Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Industrial Equipment Manufacturers

Several manufacturers have reported problems with the patches distributed for the Meltdown and Spectre vulnerabilities. For example, Rockwell Automation reported a dozen errors that appeared after installing Microsoft’s patches for their Windows systems. To read more: http://www.zdnet.com/article/meltdown-spectre-more-businesses-warned-off-patching-over-stability-issues/

Lumens BlackWallet

A DNS server connected to the domain of the browser based wallet application, BlackWallet, was compromised. The Stellar Lumens cryptocurrency was the target of the attack and the theft resulted in $400,000 in stolen funds. To read more: http://www.zdnet.com/article/400000-stolen-in-lumens-blackwallet-theft/

Jason’s Deli

The Texas-based restaurant chain fell victim to a data breach that impacted customers in 15 states. The attackers used RAM-scraping malware on the restaurant’s payment processing systems. To read more: http://www.wesh.com/article/jasons-deli-data-breach-impacts-up-to-2-million-customers/15384812

OnePlus

The phone maker, OnePlus, has confirmed that its systems were breached. The company alerted customers via email that their credit card information may have been compromised in the attack. To read more: http://www.zdnet.com/article/oneplus-confirms-hack-exposed-credit-cards-of-phone-buyers/

Reported Vulnerabilities

MaMi Malware

A researcher discovered a strain of malware targeting Mac OS X users. The researcher noticed a forum post where a user said a colleague “accidentally installed something”, which led to his/her DNS being hijacked. The malware is currently not sophisticated and may be recently developed. To read more: http://www.zdnet.com/article/mami-malware-targets-mac-os-x-dns-settings/

Skygofree

Skygofree is a mobile malware strain named after one of the domains used in the campaign. The malware spreads through web pages that mimic leading mobile networking operators. To read more: https://www.theregister.co.uk/2018/01/16/skygofree_android_spyware/

Satori variant

A new variant of Satori was spotted in the wild. The variant specializes in targeting vulnerable ETH mining rigs. The botnet searches for Claymore Miner software and replaces the wallet address on the hosts with its own wallet address. To read more: http://www.zdnet.com/article/satori-botnet-successor-targets-ethereum-mining-rigs/

Chrome extensions

Security researchers discovered four new malicious extensions in the Chrome Web Store. Three of the extensions have since been removed. To read more: https://threatpost.com/google-chrome-once-again-target-of-malicious-extensions/129443/

VTech

New InnoTab child learning devices were found to have the same security flaw as other connected toys from two years ago. VTech was already fined $650,000 by the FTC because of this security vulnerability. To read more: https://www.theregister.co.uk/2018/01/18/innotab_kid_tech_still_vulnerable/

Intel

The firmware fixes issued for Spectre and Meltdown are causing an uptick in system reboots and other unexpected behaviors. While only thought to affect older chips, researchers have now determined that newer chips are also vulnerable. To read more: https://threatpost.com/intel-says-firmware-fixes-for-spectre-and-meltdown-affecting-newer-chips/129512/

Or: https://it.slashdot.org/story/18/01/22/1915232/intel-urges-oems-and-end-users-to-stop-deploying-spectre-patch-as-it-may-introduce-higher-than-expected-reboots?utm_source=rss1.0mainlinkanon&utm_medium=feed

GhostTeam

Researchers uncovered GhostTeam malware, which tries to steal Facebook login credentials and has been targeting Android users. Since April of 2017, 53 different Android applications have been identified as distributors of the malware. To read more: http://www.zdnet.com/article/this-android-malware-wants-to-steal-your-facebook-login-and-bombard-you-with-ads/

Dark Caracal

Dark Caracal is multi-platform and linked to 26 desktop malware IOCs, Android malware and 60 domain based IOCs. The advanced persistent threat campaign stole hundreds of gigabytes of data including personal information and IP from more than 21 countries. To read more: https://threatpost.com/sprawling-mobile-espionage-campaign-targets-android-devices/129524/

Dridex

The Dridex banking Trojan has evolved and is now compromising FTP websites. The malware spreads through both phishing campaigns and web injections. To read more: http://www.zdnet.com/article/dridex-banking-trojan-compromises-ftp-sites-in-new-campaign/

Uber

Uber is ignoring a security bug that allows an attacker to bypass the app’s two-factor authentication. Uber marked the bypass bug as “informative”, which means it contains useful information but does not warrant immediate action. To read more: http://www.zdnet.com/article/uber-security-flaw-two-factor-login-bypass/

ChaiOS

A software developer found a text-related bug in iOS that crashes the operating system with a simple chunk of HTML code. The recipient doesn’t even need to open the link for the device to crash. To read more: https://www.techrepublic.com/article/new-ios-text-bomb-cyberattack-can-crash-restart-your-iphone/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.