Weekly Breach Report – Jul 20th

Jul 20, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Twitter

Twitter accounts of major companies and VIP users were compromised in one of the most significant Twitter breaches to date. New York Times:

https://www.nytimes.com/2020/07/15/technology/twitter-hack-bill-gates-elon-musk.html

 

Chingari app

Researchers discovered a critical vulnerability in an Indian TikTok clone called Chingari. The vulnerability enables anyone to hijack any user account and change information. The Hacker News: https://thehackernews.com/2020/07/hack-chingari-app-account.html

 

MGM Resorts

A hacker is selling details of 142 million MGM hotel guests on the dark web. ZDNet:https://www.zdnet.com/article/a-hacker-is-selling-details-of-142-million-mgm-hotel-guests-on-the-dark-web/

 

SAP

SAP patched a critical vulnerability in its NetWeaver Application Server Java platform. The flaw enabled attackers to take control of SAP applications running on top of NetWeaver. The Hacker News: https://thehackernews.com/2020/07/sap-netweaver-vulnerability.html

 

Windows DNS Servers

Researchers disclosed a 17-year-old remote-code-execution flaw in Windows Server versions from 2003 to 2019. The Hacker News: https://thehackernews.com/2020/07/windows-dns-server-hacking.html

 

Data Viper

A hacker claims to have stolen more than 8,200 databases from this US cybersecurity firm’s data-leak monitoring service. ZDNet: https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/

 

Evil Corp

This Russian hacking group is launching ransomware attacks against several US companies, targeting employees who are working from home due to COVID-19. BBC:

https://www.bbc.com/news/world-us-canada-53195749

 

COVID-19 research centers

US, UK, and Canadian officials are warning that Russian hackers have been targeting organizations developing coronavirus vaccines. CNN: https://www.cnn.com/2020/07/16/politics/russia-cyberattack-covid-vaccine-research/index.html

 

Elyments

A DDoS attack targeted this new Indian social-media application, with some 2m malicious requests hitting the platform every minute. Deccan Herald: https://www.deccanherald.com/specials/elyments-recovers-from-cyber-attack-sees-surge-in-user-base-862055.html

 

Israel’s water system

In the past two weeks, Israel’s water infrastructure was hit by two cyberattacks. No damage to the water systems occurred. Times of Israel: https://www.timesofisrael.com/cyber-attacks-again-hit-israels-water-system-shutting-agricultural-pumps/ 

 

LiveAuctioneers

This US online antiques marketplace announced that it had suffered a data breach that impacted the personal data and passwords of millions of users. The Daily Swig: https://portswigger.net/daily-swig/liveauctioneers-data-breach-millions-of-cracked-passwords-for-sale-say-researchers

 

Telecom SA Argentina

A ransomware attack hit Argentina’s largest telecoms company. The hackers demanded US$7.5m in Monero cryptocurrency. Cryptonews:

https://cryptonews.com/news/hackers-hack-telecom-argentina-demand-usd-7-5-million-in-mon-7161.htm

 

Ripoff Report

A hacker who attempted to extort Ripoff Report, a consumer-advocacy company, was extradited to the US to face charges. ZDNet:

https://www.zdnet.com/article/hacker-behind-ripoff-report-extortion-attempt-extradited-to-the-us/

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.