Weekly Breach Report – Jun 15th

Jun 15, 2020By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

DigiLocker

The Indian government announced that it had addressed a critical security vulnerability in secure document wallet service Digilocker. The Hacker News:https://thehackernews.com/2020/06/aadhar-digilocker-hacked.html

 

Emergency Services

Hackers belonging to the Magecart group are leveraging misconfigured AWS S3 buckets to drop malware into emergency service-related websites. The Hacker News: https://thehackernews.com/2020/06/magecart-skimmer-amazon.html

 

BellTroX InfoTech Services

An Indian IT company targeted government officials in Europe as well as investors in the United States via a range of cybersecurity attacks. Reuters:https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive-idUSKBN23G1GQ

 

CrossTalk

Researchers released a new security bug known as CrossTalk that impacts Intel’s mobile, desktop and server CPUs. https://www.zdnet.com/article/new-crosstalk-attack-impacts-intels-mobile-desktop-and-server-cpus/

 

Nintendo

As a result of a continuing investigation, Nintendo almost doubled its estimate of the number of user accounts compromised by hackers from 160,000 to 300,000. TechCrunch: https://techcrunch.com/2020/06/09/nintendo-accounts-affected-breach/

 

Babylon Health

Babylon, a British telehealth start-up, confirmed that a “software error” in an audio and video feature caused a “small number” of UK users to see other users’ sessions. TechCrunch:

https://techcrunch.com/2020/06/10/babylon-health-admits-software-error-led-to-patient-data-breach/

 

Fitness Depot

Canadian retailer Fitness Depot told customers that their personal and financial information was stolen following a breach that affected the company’s e-commerce platform last month. Bleeping Computer:

https://www.bleepingcomputer.com/news/security/fitness-depot-hit-by-data-breach-after-isp-fails-to-activate-the-antivirus/

 

Honda

The Japanese car maker announced that a cyberattack had disrupted internal networks and brought some of its global assembly plants to a standstill. BBC: https://www.bbc.com/news/technology-52982427

 

Florence Alabama

In May, KrebsOnSecurity alerted local-government officials in Florence, Alabama, that hackers had broken into their IT systems — a warning that was ignored. Last Friday, the hackers deployed ransomware and demanded $300,000 in Bitcoin. KrebsOnSecurity: https://krebsonsecurity.com/2020/06/florence-ala-hit-by-ransomware-12-days-after-being-alerted-by-krebsonsecurity/

 

Facebook Messenger for Windows

Researchers disclosed details of a vulnerability in Facebook Messenger for Windows. The Hacker News: https://thehackernews.com/2020/06/facebook-malware-persistence.html 

 

Lion

This Australian beverage company announced that a cyberattack had taken systems offline, and the company is still recovering from the attack. Food and Drink Business: https://www.foodanddrinkbusiness.com.au/news/lion-hit-by-cyber-attack

 

Enel Group

This European energy company experienced a ransomware attack that impacted its internal network. BleepingComputer: https://www.bleepingcomputer.com/news/security/power-company-enel-group-suffers-snake-ransomware-attack/

 

City of Knoxville 

The city of Knoxville shut down its entire computer network after a ransomware attack targeted city offices. BleepingComputer: https://www.bleepingcomputer.com/news/security/city-of-knoxville-shuts-down-network-after-ransomware-attack/

 

Windows 10

Windows 10 admins are reporting that Microsoft’s most recent “Patch Tuesday” updates caused problems with a range of enterprise printers. ZDNet:https://www.zdnet.com/article/windows-10-printer-mystery-more-complain-june-patch-tuesday-is-causing-havoc/

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.