Weekly Breach Report – Jun 8th

Jun 8, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

VMware

Researchers disclosed details of a vulnerability in VMware Cloud Director, a widely used deployment, automation and management software. The Hacker News: https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html

SAP

SAP patched vulnerabilities in its Sybase Adaptive Server Enterprise after discovering the issues during a security test of the product. The Hacker News:https://thehackernews.com/2020/06/newly-patched-sap-ase-flaws-could-let.html

USBCulprit

Researchers discovered this new Chinese APT that relies on USB media to exfiltrate data from air-gapped systems. The Hacker News: https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html

Joomla

The team behind this firm’s open-source content-management system announced a security breach. ZDNet: https://www.zdnet.com/article/joomla-team-discloses-data-breach/

8Belts

Researchers found a misconfigured AWS S3 bucket exposed on the internet that belongs to this Spanish e-learning platform, used by hundreds of thousands of students globally. Security: https://www.securitymagazine.com/articles/92494-000s-of-e-learning-students-exposed-in-8belts-data-breach

Bharat Interface for Money

A data breach at this Indian mobile-payment app exposed the personal and financial data of millions of users across the country. Infosecurity: https://www.infosecurity-magazine.com/news/indian-payment-app-bhim-data-breach/

Westech International

Hackers stole confidential documents from this U.S. nuclear-missile contractor in a cyberattack. Infosecurity: https://www.infosecurity-magazine.com/news/cyberattack-on-us-nuclear-missile/

Amtrak

Amtrak disclosed a data breach that may have compromised personal information. ZDNet:https://www.zdnet.com/article/amtrak-discloses-data-breach-potential-leak-of-sensitive-customer-information/

Passwords

A recent study found that only one-third of users change their passwords following a data breach announcement. ZDNet: https://www.zdnet.com/article/after-a-breach-users-rarely-change-their-passwords-study-finds/

WordPress

Attackers unsuccessfully targeted 1.3m WordPress websites over the weekend in an attempt to download configuration files and database credentials. Threatpost: https://threatpost.com/attackers-target-1m-wordpress-sites-to-harvest-database-credentials/156255/

San Francisco Employee’s Retirement System

The city workers’ pension fund reported a data breach that impacted 74,000 members. GovTech: https://www.govtech.com/public-safety/San-Francisco-Pension-Data-Breach-May-Have-Exposed-Bank-Info.html

CPA Canada

Chartered Professional Accountants of Canada is notifying members of a data-security incident that affected personal information held by the organization. CPA Practice Advisor: https://www.cpapracticeadvisor.com/accounting-audit/news/21141038/cpa-canada-data-breach-affects-329000-members

Digital Management

Ransomware gang DopplePaymer announced that it had breached a network belonging to Digital Management, an IT-service provider to NASA, among others. JDSupra: https://www.jdsupra.com/legalnews/nasa-contractor-breached-by-ransomware-20839/

Windows 10

A US-government cybersecurity agency is warning Windows 10 users that their systems are still vulnerable to a three-month-old security flaw. Forbes:https://www.forbes.com/sites/daveywinder/2020/06/06/windows-10-critical-exploit-now-confirmed-months-after-microsofts-emergency-security-update-smbghost-cisa-warning/#43a2bb4b744e

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.