Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported breaches and vulnerabilities

Data-breach detection
According to a new study, data breaches are taking longer to detect than last year. It now takes an average of 197 days for a company to identify a breach and 69 days to contain it. To read more: https://www.natlawreview.com/article/data-breaches-taking-slightly-longer-to-detect-study-finds

HealthCare.gov
A government computer system that interacts with HealthCare.gov was compromised earlier this month, and the personal data of 75,000 people was accessed by the hacker. To read more: https://www.apnews.com/212e1e36b10945968704bd7e86598a65

Voter records
Cybersecurity researchers found the personal information and voting history for more than 35 million US voters for sale on a popular dark-web hacking forum. To read more: https://www.komando.com/happening-now/498324/hacked-tens-of-millions-of-us-voter-records-are-being-sold-on-the-dark-web-what-this-means-to-you

PHP
More than 62% of websites are still running PHP version 5, even as support for it is being dropped later this year. Starting December, versions 5.6 and 7.0 will no longer be supported, and users are being urged to upgrade their PHP in order to ensure security. To read more: https://threatpost.com/as-end-of-life-nears-more-than-half-of-websites-still-use-php-v5/138352/

Reported Vulnerabilities

iPhone
A security researcher discovered a bug in iOS 12 that enables attackers to access contacts and photos of any iPhone in their possession. To read more: https://thehackernews.com/2018/10/iphone-lock-passcode-bypass.html

Tumblr
Tumblr recently patched a security vulnerability on its website that could have enabled hackers to steal login credentials and other private information. To read more: https://thehackernews.com/2018/10/tumblr-account-hacking.html

LibSSH
A four-year-old vulnerability has been discovered in the Secure Shell implementation library known as Libssh. The vulnerability is an authentication-bypass issue that was introduced in Libssh version 0.6, released in 2014. To read more: https://thehackernews.com/2018/10/libssh-ssh-protocol-library.html

Update: Red Hat and F5 Networks have announced that their products are affected by the vulnerability. To read more: https://www.zdnet.com/article/vendors-confirm-products-affected-by-libssh-bug-as-poc-code-pops-up-on-github/

jQuery
Hackers have abused a zero-day for the past three years in one of the most popular jQuery plugins. The vulnerability impacts the jQuery File Upload plugin, which is the second most starred jQuery project on GitHub. To read more: https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/

Azorult
This malware, which can steal everything from passwords and credit-card details to cryptocurrencies appears to have been updated. To read more: https://www.zdnet.com/article/password-and-credit-card-stealing-azorult-malware-adds-new-tricks/

VLC
Security researchers discovered a serious code-execution vulnerability in the LIVE555 Streaming Media library that is used by VLC and MPlayer. LIVE555 is a set of C++ libraries that applications use to stream multimedia over open-standard protocols. To read more: https://thehackernews.com/2018/10/critical-flaw-found-in-streaming.html

D-Link routers
Eight D-Link routers are vulnerable to complete takeover; D-Link, however, says it will patch only two of them. A full compromise including remote command-injection can be achieved by linking three of the cascading vulnerabilities together. To read more: https://threatpost.com/multiple-d-link-routers-open-to-complete-takeover-with-simple-attack/138383/

Medtronic cardiac programmers
A flaw in Medtronic’s CareLink 2090 and CareLink Encore 29901 programmers could have enabled remote code implantation over the dedicated software-deployment network. The programmers are used for programming, testing and evaluating “cardiac implantable electrophysiology devices” such as pacemakers. To read more: https://threatpost.com/remote-code-implantation-flaw-found-in-medtronic-cardiac-programmers/138363/

Windows PCs
A security researcher has found a simple way of assigning admin rights and gaining boot persistence on Windows PCs. The technique was first detailed in December 2017, but has not received any media coverage or been observed in any malware campaigns since then. To read more: https://www.zdnet.com/article/researcher-finds-simple-way-of-backdooring-windows-pcs-and-nobody-notices-for-ten-months/

Want to learn more?

Sign up below and receive these reports and more directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.