Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

IBM

IBM began to release its patches for Meltdown and Spectre last week. However, they will not have a complete fix until mid-February. They are having problems with the same processor issues that Google encountered. To read more: https://www.theregister.co.uk/2018/01/10/ibm_meltdown_spectre_patches_not_arriving_until_mid_february/

Intel Performance

Intel has made it clear that patching the Spectre and Meltdown vulnerabilities will mean that at least some PCs will take a performance hit. To read more: http://www.zdnet.com/article/how-much-slower-will-your-pc-feel-after-patching-for-spectre-and-meltdown/

Ubuntu

Canonical has re-released its Meltdown update for Ubuntu users after the first patch failed to boot. To read more: http://www.zdnet.com/article/linux-vs-meltdown-ubuntu-gets-second-update-after-first-one-fails-to-boot/

Microsoft

Microsoft will not install its Meltdown patch on your computer until your antivirus vendor sets a specific registry key that certifies compatibility. To read more: http://www.zdnet.com/article/microsoft-no-more-windows-patches-at-all-if-your-av-clashes-with-our-meltdown-fix/

Apple

Apple released patches last week for its iPhones, iPads and iPod Touch models for the Spectre vulnerabilities. To read more: https://threatpost.com/apple-releases-spectre-patches-for-safari-macos-and-ios/129365/

Reported Vulnerabilities

WhatsApp

A flaw in WhatsApp makes it possible for anyone to insert themselves into a private group chat. The platform fails to properly authenticate group invitations. To read more: https://www.tripwire.com/state-of-security/featured/whatsapp-flaw-could-allow-anyone-to-sneak-into-your-private-group-chat/

Western Digital MyCloud

A researcher found a security vulnerability in WD’s MyCloud storage devices. There is a hidden firmware backdoor that enables anyone to login remotely, using the username mydlinkBRionyg, and the password abc12345cba. To read more: https://www.grahamcluley.com/locked-dont-worry-heres-hardcoded-password-wd-cloud-nas-device/

Intel AMT

Researchers found a loophole in Intel processors that enable an attacker to bypass logins and place backdoors on laptops. The technique, however, requires attackers to have physical access to the computers. To read more: https://threatpost.com/intel-amt-loophole-allows-hackers-to-gain-control-of-some-pcs-in-under-a-minute/129408/

Google Play Store

Google took down 60 gaming applications after security researchers discovered malicious software in the apps that were previously downloaded by millions of users. The malicious software displayed pornographic ads and attempted to trick users into buying services. To read more: https://www.reuters.com/article/us-cyber-google-pornography/google-removes-gaming-apps-with-pop-up-porn-malware-idUSKBN1F129Q

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.