Watchtower Weekly InfoSec Roundup: July 16 to July 22
Cyber Attacks & Breaches
(Reuters) July 16th
Bulgaria’s finance minister apologized to the country after admitting hackers had stolen millions of taxpayers’ financial data in an attack that one researcher said may have compromised nearly every adult’s personal records.
(SC Magazine) July 17th
A new addition to the data breach reference website “Have I Been Pwned?” seemingly reveals that more than 100 million accounts were compromised in this year’s data breach of the event-planning service Evite.
(isBuzz News) July 17th
It has been reported that American telecommunications provider Sprint has suffered a data breach, telling customers that hackers broke into their accounts through a Samsung website. The company said it re-secured all compromised accounts by resetting PIN codes.
(SPAMfighter) July 18th
The civil service system of Taiwan reported an incident of an information security breach where personal information of more than 240,000 civil servants was compromised. The data from the information breached has been made available on foreign websites.
(Beckers Hospital Review) July 18th
Clinical Pathology Laboratories began notifying 2.2 million patients that their personal health information may have been exposed in a vendor data breach. The information affected included names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information and treatment provider information.
(Tech Crunch) July 18th
In 2015, Slack said it was hit by hackers who gained access to its user profile database, including their scrambled passwords. But the hackers inserted code that scraped the user’s plaintext password as it was entered by users at the time.
(Krebs on Security) July 19th
Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data. Unfortunately, the company appears to be turning a deaf ear to the increasingly anxious cries from its users.
(Forbes) July 20th
The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing.
(coindesk) July 22nd
QuickBit, a Swedish cryptocurrency exchange listed on the NGM Nordic MTF market, allegedly leaked 300,000 customer records via an unprotected MongoDB database. The exchange confirmed the event in a series of updates on their investor relations board.
Vulnerabilities & Exploits
(SC Magazine) July 16th
A critical security flaw in a WordPress plugin allows threat actors to remotely execute PHP code. The vulnerability is found in the Ad Inserter plugin, a plugin that is currently installed in more than 200,000 sites, and stems from the use of the check_admin_referer() for authorization.
(Dark Reading) July 17th
A team of Boston University researchers discovered a vulnerability in several Bluetooth devices that can make location and other sensitive data available to third parties. The vulnerability exists in devices running Windows 10, iOS, and MacOS, as well as Fitbit and Apple Watch.
(SC Magazine) July 18th
Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system.
(Computing) July 19th
BlackBerry Cylance has acknowledged the threat posed by an exploit to its anti-virus software, and has pledged to rush-out a fix. However, users will have to wait a week before the hot-fix is available.
(SC Magazine) July 19th
Researchers have reported a vulnerability in the Android versions of WhatsApp and Telegram that could allow malicious actors to manipulate media files sent via the apps. This flaw could allow attackers to alter photographs, modify invoices, swap out files, or potentially manipulate audio messages.
(BleepingComputer) July 22nd
More than one million ProFTPD servers are vulnerable to remote code execution and information disclosure attacks that could be triggered after successful exploitation of an arbitrary file copy vulnerability.
Risks & Warnings
(The Hacker News) July 16th
Security researchers have discovered a rare piece of Linux spyware that's currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware.
(The Hacker News) July 10th
Dubbed Spearphone, the newly demonstrated attack takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions.
(SC Magazine) July 17th
Researchers have sniffed out a malware framework that targets major browsers installed on Windows machines and has generated more than 1 billion false Google AdSense impressions in the past three months alone.
(ZDNet) July 18th
Banks and financial institutions around the world are being targeted by a new email phishing campaign which uses an unusual technique as part of its attacks. If users open the attachments, they're immediately redirected to a malicious site requesting sensitive information.
(SC Magazine) July 18th
In 2016, Mirari took down a major DNS provider and since has branched out into more than 60 known variants and taken aim at enterprises. New variants have the potential to impact cloud servers and heavily compromise information and insurance services and more.