Polyverse Weekly Breach Report

breach_report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Google+
Google+ suffered another massive data breach, which forced Google to shut down its social network earlier than scheduled. A vulnerability was discovered in one of Google+’s People APIs that developers could exploit to steal private information on 52.5 million users. Read more: https://thehackernews.com/2018/12/google-plus-hacking.html

Marriott
China’s Ministry of State Security is believed to be behind the Marriott breach that exposed the personal information of up to 500 million people. This information was revealed as the U.S. Department of Justice was preparing to announce new indictments against Chinese hackers working for the intelligence and military services. Read more: https://www.cnet.com/news/chinese-spies-reportedly-behind-massive-marriott-hack/

Yandex Maps
Yandex Maps, a Russian online mapping service, unintentionally revealed the secret locations of the foreign military bases it was trying to obscure. When the company accidentally blurred the precise locations of Turkish and Israeli military bases, it pinpointed their exact locations. Read more: https://www.popularmechanics.com/military/a25461748/yandex-mapping-service-locates-secret-military-bases/

Saipem
The servers of Italian oil services firm Saipem were hit by a cyberattack from India. The attack originated in Chennai, India and affected servers in Saudi Arabia, the UAE, Kuwait and Scotland. Read more: https://www.offshore-technology.com/news/saipem-middle-east-cyber-attack/

Albania
Albania posted sensitive information about its senior intelligence operatives on the internet in what appears to be a security breach. The records show the names and national identification card numbers of agents in the State Intelligence Service who are operating inside Albania and abroad. Read more: https://www.independent.co.uk/news/world/europe/albania-intelligence-data-posted-online-nato-defence-military-finance-security-a8672446.html

U.S. Navy Contractors
The U.S. Navy and the Air Force are considered choice targets for hackers looking to steal military technology. Researchers found that Chinese hackers breached third party contractors in the past 18 months. Read more: https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401

Bomb Threats
Businesses, schools, government offices and individuals across the U.S., New Zealand and Canada received emailed bomb threats last Thursday. The emails were sent by scammers threatening to detonate a bomb unless a bitcoin payment of $20,000 was paid. Read more: https://thehackernews.com/2018/12/bomb-email-hoax-bitcoin.html

Reported Vulnerabilities

Adobe
Adobe patched 87 vulnerabilities in its Acrobat and Reader software for both MacOS and Windows. This security update comes a week after Adobe patched a critical zero-day in Flash Player that was actively exploited in an attack against a Russian healthcare institution. Read more: https://thehackernews.com/2018/12/adobe-acrobat-update.html

PayPal
A new banking Trojan is targeting Android users running the PayPal app. The malware is disguised as a battery optimization tool that is distributed via third-party app stores. If a user logs into the PayPal app on a compromised device, the malware mimics the user’s clicks and sends money to the attacker. To read more: https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/

Microsoft
Microsoft patched a zero-day that was actively exploited by the hacking groups FruityArmor and SandCat APTs. The zero-day is an elevation-of-privilege (EoP) vulnerability found in the Windows Kernel (ntoskrnl.exe). Read more: https://thehackernews.com/2018/12/microsoft-patch-updates.html

phpMyAdmin
Developers of PhpMyAdmin, one of the most the widely used MySQL database management systems, are urging users to immediately patch their systems due to a severe vulnerability. The vulnerabilities include a local file inclusion bug, cross-site request forgery and a cross-site scripting issue. Read more: https://thehackernews.com/2018/12/phpmyadmin-security-update.html

Facebook
Facebook disclosed a bug in its platform that enabled third-party apps to access unpublished photos of 6.8 million users. The issue was in the photo API, which gave developers access to photos shared on Marketplace or Facebook Stories, as well as photos that were uploaded to the site but not posted. To read more: https://threatpost.com/facebook-photos-exposed/139940/

WordPress
A week after releasing a major update, the WordPress team had to push an updated security patch. The creators of Yoast SEO plugin discovered that the activation screen for new users could end up being indexed by Google. The leak has serious consequences if the user is an admin. Read more: https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/

SQLite
A new SQLite flaw was discovered that could allow remote attackers to execute malicious code on affected devices, leak program memory or crash applications. SQLite is a popular disk-based relational database management system. An updated version has been released to address the issue. Read more: https://thehackernews.com/2018/12/sqlite-vulnerability.html

Tesla Model 3
A Redditor was able to gain root access to the infotainment system in his Tesla Model 3. He was attempting to install Ubuntu to add new functionality like being able to bring SSH into the car. Read more: https://cleantechnica.com/2018/12/13/hacker-installs-linux-on-his-tesla-model-3/

Want to learn more?

Sign up below and receive these reports and more, directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.