Weekly Breach Report – Jul 13th

Jul 13, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

EncroChat

European and British law enforcement agencies arrested hundreds of criminals after infiltrating into the encrypted communication app EncroChat. The Hacker News: https://thehackernews.com/2020/07/encrochat-encrypted-phone.html 

 

Clubillion

Researchers discovered a data breach on Clubillion, a casino gambling app with millions of daily active players. European Gaming: https://europeangaming.eu/portal/latest-news/2020/07/08/73747/popular-gambling-app-exposed-millions-of-users-in-massive-data-leak/

 

Microsoft users

A massive phishing campaign is targeting Microsoft Office 365 customers across 62 countries. The Seattle Times: https://www.seattletimes.com/business/vast-phishing-campaign-hits-microsoft-users-in-62-countries/

 

Hapvida

Brazilian health insurer announced it suffered a cyberattack that potentially involved customer personal information. Reuters: https://in.reuters.com/article/us-hapvida-cyber-attack/brazils-hapvida-discloses-cyber-breach-potential-client-data-leak-idINKBN2471IP

 

Frost & Sullivan

The business consulting firm suffered a major data breach exposing personal data. Digital Journal: http://www.digitaljournal.com/tech-and-science/technology/frost-sullivan-suffers-from-global-data-breach/article/574409

 

Swvl

A data breach hit a bus operator in Egypt, Kenya, and Pakistan. The Daily Swig: https://portswigger.net/daily-swig/egyptian-bus-operator-swvl-hit-by-data-breach

 

Tokopedia

A data breach at the Indonesian company Tokopedia exposed the personal data of 91M users. Coconuts Jakarta: https://coconuts.co/jakarta/news/private-data-of-91-million-tokopedia-users-openly-traded-online-cyber-security-firm/

 

Facebook

Facebook took down several networks based in Brazil, Canada, Ecuador, Ukraine, and the US that violated the social network’s policy against foreign interference. CyberWire: https://thecyberwire.com/newsletters/daily-briefing/9/132

 

Dark Web

A new audit of the Dark Web revealed 15bn stolen logins from 100,000 breaches. Forbes:

https://www.forbes.com/sites/daveywinder/2020/07/08/new-dark-web-audit-reveals-15-billion-stolen-logins-from-100000-breaches-passwords-hackers-cybercrime/#a0c7eaf180fb

 

Magellan Health

An April ransomware attack on Magellan Health impacted over 365,000 patients’ data. HealthITSecurity:

https://healthitsecurity.com/news/magellan-health-data-breach-victim-tally-reaches-365k-patients

 

Russian Hacker

A Russian hacker found guilty in California court for the Dropbox, LinkedIn, and Formspring breaches. ZDNet: https://www.zdnet.com/article/russian-hacker-found-guilty-for-dropbox-linkedin-and-formspring-breaches/

 

Dunzo

A hyperlocal Indian delivery service suffered a data breach that exposed customer emails and phone numbers. The Next Web: https://thenextweb.com/in/2020/07/11/google-backed-indian-delivery-startup-dunzo-suffers-data-breach/

 

C-Data

Researchers discovered possible intentional backdoors in the firmware of 29 FIber-To-The-Home Optical Line Termination devices from Chinese vendor C-Data. ZDNet: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/

 

Citrix

Hackers are scanning the internet looking for vulnerable Citrix installations after the company patched 11 security bugs in its network perimeter products. The Register: https://www.theregister.com/2020/07/09/citrix_bugs_proof_of_concept_exploits/

 

KingComposer

KingComposer, creators of a popular WordPress plugin, patched the software because of a cross-site scripting vulnerability. ZDNet: https://www.zdnet.com/article/kingcomposer-wordpress-plugin-patches-xss-flaw-impacting-100000-websites/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.