Weekly Breach Report – June 1st

Jun 1, 2020By Shaina Raskin

Breach Report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Unc0ver tool

Hackers released a new version of the unc0ver jailbreaking tool that can unlock all iPhones, including those running the latest iOS 13.5. The Hacker News: https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html

Android OS

Researchers described details of a new and critical vulnerability that impacts the Android operating system. The Hacker News: https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html

LiveJournal

A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. ThreatPost:

https://threatpost.com/hackers-sell-data-livejournal-dark-web/156063/

Hack-for-hire Firms

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing spear-phishing email campaigns, Google’s Threat Analysis Group said Wednesday. CyberScoop:

https://www.cyberscoop.com/coronavirus-phishing-scheme-google-india-world-health-organization/

Bank of America

Bank of America notified customers of a data breach impacting Paycheck Protection Program loan applications. PYMNTS.com: https://www.pymnts.com/safety-and-security/2020/bank-of-america-experiences-potential-data-breach-with-ppp-applications/

Wichita State University

A data breach impacting current and former students of Wichita State University is now the subject of a federal lawsuit. Government Technology: https://www.govtech.com/security/Kansas-University-Data-Breach-Affects-Current-Former-Students.html

Arbonne International

This multi-level marketing company disclosed a data breach that impacted 3,500 California residents. Security Boulevard: https://securityboulevard.com/2020/05/airbonne-international-discloses-data-breach-affecting-thousands-of-californians/

NTT Communications

This Japan-based multinational, one of the world’s largest suppliers of telecoms and IT-services, revealed that attackers had stolen data from internal systems, affecting over 600 customers. Infosecurity:

https://www.infosecurity-magazine.com/news/ntt-warns-600-customers-hit-in/

Minted

Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace. Bleeping Computer:

https://www.bleepingcomputer.com/news/security/minted-discloses-data-breach-after-5m-user-records-sold-online/

Cisco Systems

Cisco said that attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which is used in some Cisco networking products. Threatpost:

https://threatpost.com/hackers-compromise-cisco-servers-saltstack/156091/

Anonymous

The Minneapolis Police Department’s website has shown signs of a cyberattack since late Saturday, days after a video purported to be from the hacktivist group Anonymous promised retribution for the death of George Floyd during an arrest. Bloomberg: https://www.bloomberg.com/news/articles/2020-05-31/anonymous-says-it-ll-expose-minneapolis-police-website-hacked

Russian Hackers

A new report from the US National Security Agency reveals that a group of Russian hackers associated with that government’s military-intelligence agency, GRU, has been exploiting a technical vulnerability to hack into American computers. Salon:

https://www.salon.com/2020/05/30/an-infamous-russian-hacker-group-is-hijacking-mail-servers/

Daniel’s Hosting

A hacker has leaked online the database of Daniel’s Hosting, the largest free web-hosting provider for dark-web services. ZDnet:

https://www.zdnet.com/article/hacker-leaks-database-of-dark-web-hosting-provider/

Home Chef

Hackers leaked Home Chef’s customer records, including emails, names, phone numbers and encrypted passwords. OODA Loop: https://www.oodaloop.com/briefs/2020/05/26/home-chef-serves-up-data-breach-for-8-million-records/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.