of Mirai pled guilty to creating the malware back in 2016, which crippled portions of the internet. In addition, the authors also pled guilty to charges of using their botnet to conduct click-fraud. To read more: https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty/

Reported Vulnerabilities

Language flaws

A researcher revealed serious flaws in the interpreters for five popular programming languages. Applications parsed by these languages are at risk. For example, Python has “undocumented methods and local environment variables that can be used for OS command execution.” To read more: http://www.zdnet.com/article/these-five-programming-languages-have-flaws-that-expose-apps-to-attack/

Starbucks

Starbucks has inadvertently been mining alt-coins on customers’ computers. An attacker was maliciously injecting Coin Hive’s code into web browsers via the free Starbucks wi-fi. To read more: https://www.theregister.co.uk/2017/12/12/starbucks_wifi_crypto_mining/

OSX.Pirrit

This adware was developed by an Israeli ad-tech firm and poses as a legitimate installer. The installer asks for users’ computer password to trick them into turning over root privileges. To read more: http://www.zdnet.com/article/maker-of-sneaky-mac-adware-sends-security-researcher-cease-and-desist-letter/

ROBOT

The ROBOT vulnerability, first identified in 1998, has resurfaced. It impacts many major websites such as Facebook to PayPal. With the vulnerability, attackers can decrypt encrypted data and sign communications using private keys. To read more: https://threatpost.com/19-year-old-tls-vulnerability-weakens-modern-website-crypto/129158/

Triton/Trisis

This family of malware is designed to compromise industrial-control systems. Specifically, it targets equipment sold by Schneider Electric, tampering with or disabling the company’s Triconex products. To read more: https://www.wired.com/story/triton-malware-targets-industrial-safety-systems-in-the-middle-east/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.