Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Windows

A security researcher said that three leaked NSA exploits will work on all Windows systems from the past 18 years. The three exploits are EternalChampion, EternalRomance and EternalSynergy. To read more: https://www.bleepingcomputer.com/news/security/nsa-exploits-ported-to-work-on-all-windows-versions-released-since-windows-2000/

Cisco

Cisco has released new security updates for the bug affecting its Adaptive Security Appliance software. This comes after engineers discovered new ways to attack the bug that weren’t addressed in the original patch. To read more: http://www.zdnet.com/article/cisco-you-need-to-patch-our-security-devices-again-for-dangerous-asa-vpn-bug/

Story update: https://threatpost.com/cisco-confirms-critical-firewall-software-bug-is-under-attack/129858/

Mixpanel

This website-analytics company has admitted to harvesting passwords. One of its services tracks every aspect of a user’s visit to the website, including their passwords. To read more: https://www.theregister.co.uk/2018/02/07/mixpanel_slurped_passwords_in_library_update_slip/

Lenovo

Lenovo is warning customers that two critical Broadcom vulnerabilities impact 25 models of its ThinkPad laptops. The number has grown from when the vulnerabilities were initially found last September. To read more: https://threatpost.com/lenovo-warns-critical-wifi-vulnerability-impacts-dozens-of-thinkpad-models/129860/

Amazon S3 buckets

An improperly configured Amazon S3 bucket, managed by marketing-firm Octoly, exposed the contact information and personal details for more than 12,000 social-media “influencers.” The bucket also contained thousands of hashed user passwords. To read more: https://threatpost.com/leaky-amazon-s3-bucket-exposes-personal-data-of-12000-social-media-influencers/129810/

Reported Vulnerabilities

Western Digital

Researchers disclosed two vulnerabilities in Western Digital My Cloud storage devices. These could enable an attacker to delete files stored on the devices or to execute shell commands as root. To read more: https://threatpost.com/new-western-digital-my-cloud-bugs-give-local-attackers-root-to-nas-devices/129766/

Grammarly

Grammarly has fixed a security bug in its Chrome extension that permitted access to any user account, exposing users’ private documents and data. To read more: http://www.zdnet.com/article/grammarly-flawed-chrome-extension-exposed-private-documents/

Autosploit

A cybersecurity enthusiast released a new tool called AutoSploit, which leverages two popular security tools in an attempt to automate the exploitation of remote hosts. The release of the tool on GitHub has triggered concerns over its ability to mass-exploit thousands of vulnerable IoT devices. To read more: https://arstechnica.com/information-technology/2018/02/threat-or-menace-autosploit-tool-sparks-fears-of-empowered-script-kiddies/

OpenVMS

A patch is available for a privilege-escalation flaw affecting the OpenVMS operating system on hardware powered by VAX and Alpha processors. While many systems have since upgraded, the OS historically was used in nuclear power plants and process-control systems. To read more: http://www.zdnet.com/article/mission-critical-system-alert-40-year-old-openvms-hit-by-exploitable-bug/

Hotspot Shield

A security researcher discovered a way to find users of the popular free VPN service, Hotspot Shield. Hotspot Shield has 500 million users around the world that rely on its privacy services. To read more: http://www.zdnet.com/article/privacy-flaw-in-hotspot-shield-can-identify-users-locations/

Microsoft and Google Drive

Google Drive and Microsoft Office 365 failed to identify a new form of ransomware called Shurl0ckr. The zero-day ransomware evaded all but 7% of antivirus platforms. Microsoft OneDrive had the highest rate of infection. To read more: https://www.darkreading.com/cloud/new-zero-day-ransomware-evades-microsoft-google-cloud-malware-detection/d/d-id/1330999

LogMeIn

A new strain of point-of-sale malware called UDPos disguises itself as a LogMeIn service pack to hide the theft of data. To read more: http://www.zdnet.com/article/udpos-malware-hides-in-dns-traffic-to-target-point-of-sale-systems/

iBoot

iBoot, part of Apple’s source code, was anonymously published on Github. This secure-boot firmware ensures that iOS will only run apps digitally signed by Apple. Its release could have major cybersecurity consequences for Apple devices. To read more: https://hotforsecurity.bitdefender.com/blog/apples-ios-source-code-leak-what-you-need-to-know-19573.html

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.