Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported breaches and vulnerabilities

Windows

A security researcher disclosed the details of an unknown zero-day vulnerability in Windows. The zero-day has been confirmed to work on a “fully-patched 64-bit Windows 10 system”. To read more: https://thehackernews.com/2018/08/windows-zero-day-exploit.html

Fortnite

Security researchers from Google disclosed a security flaw in the Fortnite installer for Android. The flaw could allow other apps on targeted devices to manipulate the installation process and load malware instead of the Fortnite APK. To read more: https://thehackernews.com/2018/08/fortnite-android-app-apk.html

Bank of Spain

The Bank of Spain’s website was hit with a cyberattack that disrupted access to the site. However, the attack did not affect the bank’s services or communications with the European Central Bank. To read more: https://www.reuters.com/article/us-spain-cyber-cenbank/bank-of-spains-website-hit-by-cyber-attack-idUSKCN1LC23B

Atlas Quantum

Atlas Quantum revealed that over 261,000 customer accounts were impacted following a major breach. To read more: https://bitcoinexchangeguide.com/brazils-atlas-quantum-crypto-trading-platform-succumbs-to-exposure-of-personal-data-breach/

ABBYY

A developer of an optical character recognition and text-scanning software, called ABBYY, accidentally left an AWS hosted MongoDB server exposed on the internet. The server contained 142GB of a customer’s scanned documents that required no password to access. To read more: https://www.tripwire.com/state-of-security/security-data-protection/ocr-abbyy-leaks-customer-mongodb-server-snafu/

Air Canada

Air Canada has confirmed a data breach that impacted 20,000 customers who use its mobile app. The company detected unusual login behavior during which time personal information may have been improperly accessed. The exposed data includes names, email addresses, phone numbers and passport information. To read more: https://thehackernews.com/2018/08/air-canada-data-breach.html

Cosmos Bank

Security researchers have outlined the attack that affected the Cosmos Bank. The breach leveraged ATM test software or made changes to the deployed ATM payment switch software to create a malicious proxy switch. This system was used to authorize $11.5m in fraudulent ATM withdrawals. To read more: https://www.theregister.co.uk/2018/08/29/cosmo_bank_cyberheist/

Hauzhu Group

A Chinese hotel group has suffered a security breach that compromised 500 million pieces of customer data, including the 150 million accounts currently for sale on the dark web. The hotel chain is one of China’s largest. To read more: https://www.zdnet.com/article/chinese-police-investigating-security-breach-of-hotel-group/

US State Department

A branch of the US State Department was found to be ignoring basic information security practices. Among the problems found were outdated, poorly monitored machines and shared passwords with a lack of visitor logs. To read more: https://www.theregister.co.uk/2018/08/30/state_department_fail/

DraftKings

DraftKings, a sports betting service, fell victim to a cyberattack that brought down its servers. An unknown attacker launched a DDoS attack which disrupted service for half an hour. To read more: http://www.bostonherald.com/business/business_markets/2018/09/draftkings_hit_by_cyberattack_ahead_of_nfl_season_kickoff

Reported Vulnerabilities

Misfortune Cookie

A security flaw impacting routers is now affecting medical devices, the vulnerability has a severity rating of 9.8. The flaw called “Misfortune Cookie” impacts residential gateway SOHO routers and if exploited allows attackers to remotely hijack devices. To read more: https://www.zdnet.com/article/misfortune-cookie-vulnerability-impacts-medical-devices/

Android

A vulnerability was discovered in the Google Android operating system which could allow attackers to capture WiFi broadcast data in order to track users. A patch has since been released for the vulnerability. To read more: https://www.zdnet.com/article/android-operating-system-vulnerability-leaks-device-data-allows-user-tracking/

Apache Struts

A threat intel firm has warned that hackers are abusing the vulnerability in Apache Struts 2. This new vulnerability is easier to exploit than the Struts flaw that was used in the Equifax breach. Hackers are most commonly abusing the flaw to install the CNRig cryptocurrency miner. To read more: https://www.theregister.co.uk/2018/08/30/apache_struts_vuln_exploited/

Syringe Pump

There are two critical vulnerabilities in the Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump. One of the flaws allows an attacker to use a specially crafted HTTP cookie to write data to an arbitrary address in the device memory without requiring authentication. To read more: https://threatpost.com/critical-flaws-in-syringe-pump-device-gateways-threaten-patient-safety/137067/

Philips E-Alert

Nine vulnerabilities were found in the Philips e-Alert Unit, which is a tool that monitors MRI system performance. Attackers could exploit these vulnerabilities to compromise unit integrity. To read more: https://healthitsecurity.com/news/9-cybersecurity-vulnerabilities-found-in-philips-e-alert-tool

Rocke

A new threat actor has been spotted leveraging a wide array of Git repositories to infect vulnerable systems with cryptomining malware. The threat actor was first spotted in April when its malware was found in both Western and Chinese honeypots attempting to exploit the Apache Struts vulnerability. To read more: https://threatpost.com/new-threat-actor-rocke-a-rising-monero-cryptomining-menace/137090/

BusyGasper

A new malware campaign is leveraging spyware called BusyGasper, which is effective at collecting data on Android phones and exfiltrating it. The mobile malware has been active since 2016. To read more: https://threatpost.com/busygasper-malware-packs-a-simple-but-potent-punch/137050/

Email security

A new study from Mimecast shows that malicious links in emails are being missed by many security systems. This calculates out to a ratio of one unstopped malicious link for every 50 emails inspected. To read more: https://betanews.com/2018/08/28/email-security-misses-malicious-links/

Want to learn more?

Sign up below and receive these reports and more directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.