Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported breaches and vulnerabilities

StatCounter
Malicious JavaScript bundled within the traffic-tracking code from StatCounter, a web-analytics company, was found on 700,000 websites. The hackers were targeting Gate.io, a cryptocurrency exchange, by compromising the analytics service it was using. To read more: https://thehackernews.com/2018/11/statcounter-cryptocurrency-cyberattack.html

Ontario Cannabis Store
Ontario’s sole legal retailer of recreational cannabis announced that an attacker had accessed the order records of 4,500 customers. The compromised information included postal tracking numbers as well as names and addresses. To read more: https://www.zdnet.com/article/canada-post-leaked-personal-data-orders-of-thousands-of-cannabis-smokers/

IoT botnet
A new botnet of 100,000 home routers has recently surfaced. The botnet’s operators are using infected routers to connect with webmail services and then executing email spam campaigns. To read more: https://www.zdnet.com/article/iot-botnet-infects-100000-routers-to-send-hotmail-outlook-and-yahoo-spam/

HSBC
International banking giant HSBC reported a breach in October due to a credential-stuffing attack. The bank became aware that some online accounts were being accessed by unauthorized users between October 4th and 14th. To read more: https://threatpost.com/hsbc-data-breach-hits-online-banking-customers/138856/

Nordstrom
Nordstrom is notifying employees of a security breach that exposed their personally identifiable information, including names, social-security numbers and more. The company has not released the number of employees affected by the breach. To read more: https://www.seattletimes.com/business/retail/security-breach-at-nordstrom-exposed-sensitive-employee-data/

Healthcare.gov
Late last month it was announced that hackers had siphoned thousands of Healthcare.gov applications by breaking into broker and agent accounts. The Centers for Medicare & Medicaid Services (CMS) said that the stolen personal data included immigration status and tax information. CMS previously said that the breach affected 75,000 people, but this number is likely to increase. To read more: https://techcrunch.com/2018/11/09/hackers-stole-income-immigration-and-tax-data-in-healthcare-gov-breach-government-confirms/

Reported Vulnerabilities

Solid-state drives
Security researchers discovered multiple critical vulnerabilities in some popular self-encrypting solid-state drives. The flaws could enable an attacker to decrypt disks and recover protected data without knowing the password. To read more: https://thehackernews.com/2018/11/self-encrypting-ssd-hacking.html

WooCommerce
An arbitrary file-deletion vulnerability in the popular WooCommerce plugin for WordPress could enable an attacker to gain full control over unpatched websites. WooCommerce powers nearly 35% of e-stores on the internet — more than four million installations. To read more: https://thehackernews.com/2018/11/woocommerce-wordpress-hacking.html

VirtualBox
A researcher disclosed a zero-day vulnerability in VirtualBox, a popular open-source virtualization software from Oracle. The vulnerability occurs due to memory-corruption issues. The flaw is independent of the operating system being used because it resides in a shared codebase. To read more: https://thehackernews.com/2018/11/virtualbox-zero-day-exploit.html

Steam
A security researcher found a bug that would have enabled him to download all the activation keys in the Steam gaming platform. The bug is in Steamworks, a platform that Valve runs to help developers build and publish games on Steam. To read more: https://www.zdnet.com/article/steam-bug-could-have-given-you-access-to-all-the-cd-keys-of-any-game/

St. Francis Xavier University
This Nova Scotia university had to shut down its entire computer network after it was discovered that the system was being used to mine cryptocurrency. To read more: https://www.zdnet.com/article/university-shuts-down-network-to-thwart-cryptojacking-attack/

Cisco Systems
Cisco accidentally sent users exploit code that was used for security tests of part of its TelePresence Video Communication Server and Expressway Series software. The code exploits the Dirty Cow vulnerability, a well-known vulnerability in the Linux kernel. To read more: https://threatpost.com/cisco-accidentally-released-dirty-cow-exploit-code-in-software/138888/

Apache Struts
The Apache Software Foundation warned that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the library are being urged to update their projects manually. To read more: https://threatpost.com/apache-struts-warns-users-of-two-year-old-vulnerability/138820/

Cisco Systems
Cisco’s latest patch marks the seventh time this year that the company has removed a backdoor account from one of its products. To read more: https://www.zdnet.com/article/cisco-removed-its-seventh-backdoor-account-this-year-and-thats-a-good-thing/

Monero
A Monero miner was responsible for the sixth-largest cyberattack in Switzerland. The mining malware enabled Monero mining from personal computers without the victims’ knowledge. To read more: https://bcfocus.com/news/monero-mining-malware-responsible-for-6th-largest-cyber-attack-in-switzerland-report/26279/

Want to learn more?

Sign up below and receive these reports and more directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.