Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported breaches and vulnerabilities

Spying Chips
Testers found a tiny microchip that wasn’t part of the motherboards original design implanted in devices. Investigators determined that the chips allowed attackers to create a stealth doorway into any network that included the altered machines. To read more: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Pigeoncoin
A hacker exploited a vulnerability in the Pigeoncoin cryptocurrency to steal 235 million PGN tokens. To read more: https://www.zdnet.com/article/hacker-wastes-entire-day-hacking-pigeoncoin-cryptocurrency-only-to-make-15000/

Burgerville
Burgerville chain revealed a data breach that led to the theft of customers’ credit card information. The malware was installed on Burgerville systems in order to scrape and steal data. To read more: https://www.zdnet.com/article/burgerville-customer-credit-card-info-stolen-in-data-breach-laid-at-fin7s-feet/

Facebook
Hackers are selling Facebook login credentials for $3.00 dollars on the dark web. According to a study by Money Guru the logins which were compromised in the latest Facebook data breach can be bought for 2.30 pounds. To read more: https://nypost.com/2018/10/01/hackers-are-selling-facebook-logins-on-the-dark-web-for-2/

Reported Vulnerabilities

iPhone
There is a passcode bypass vulnerability in Apple’s new iOS version 12 that could allow an attacker to access photos and contacts on a locked iPhone XS and other new models. To read more: https://thehackernews.com/2018/10/iphone-passcode-bypass-hack.html

GhostDNS
Chinese researchers have found a widespread malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack other users. GhostDNS scans for the IP addresses of routers that use weak or no password, access the routers’ settings and then changes the default DNS address to one controlled by the attackers. To read more: https://thehackernews.com/2018/10/ghostdns-botnet-router-hacking.html

Atlantis Word Processor
Researchers found a variety of critical vulnerabilities in the Atlantis Word Processor which permit attackers to execute code. The processor is software used to create documents in a variety of formats and the conversion of files into eBook and ePub formats. To read more: https://www.zdnet.com/article/code-execution-bugs-plague-atlantis-word-processor/

Gwinnett Medical Center
Gwinnett Medical Center is investigating a possible data breach that leaked patient information online. There are no other details that have yet been released regarding the breach. To read more: https://www.zdnet.com/article/gwinnett-medical-center-investigates-possible-data-breach/

Recipe Unlimited
A Canadian restaurant chain suffered a country-wide outage of its IT systems that was described as a malware outbreak. Not all restaurants were affected. To read more: https://www.zdnet.com/article/restaurant-chain-suffers-canada-wide-outage-after-malware-outbreak/

ATM Hack
A new ATM scheme is being used by the North Korean APT hacking group called Hidden Cobra. The attackers use malware called “FASTCash” that remotely compromises payment switch application servers within the targeted banks. The malware intercepts transaction requests associated with the attackers’ payment cards and responds with fake affirmative responses without validating their available balance, fooling ATMs to spit out cash. To read more: https://thehackernews.com/2018/10/bank-atm-hacking.html

Adobe
Adobe has sent an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for Windows and macOS. To read more: https://www.theregister.co.uk/2018/10/02/adobe_acrobat_reader_patch/

Mozilla
Mozilla resolved a critical vulnerability in the Thunderbird email client. The security flaw is a memory corruption issue that could be exploited to run arbitrary code. To read more: https://www.zdnet.com/article/mozilla-resolves-critical-remote-code-execution-flaw-in-thunderbird-email-client/

WhatsApp
The Israeli government sent out nationwide security alerts that WhatsApp accounts were being hijacked. The possibility of account takeover happens when an attacker tries to add a legitimate user’s number to a new WhatsApp app installation on his/her own phone. To read more: https://www.zdnet.com/article/recent-wave-of-hijacked-whatsapp-accounts-traced-back-to-voicemail-hacking/

Cisco
Three critical bugs among 26 others disclosed this week, were discovered in Cisco’s Prime Infrastructure and Digital Network Architecture Center products. Cisco has recently released patches for the issues or admins can disable TFTP and use SFTP or the Secure Copy Protocol instead. To read more: https://www.theregister.co.uk/2018/10/05/cisco_patches_oct_2018/

Want to learn more?

Sign up below and receive these reports and more directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.