Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Equifax hack

Researchers found that at least 10,800 companies have downloaded vulnerable versions of the Apache Struts software that was exploited in the Equifax hack even though patches are available. Over half of Fortune Global 100 firms are still using vulnerable versions. To read more: https://www.zdnet.com/article/after-equifax-breach-companies-rely-on-same-flawed-software/

Equifax redux

Equifax has published new details about the information stolen in the infamous 2017 hack. While the number of breached individuals has not increased, an audit by Mandiant, a security firm, found that more types of records were accessed by the hackers than originally thought. To read more: https://www.theregister.co.uk/2018/05/08/equifax_breach_may_2018/

Intel

A new report says that Intel’s CPUs are affected by eight new Spectre-level vulnerabilities. To read more: https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/

KrebsOnSecurity attack

The huge 2016 DDoS attack against security blog KrebsOnSecurity — which knocked the site offline for four days — was executed via hacked IoT devices. A new study found that the hack cost device owners more than $323,000 in excess power and added bandwidth consumption. To read more: https://krebsonsecurity.com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/

Drupe

Drupe, a communications app, has been uploading user data to unprotected AWS buckets that required no password to access. To read more: https://hotforsecurity.bitdefender.com/blog/drupe-app-removed-from-google-play-store-after-photos-and-messages-leaked-publicly-19883.html

Telstra

Telstra, an Australian telecoms company, says that its cloud service has a “weakness,” and that users should “delete or disable” the TOPS or TIRC account on self-managed servers. To read more: https://www.theregister.co.uk/2018/05/11/telstra_self_managed_cloud_security_incident/

Reported Vulnerabilities

SynAck

Researchers have identified a new variant of the SynAck ransomware that is using Process Doppelganging to bypass antivirus software. The technique is similar to what is known as Process Hollowing, where attackers replace the memory of a legitimate process with malicious code. To read more: https://threatpost.com/variant-of-synack-malware-adopts-doppelganging-technique/131760/

Windows

Microsoft’s Patch Tuesday addressed a critical flaw in the VBScript engine that attackers has been using to compromise machines via Internet Explorer. The attack, called Double Kill, is delivered via Office documents that then open a malicious webpage in the background. To read more: https://www.zdnet.com/article/windows-critical-flaw-this-security-bug-is-under-attack-right-now-says-microsoft/

Railway-network wi-fi

Researchers found that security flaws on certain railway networks may expose customer credit-card information. The researchers are not aware of any instances of these networks being compromised, but consider it an ongoing possibility. To read more: https://www.theregister.co.uk/2018/05/11/train_wifi_hackable_on_some_networks/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.