Nightfall Weekly InfoSec Roundup: July 30 to August 5

Cyber Attacks & Breaches

• Presbyterian data breach affects some 183,000 patients
  (AlbuquerqueJournal) August 3rd
  Presbyterian Healthcare Services reported a data breach that allowed unauthorized access to personal information belonging to around 183,000 patients and health plan members.
• Stockx was Hacked, Exposing Millions of User Records
  (Tech Crunch) August 3rd
  An unnamed data breached seller contacted TechCrunch claiming more than 6.8 million records were stolen from the site in May by a hacker. The seller declined to say how they obtained the data.
• Education software maker Pearson says data breach affected thousands of accounts in the US
  (Tech Crunch) July 31st
  Pearson, an educational software maker, said that thousands of school and university accounts, mostly in the United States, were affected by a data breach. The company added that it has notified affected users already and that the vulnerability has been fixed.
• Nebraska Insurer, Ameritas: Data Breach Possibly Exposed Customers’ Info
  (Insurance Journal) August 1st
  The insurance and finance company Ameritas has notified customers that their personal information may have been exposed in a data breach. The Lincoln Journal Star reports several employees fell victim to phishing scam.
• A cyber-attack gets $700,000 from the City of Naples
  (FOX 4) August 1st
  Fox 4 has confirmed a major cyber-attack on one of Southwest Florida’s most prominent cities. Naples City Manager Charles T. Chapman IV says the city was the victim of a criminal cyber-attack. He says the thieves got away with $700,000.
• Around 11,000 Summa Health patients PHI possibly got compromised
  (SPAMfighter) July 31st
  Summa Health based in Akron city, Ohio, has discovered that access to email accounts of four employees was gained by an unauthorized individual. Those compromised email accounts contain patients’ PHI (Protected Health Information).
• Clothing Resale Marketplace Poshmark Announces Data Breach
  (Vice) August 1st
  Poshmark, a website focused on letting people sell used clothes, announced hackers had stolen data from the company. The information stolen includes a customer’s username, first and last name, gender, city, clothes size preference, email address, and hashed password, according to the announcement.
• Sephora reports data breach, but few details
  (SC Magazine) July 30th
  Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia. The company does not believe any credit card information was involved nor that any of the data exposed has been used in a malicious manner.
• Nevada students’ information exposed in data breach
  (Las Vegas Review Journal) August 1st
  More than 650,000 Nevada students had personal information exposed in a data breach announced by the state’s two largest school districts, prompting internet safety advocates to urge parental caution with products children use online.
• 1M Payment Cards Exposed in South Korea Breach
  (Dark Reading) August 1st
  Researchers have detected a significant uptick in the amount of South Korean-issued payment card records, with more than 1 million posted for sale on the Dark Web since May 29.

Vulnerabilities & Exploits

• 200 Million Devices Vulnerable to Remote Takeover Via VxWorks Flaw
  (Health IT Security) July 31st
  About 200 million operating on the VxWorks platform, including medical equipment and IoT devices, are vulnerable to remote takeover due to 11 critical vulnerabilities, according to Armis research.
• Chrome 76 Patches 43 Vulnerabilities
  (SecurityWeek) July 31st
  Google released Chrome 76 to the stable channel with 43 security fixes inside, as well as with other safety and privacy enhancements.
• Critical Vulnerabilities Found in Prima FlexAir Access Control System
  (SecurityWeek) July 31st
  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published an advisory to warn of multiple vulnerabilities access control systems made by Prima Systems.
• DHS Alerts to Remote Vulnerabilities in Multiple VPN Applications
  (Health IT Security) July 30th
  Vulnerabilities found in Palo Alto Networks, FortiGuard, and Pulse Secure Virtual Private Network (VPN) applications could allow a remote attack to take control of the affected systems, according to a recent alert from the Department of Homeland Security.
• NVIDIA Issues Windows 10 Warning: Update GeForce, NVS, Quadro And Tesla Drivers Now
  (Forbes) August 3rd
  No less than five security vulnerabilities have been found in the NVIDIA GeForce, NVS, Quadro and Tesla graphics processing unit (GPU) display drivers for Windows.

Risks & Warnings

• Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords
  (The Hacker News) August 3rd
  A team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords.
• 28 Million Android Phones Exposed To ‘Eye-Opening’ Attack Risk
  (Forbes) August 3rd
  Comparitech put 21 separate Android antivirus apps to the test over the course of many weeks to see how well they would stack up against current threats. Some 47% of them failed in one way or other.
• U.S. Issues Hacking Security Alert for Small Planes
  (SecurityWeek) July 30th
  The Department of Homeland Security issued a security alert for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.
• Flaws in Visa contactless cards allow for bypass of anti-fraud checks, researchers warn
  (SC Magazine) July 31st
  Researchers say they discovered a technique for exploiting Visa contactless cards that could allow attackers to bypass certain a pair of anti-fraud “payment checks” that normally require a purchaser’s verification.
• Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking
  (The Hacker News) July 30th
  Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds.

• New Mirai botnet lurks in the Tor network to stay under the radar
  (ZDNet) August 1st
  A new variant of the Mirai botnet has been discovered which utilizes the Tor network to prevent command server takedowns or seizure. Mirai is an Internet of Things (IoT) botnet which has been used in distributed denial-of-service (DDoS) attacks in the past against prominent websites.
• New Lord exploit kit is spreading ‘Eric’ ransomware, according to Malwarebytes
  (computing) August 5th
  Cybersecurity firm Malwarebytes has warned about a new exploit kit, named Lord, which is spreading ransomware via compromised websites. Lord EK was first spotted on 1st August and it was concluded that this exploit kit was part of a malvertising chain (via the PopCash ad network), using a compromised site to redirect potential victims to a malicious landing page.

Join us next week for the next edition of Nightfall’s Weekly InfoSec Roundup!

‍