Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

RetinaX Studios

A vigilante hacker broke into and wiped RetinaX Studios’ servers. The company sells spyware products targeted at parents and employers, but that are also used by people to spy on others without their consent. To read more: https://motherboard.vice.com/en_us/article/3k7a5k/hacker-wipes-spyware-retina-x-flexispy

Flight Simulator Game

FSLabs flight simulator software is using a controversial method to deal with piracy. The company is infecting pirates with malware designed to steal their Chrome passwords. FSLabs’ software includes a file called “text.exe”, which is a password stealer. To read more: https://motherboard.vice.com/en_us/article/pamzqk/fs-labs-flight-simulator-password-malware-drm

Coldroot

Coldroot, a remote Trojan, is Mac malware that can remotely control a vulnerable computer and steal passwords from a user’s keychain. The malware disguises itself as a document that, when opened, presents a prompt for a user to enter their password. To read more: http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/

City Union Bank

A year after the SWIFT international bank system enhanced its security an Indian bank confirmed that hackers gained access to the system and transferred 1.8 million dollars. To read more: https://www.theregister.co.uk/2018/02/19/crims_pull_another_swiftie_indian_bank_stung_for_nearly_us2m/

Tesla Cloud

Researchers at RedLock published findings that some of Tesla’s AWS cloud infrastructure was running crypto-mining malware. Tesla has since locked down its cloud platform. To read more: https://www.wired.com/story/cryptojacking-tesla-amazon-cloud/

Reported Vulnerabilities

Apple Text Bomb

Apple released updates on Monday that will protect Apple devices from crashing when they encountered a Unicode symbol representing a letter from the south Indian language of Telugu. To read more: https://www.grahamcluley.com/apple-fixes-killer-text-bomb-vulnerability-new-update-ios-macos-watchos-tvos/

Microsoft Edge

Google disclosed a flaw in Microsoft Edge before Microsoft was able to deliver a fix. The flaw impacts the just-in-time compiler and makes it possible to predict the memory space the compiler is about to use. The bug was subject to the 90-day disclosure deadline, but when that passed Microsoft announced that the bug will take longer to fix than expected. To read more: https://www.theregister.co.uk/2018/02/20/google_reveals_edge_bug_that_microsoft_has_had_trouble_fixing/

Jenkins

A Jenkins bug that was patched last year just became a vector for a cryptocurrency mining hijack. The miner exploits CVE-2017-1000353, which was fixed by the Jenkins team back in April of 2017. However, attackers have already made $3 million of Monero exploiting this flaw in Windows machines. To read more: https://www.theregister.co.uk/2018/02/20/unpatched_jenkins_servers_mining_monero/

Code-Signing Certificates

Hackers are using code-signing certificates to bypass security and infect their victims. Researchers from Recorded Future’s Insikt Group found that hackers are obtaining legitimate certificates in order to sign malicious code. To read more: http://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/

uTorrent

Google Project Zero researchers are warning of two remote code execution vulnerabilities in BitTorrent’s web-based uTorrent Web client. The flaw enables a hacker to plant malware on a user’s computer and view past download activity. To read more: https://threatpost.com/utorrent-users-warned-of-remote-code-execution-vulnerability/130030/

Amazon S3

“Ethical hackers” are warning businesses that leave their Amazon S3 cloud storage buckets open on the web. To read more: https://www.welivesecurity.com/2018/02/22/unsecured-amazon-s3-buckets-expose-private-data/

IoT baby monitors

The Mi-Cam from miSafes has outdated firmware that is vulnerable to many publicly known security vulnerabilities. By simply changing a single HTTP request an attacker can spy on a child’s nursery or talk to whoever is nearby. To read more: https://www.bitdefender.com/box/blog/family/hacking-iot-baby-monitors-childs-play-researchers-reveal/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.