Entersoft Security Blog

Recent Hacks You May Have Missed

Posted by Angad Gill on May 4, 2018 11:06:04 PM

Hacks

When it comes to cybersecurity, 2018 has not been a great year so far with the whole Facebook fiasco and numerous compromised ICOs (more on that here). There are bigger hacks that generate noise and get a lot of attention and there a few smaller ones that go unnoticed. Here's a brief round up of some breaches from last month.

1. Under Armour announced 150 million accounts  were compromised in data breach

Sportswear brand Under Armour announced that its subsidiary MyFitnessPal was affected in a significant data beach, compromising as many as 150 million accounts. Account information involved in the breach includes user names, email addresses, and hashed passwords, but no financial information like credit card numbers or government or identifiers like social security numbers. Source

2. Hackers Steal $150K After Infiltrating Popular Ethereum Wallet

The Ethereum wallet developer confirmed on Tuesday morning that thieves redirected DNS lookups for its dot-com to a malicious website masquerading as the real thing. That meant some people logging in to MyEtherWallet.com were really connecting to a bogus site and handing over their details to criminals, who promptly drained ETH from their marks' wallets. Source

3. Hotel door locks worldwide were vulnerable to hack

Millions of electronic door locks fitted to hotel rooms worldwide have been found to be vulnerable to a hack. Researchers say flaws they found in the equipment's software meant they could create "master keys" that opened the rooms without leaving an activity log. Source

4. Millions of Chrome Users Have Installed Malware Posing as Ad Blockers

Andrey Meshkov, the cofounder of ad-blocker AdGuard, took a look at the script in some popular ad-blocking knockoffs and found some shady business. Source

5. US, UK warn of Russian hackers targeting millions of routers

Russian spies are looking for vulnerabilities in routers for future attacks. Officials are urging people, and device makers, to take security measures. Source

6. The world’s most popular YouTube video was hacked

Hackers have managed to deface an array of popular YouTube music videos, changing titles and thumbnail images. Amongst the victims was the most-viewed YouTube video of all time, “Despacito” by Puerto Rican singer Luis Fonsi featuring rapper Daddy Yankee. Source

7. Global cyberattack targets 200,000 network switches

Iran's Communication and Information Technology Ministry reported that it was a victim in a global cyberattack that compromised about 200,000 Cisco switches that hadn't yet received patches for exploits in the company's legacy Smart Install protocol. Source

8. Twitter urges all users to change passwords after glitch

Twitter Inc urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as “hashing”. Source

9. Indian Bitcoin Exchange Coinsecure Claims ‎$3.5 Million ‎Lost in Insider Hack

Nearly $3.5 million in bitcoin were stolen by suspected insiders who broke into Indian ‎cryptocurrency exchange Coinsecure. The digital currency venue suspended ‎operations on Friday while it investigates the breach, saying it was working with ‎Delhi Police’s Cyber Cell.‎ Source

10. New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia

Symantec has identified a new attack group dubbed Orangeworm deploying the Kwampirs backdoor in a targeted attack campaign against the healthcare sector and related industries. Source

11. New Matrix Ransomware Variants Installed Via Hacked Remote Desktop Services

Two new Matrix Ransomware variants were discovered that were being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space. Source