Nightfall Weekly InfoSec Roundup: July 16 to July 22

Cyber Attacks & Breaches

  • Telecoms Giant Sprint Suffers Data Breach via Samsung Website
    (isBuzz News) July 17th
    It has been reported that American telecommunications provider Sprint has suffered a data breach, telling customers that hackers broke into their accounts through a Samsung website. The company said it re-secured all compromised accounts by resetting PIN codes.

  • Ministry of Civil Service of Taiwan suffered from data breach
    (SPAMfighter) July 18th
    The civil service system of Taiwan reported an incident of an information security breach where personal information of more than 240,000 civil servants was compromised. The data from the information breached has been made available on foreign websites.

  • Clinical Pathology Laboratories alerts 2.2 million patients of data breach
    (Beckers Hospital Review) July 18th
    Clinical Pathology Laboratories began notifying 2.2 million patients that their personal health information may have been exposed in a vendor data breach. The information affected included names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information and treatment provider information.

  • Slack resets user passwords after 2015 data breach
    (Tech Crunch) July 18th
    In 2015, Slack said it was hit by hackers who gained access to its user profile database, including their scrambled passwords. But the hackers inserted code that scraped the user’s plaintext password as it was entered by users at the time.

  • QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack
    (Krebs on Security) July 19th
    Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data. Unfortunately, the company appears to be turning a deaf ear to the increasingly anxious cries from its users.

  • Exchange QuickBit Confirms Data Breach May Impact 300K Users
    (coindesk) July 22nd
    QuickBit, a Swedish cryptocurrency exchange listed on the NGM Nordic MTF market, allegedly leaked 300,000 customer records via an unprotected MongoDB database. The exchange confirmed the event in a series of updates on their investor relations board.

Vulnerabilities & Exploits

  • Critical WordPress plugin flaw leaves 200,000 sites at risk
    (SC Magazine) July 16th
    A critical security flaw in a WordPress plugin allows threat actors to remotely execute PHP code. The vulnerability is found in the Ad Inserter plugin, a plugin that is currently installed in more than 200,000 sites, and stems from the use of the check_admin_referer() for authorization.

  • Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
    (Dark Reading) July 17th
    A team of Boston University researchers discovered a vulnerability in several Bluetooth devices that can make location and other sensitive data available to third parties. The vulnerability exists in devices running Windows 10, iOS, and MacOS, as well as Fitbit and Apple Watch.

Risks & Warnings

  • EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users
    (The Hacker News) July 16th
    Security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware.

  • Mirai malware sets sights on enterprise IoT devices ripe for picking
    (SC Magazine) July 18th
    In 2016, Mirari took down a major DNS provider and since has branched out into more than 60 known variants and taken aim at enterprises. New variants have the potential to impact cloud servers and heavily compromise information and insurance services and more.


Join us next week for the next edition of Watchtower’s Weekly InfoSec Roundup!

Share this post: