Polyverse Weekly Breach Report

A snapshot look at the breaches and reported vulnerabilities of last week

Electroneum

The UK cryptocurrency startup was hit by a cyberattack that shut investors out of their accounts for several days. The company was due to launch its website and mobile app the week prior. To read more: http://www.telegraph.co.uk/technology/2017/11/06/british-cryptocurrencyelectroneum-hit-cyber-attack-raising-30m/

Twilio

A new vulnerability called Eavesdropper, which has been around since 2011, was discovered in 685 apps using the Twilio platform. That along with the hardcoded credentials could give an attacker global access to metadata in the developers’ Twilio accounts. The exposure could include hundreds of millions of call records, audio recordings and text messages. To read more: https://threatpost.com/eavesdropper-vulnerability-exposes-mobile-call-text-data/128838/

Huddle

The BBC discovered a security flaw in Huddle, an office collaboration tool. The glitch gave users full access to private financial documents. Huddle has since fixed the flaw. To read more: http://www.bbc.com/news/technology-41969061

CIA

According to Wikileaks, the CIA wrote code to impersonate Kaspersky Labs in order to siphon off sensitive data from hack targets. The forged digital certificates were used to authenticate malicious implants. To read more: https://www.theregister.co.uk/2017/11/10/cia_kaspersky_fake_certs_ploy/

Reported Vulnerabilities

Tor browser

A new bug exposes the real-world IP addresses of people using the Tor browser. It is triggered when a user clicks on a local file-based address. To read more: http://www.zdnet.com/article/critical-tor-browser-flaw-leaks-users-real-ip-addresses/

IEEE P1735 Standard

DHS’s US-CERT warned that the standard for encrypting electronic-design IP and the management of access rights is flawed. The flaw was first reported in September when researchers released a paper titled Standardizing Bad Cryptographic Practice. Seven CVE IDs are assigned to the flaw. To read more: https://threatpost.com/us-cert-warns-of-crypto-bugs-in-ieee-standard/128784/

Twitter

Two German twitter users were able to post a 30,000-character tweet. They exploited the platform with one large web address since Twitter no longer counts URLs in its 140-character limit. To read more: https://tech.slashdot.org/story/17/11/06/226257/twitter-exploit-let-two-pranksters-post-30000-character-tweet?utm_source=feedly1.0mainlinkanon&utm_medium=feed

Sowbug

The group behind the Sowbug ransomware is focused on foreign policy institutions and diplomatic targets in South America and South-East Asia. Governments in Brazil, Argentina, Peru, Ecuador, Malaysia and Brunei are all known victims of the campaign. To read more: http://www.zdnet.com/article/this-stealthy-cat-and-mouse-hacking-campaign-aims-to-steal-diplomatic-secrets/

Brother Printers

Printers manufactured and sold by Brother contain an unpatched vulnerability that can be abused by a remote attacker to trigger a Denial of Service. The vulnerability affects all Brother printers with the Debut embedded web server and can be exploited with a single malformed request. To read more: https://threatpost.com/brother-printers-susceptible-to-remote-denial-of-service-attacks/128790/

Linux Kernel

A security researcher disclosed 14 flaws in the Linux kernel USB subsystem. There are still around 40 flaws that have not been fixed or triaged, however physical access to a device is needed to launch an attack. To read more: https://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/

MantisTek GK2

The popular gaming keyboard has allegedly been caught keylogging strokes and sending them to a server maintained by Alibaba. The keylogger was noticed by a few owners who then went to an online forum to publicize the issue. To read more: https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html

Microsoft

Hackers are exploiting new vulnerabilities in the Dynamic Data Exchange protocol. The flaw allows messages and data to be shared between applications. To read more: https://www.tripwire.com/state-of-security/security-data-protection/microsoft-advisory-office-dde-malware/

AutoIT

IBM’s research team reports that hackers attacking Brazilian banks are using a Windows scripting tool called AutoIT to install a remote access Trojan. The use of the Trojan reduces the likelihood of antivirus detection of the malware. To read more: https://threatpost.com/autoit-scripting-used-by-overlay-malware-to-bypass-av-detection/128845/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.