Weekly Breach Report – Jun 29th

Jun 29, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Chrome browser extensions

Google removed 106 extensions from the Chrome Web Store that illegally collected sensitive user data. The Hacker News: https://thehackernews.com/2020/06/chrome-browser-extensions-spying.html 

 

Indonesia

The Indonesian government denies claims that COVID-19 tests leaked online, but it is nonetheless investigating the alleged hack. Straits Times: https://www.straitstimes.com/asia/se-asia/indonesia-probing-alleged-covid-19-test-data-breach

 

Google analytics

Hackers are exploiting Google Analytics to steal credit-card information from hacked e-commerce sites. The Hacker News: https://thehackernews.com/2020/06/google-analytics-hacking.html 

 

Docker Hub

Hackers are distributing cryptominers using Docker containers and leveraging the Docker Hub repository to distribute the images. The Hacker News:https://thehackernews.com/2020/06/cryptocurrency-docker-image.html 

 

GeoVision

GeoVision patched critical vulnerabilities in its video surveillance systems and IP cameras. The Hacker News: https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html

 

Cryptocurrency exchanges

The Eastern European CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges. ZDNet: 

https://www.zdnet.com/article/cryptocore-hacker-group-has-stolen-more-than-200m-from-cryptocurrency-exchanges/

 

Julian Assange

WikiLeaks’ Julian Assange has been charged with recruiting and conspiring with hackers. CNet:

https://www.cnet.com/news/wikileaks-julian-assange-charged-with-recruiting-and-conspiring-with-hackers/

 

Fake COVID-19 contract tracing

Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software. National Post:

https://nationalpost.com/news/canada/hackers-target-canadians-with-fake-covid-19-contact-tracing-app-disguised-as-official-government-software

 

Evil Corp

This Russian hacking group has launched ransomware attacks against several US companies, targeting employees working from home due to COVID-19. BBC:

https://www.bbc.com/news/world-us-canada-53195749

 

Stalker Online

Hackers put 1.2M user records from the Stalker Online MMO game up for purchase on a forum. Daily Star: https://www.dailystar.co.uk/tech/gaming/stalker-online-data-breach-exposes-22232009

 

BlueLeaks

Almost 270 gigabytes of potentially sensitive police files, dubbed BlueLeaks, were posted online last week after a security breach at a Texas web-design and hosting company. Krebs on Security: https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/

 

Cano Health

A cybersecurity breach at Cano Health, a Florida senior care provider, went unnoticed for two years and exposed patient data. Infosecurity Magazine:https://www.infosecurity-magazine.com/news/2year-data-breach-at-florida/

 

Preen.Me

A data breach at social-media marketing firm Preen.Me exposed the personal data of 100,000 social-media influencers. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/data-breach-social-media/

 

Twitter

Twitter notified business customers that their personal information might have been compromised in a security incident. TechNewsWorld: https://www.technewsworld.com/story/86726.html

 

Aspire News App

Researchers discovered a major breach of victims’ and other personal data from a domestic-violence prevention app built by non-profit When Georgia Smiled. Security Magazine: https://www.securitymagazine.com/articles/92697-domestic-abuse-prevention-app-exposes-victims-in-massive-data-breach

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.