Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Uber

Uber concealed the theft of personal information of 57 million customers and drivers. Rather than inform anyone, Uber paid the hackers $100,000 to delete the data and keep the breach quiet. To read more: https://www.grahamcluley.com/uber-hackers-paid-data-breach/

Imgur

Imgur confirmed a hack dating back to 2014 occurred. The hackers stole 1.7 million email addresses and passwords scrambled with the SHA-256 algorithm. To read more: http://www.zdnet.com/article/imgur-reveals-hackers-stole-login-data/

Reported Vulnerabilities

Microsoft

US-CERT is warning of a vulnerability in ASLR that affects Windows 8, 8.1 and 10. The vulnerability could allow a remote attacker to take control of an affected system. To read more: https://threatpost.com/us-cert-warns-of-aslr-implementation-flaw-in-windows/128948/

F5

There is a bug in the RSA implementation that can give an attacker access to encrypted messages. The vulnerability only works in systems configured to enable the ancient SSLv2. To read more: https://www.theregister.co.uk/2017/11/20/f5_crypto_weakness/

Intel

Eleven severe bugs were found that affect the Management Engine, Trusted Execution Engine, and Server Platform Services. To read more: http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/

HP

HP released patches for dozens of enterprise-class printer models affected by a code execution bug. The vulnerability is tied to insufficient solution DLL signature validation. To read more: https://threatpost.com/hp-to-patch-bug-impacting-50-enterprise-printer-models/128984/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.