Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported breaches and vulnerabilities

Bristol Airport

Bristol Airport blamed a ransomware attack for causing a blackout of its flight information screens. The attack took out several computers over the airport network, including in-house display screens which provide details about arrival and departure information. To read more: https://thehackernews.com/2018/09/cyberattack-bristol-airport.html

Marketing firm

A security researcher found an unsecured MongoDB server belonging to an unnamed marketing company that was leaking personal details of 11 million users. All email addresses were Yahoo-based suggesting this was a small section of a larger dataset. To read more: https://www.zdnet.com/article/mongodb-server-leaks-11-million-user-records-from-e-marketing-service/

GovPayNow

A company that manages online payments for US government agencies and states, experienced a security incident with the potential exposure of 14 million records. The domain govpaynow.com has leaked six years worth of customer data. To read more: https://krebsonsecurity.com/2018/09/govpaynow-com-leaks-14m-records/

Newegg

Hackers injected 15 lines of card skimming code on the retailer’s payments page. The server even used an HTTPS certificate to blend in. Newegg removed the code Tuesday. To read more: https://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/?utm_medium=TCnewsletter

NSS Labs

NSS Labs is suing multiple security vendors as well as an industry standards organization. The suit says that these vendors not only knew about the bugs in their code and failed to act but were also “actively conspiring to prevent independent testing that uncovers those product deficiencies.” To read more: https://www.theregister.co.uk/2018/09/20/security_testing_contratemps/

WordPress

Thousands of WordPress sites have been hacked and compromised with malicious code. Researchers believe intruders are gaining access to these sites by exploiting vulnerabilities in outdated themes and plugins. To read more: https://www.zdnet.com/article/thousands-of-wordpress-sites-backdoored-with-malicious-code/

Peekaboo zero-day

Hundreds of thousands of security cameras are vulnerable to a zero-day that could allow hackers to spy on feeds and even tamper with video surveillance recordings. The vulnerability exists in NUUO’s Network Video Recorder software. To read more: https://www.bitdefender.com/box/blog/iot-news/peekaboo-zero-day-lets-hackers-view-alter-surveillance-camera-footage/

NCIX

A security researcher found customer and employee data belonging to Canadian PC hardware retailer put up for sale on Craigslist. NCIX filed for bankruptcy and closed its doors in December of 2017. The data breach appears to have taken place after the retailer shut down and retired old servers. To read more: https://www.zdnet.com/article/canadian-retailers-servers-storing-15-years-of-user-data-sold-on-craigslist/

Zaif

Japanese cryptocurrency exchange Zaif announced that it lost $60 million worth of company and user funds in a security breach. To read more: https://www.zdnet.com/article/zaif-cryptocurrency-exchange-loses-60-million-in-july-hack/

US State Department

The US State Department has confirmed a data breach that led to the exposure of employee data. The security notice was marked “Sensitive but Unclassified” and no technical details of the incident have been released to the public. To read more: https://www.zdnet.com/article/state-department-reveals-email-data-leak/

Indiana hospital

The Lutheran Health Network IT staff discovered a computer virus that caused the cancelation of all remaining elective surgeries. The IT staff stopped the virus quickly but phones and computers were “taken down” as a precaution. To read more: https://www.beckershospitalreview.com/cybersecurity/cyberattack-forces-indiana-hospital-to-cancel-elective-surgeries-divert-ambulances.html

Reported Vulnerabilities

XBash malware

A new malware strain has been discovered that combines features from ransomware, coinminers, botnets, and worms. The malware works on both Linux and Windows systems. To read more: https://www.zdnet.com/article/new-xbash-malware-combines-ransomware-coinminer-botnet-and-worm-features-in-deadly-combo/

Western Digital

Security researchers found an authentication bypass vulnerability in Western Digital’s My Cloud NAS devices. This could allow an authenticated attacker to gain admin-level control to the devices. To read more: https://thehackernews.com/2018/09/wd-my-cloud-nas-hacking.html

4GEE modem

A high severity vulnerability was discovered in 4G-based wireless 4GEE Mini modems sold by EE. By exploiting the vulnerability, an attacker could run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability was discovered by a security researcher at ZeroDayLab. To read more: https://thehackernews.com/2018/09/4g-ee-wifi-modem-hack.html

Microsoft

After giving the company 120 days to fix, an unpatched remote-code execution bug in Microsoft’s Jet database engine was published to the public. No official patch is available. To read more: https://www.theregister.co.uk/2018/09/20/microsoft_jet_database_zero_day/

Bitcoin

The Bitcoin team fixed a severe vulnerability, CVE-2018–17144. The bug affects Bitcoin Core, the software that Bitcoin nodes run on their services and the software that keeps the entire Bitcoin network up and running. To read more: https://www.zdnet.com/article/bug-in-bitcoin-code-also-opens-smaller-cryptocurrencies-to-attacks/

Twitter

Twitter informed its users of a critical API bug that may have led to a data leak. This bug allowed developers on the platform access to direct messages of users with protected accounts. The bug has since been patched. To read more: https://www.technadu.com/twitter-api-bug-internal-data-leak/42218/

Want to learn more?

Sign up below and receive these reports and more directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.