Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Chili’s Grill & Bar

The Chili’s restaurant chain suffered a data breach that potentially exposed customer credit-card information. The hack was discovered May 11th, and an as-yet unknown number of customers are involved. To read more: https://www.zdnet.com/article/chilis-restaurant-chain-suffers-data-breach/

Open-source vulnerabilities

Synopsys just released its 2018 Open Source Security and Risk Analysis report, which found that open-source software adoption in large companies is on the rise. However, 6% of the software used by these companies contains security vulnerabilities, some of which are more than four years old and have available patches. To read more: https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/

Adobe

Adobe released yet another round of security patches for 47 vulnerabilities. This came a week after the company’s now-customary monthly patch round. To read more: https://www.zdnet.com/article/adobe-sends-out-second-wave-of-security-updates-for-critical-vulnerabilities/

Rail Europe

Rail Europe, a site used by many Americans to buy train tickets in Europe, has announced a three-month data breach of credit and debit cards. The hackers also stole names, genders, delivery addresses, phone numbers, email addresses and in some cases user names and passwords of customers. To read more: https://www.zdnet.com/article/rail-europe-had-a-three-month-long-credit-card-breach/

Ubuntu store

Malware has been found in some snap packages from the official Ubuntu Snaps store. To read more: https://www.linuxuprising.com/2018/05/malware-found-in-ubuntu-snap-store.html

Facebook

A newly discovered data breach left more than four million Facebook users data exposed on an unsecured website for four years. The leak is linked to the “myPersonality” app created by the University of Cambridge. To read more: https://www.nationalreview.com/news/report-leak-exposed-more-than-3-million-facebook-users-data/

LocationSmart

LocationSmart, a firm that essentially enables cellphones to be tracked, apparently failed to take security precautions to prevent people from hacking the service. The company forgot to secure the API by which the service worked. To read more: https://techcrunch.com/2018/05/17/locationsmart-didnt-just-sell-mobile-phone-locations-it-leaked-them/

Telegram

Telegram, a secure messaging app, has been under attack from Russian hackers. The hack apparently works “by restoring cache and map files into an existing desktop installation,” enabling the attacker to access the victim’s communications. To read more: https://www.theregister.co.uk/2018/05/17/talos_telegram_desktop_attack/

APAC

A new study finds that one in four organizations in the Asia-Pacific region have experienced a cybersecurity incident, and 27% of organizations have no idea if they have been breached because they do not conduct assessments. To read more: https://www.zdnet.com/article/one-in-four-apac-firms-not-sure-if-they-suffered-security-breach/

Keeper

This password-management firm has fixed a bug that researchers claimed could have allowed access to a user’s private data. The bug, which has since been fixed, allowed anyone controlling Keeper’s API server to gain access to the decryption key to a user’s password vaults. To read more: https://www.zdnet.com/article/keeper-password-manager-flaw-zero-knowledge/

Phone-monitoring app

At least one server used by the TeenSafe app leaked tens of thousands of accounts of both parents and children. The app lets parents view their child’s texts and location, access their web-browsing histories, and find which apps they have installed. To read more: https://www.zdnet.com/article/teen-phone-monitoring-app-leaks-thousands-of-users-data/

Tidal

The Jay-Z-backed music-streaming service Tidal is investigating a potential data breach. There are also reports that the platform has manipulated its streaming and subscriber numbers. To read more: http://fortune.com/2018/05/18/tidal-royalty-payments-data-breach/

Reported Vulnerabilities

Panda banking trojan

A banking trojan called “Panda” is widening its net to attack other targets, such as online cryptocurrency exchanges and brokerage services, social media and porn sites. To read more: https://threatpost.com/panda-banking-trojan-diversifies-into-cryptocurrency-porn-other-targets/131911/

Vega Stealer

This malware was designed to harvest saved credential data from Google Chrome and Firefox browsers. To read more: https://www.zdnet.com/article/this-malware-is-harvesting-saved-credentials-in-chrome-firefox-browsers/

PGP/GPG email encryption

A team of researchers is planning to release details of a critical vulnerability that will have serious consequences for users of PGP/GPG, which encrypts and decrypts emails. The Electronic Freedom Foundation says there is also a risk that encrypted messages sent in the past could be exposed through exploitation of the vulnerability. To read more: https://www.grahamcluley.com/critical-vulnerabilities-in-pgp-gpg-and-s-mime-email-encryption-warn-researchers/

Microsoft Edge

Google Project Zero alleges that Arbitrary Code Guard (ACG), a Microsoft Edge browser security measure, is faulty. ACG was devised as an effective way to disrupt the typical browser-based exploit chain that attackers use to target a browser’s memory. To read more: https://threatpost.com/google-project-zero-calls-windows-10-edge-defense-acg-flawed/131931/

Rowhammer & Nethammer exploit

Some researchers involved in discovering Meltdown/Spectre have demonstrated new techniques for flipping bits using network requests. Rowhammer enables an attacker to write and rewrite memory, induces capacitor errors in DRAM, and the resulting data corruption can be manipulated to gain control over machines.

Nethammer works without any attacker-controlled code on the target. It attacks systems that use uncached memory or flush instructions while handling network requests. To read more: https://www.theregister.co.uk/2018/05/17/nethammer_second_remote_rowhammer_exploit/

Connected Vehicles

A bug enabled researchers to access backend systems of popular internet-connected vehicle-management systems. This could give an attacker everything they needed to track a vehicle’s location, steal its user information, and even shut down its engine. To read more: https://www.zdnet.com/article/flaw-connected-alarm-system-exposed-vehicles-remote-hacking/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.