Data Security Blog Articles
Keeping You Up-To-Date With The Latest Security & Compliance News
Data Security
October 30th
9:30AM
Data Breach Report: September 29th 2019
Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world.
Data Breach Report: September 29th 2019
Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world.
Baltimore Ransomware
The city of Baltimore was encountered with a ransomware attack in early May. Balitmore’s systems vulnerable to Eternalblue, which exploits a vulnerability in SMBv1 servers, commonly found in Windows XP and Vista systems. The attackers went after their online services and records and demanded 13 bitcoins to unlock the data. The city rejected the ransom and has spent more than $18.2 million to recover. Baltimore’s information technology department stated that outdated proper backup method was the primary reason for the loss of data.
Root Cause
Robinhood ransomware utilizes the Eternalblue exploit to stop key windows system functions that control repair tools and security controls. The ransomware then proceeds to encrypt system files and finishes by deleting log files. Outdated proper backups did not allow for the easiest method of dealing with ransomware: simply restoring systems from backups.
Security Impact
The city government’s assets were rendered unusable and due to lack of backups, incurred massive expenses to restore everything as the city government refused to pay the ransom.
Solution
Organizations must ensure that proper onsite and offsite backups are made regularly to avoid complete data loss.
Door Dash
The food delivery company DoorDash revealed that 4.9 million customers, delivery workers, and merchants have had their information stolen this past May. The company noticed unusual activity in the beginning of September and realized what had happened. An unauthorized third party accessed consumer data such as password hashes, names, email addresses, customer addresses, order history, and phone numbers. DoorDash has since added further security measures to improve its ability to recognize these threats. The company also suggested users to reset their passwords as well as being cautious with sharing your personal information online.
Root Cause
A 3rd party solution provider that worked with DoorDash was compromised.
Security Impact
A 3rd party solution provider that worked with DoorDash was compromised.
Solution
Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly.
A flaw was discovered in the Android version of WhatsApp that allows for privilege escalation and remote code execution on vulnerable devices using malicious GIFs. For the attack to work, the victim need only download the GIF and open the WhatsApp Gallery. The attack utilizes a double-free bug, which involves calling to the same memory location twice, which can open a vulnerability. Avoid the use of GIFS in WhatsApp, update WhatsApp to the latest version as soon as possible, or avoid use altogether.
Root Cause
There are two attack vectors that were used: Local privilege escalation and remote code execution. Local privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access. Remote code execution is an attacker's ability to execute arbitrary commands or code on a target machine or in a target process.
Security Impact
Millions of devices are vulnerable to potential root control due to the security flaws in WhatsApp.
Solution
Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly
Word With Friends
More than 218 million Words with Friends accounts were hacked in the month of September. The Pakistani hacker, known as Gnosticplayers, had previously stolen data from 45 online services earlier in 2019. He has now claimed to have hacked Zynga Inc. Zynga is one of the world’s most popular gaming companies and has over a billion people playing their games. The breach affected any iOS and Android users who downloaded the game before September 2nd this year. The company revealed the hacker got access to emails, login names, and passwords. Since then, Zynga has taken precautions to protect consumer accounts and requested people to update their passwords. Same passwords used across other sites and accounts should also be changed.
Root Cause
Proper security controls to ensure that data was not compromised were not in place and were not properly audited.
Security Impact
A 3rd party solution provider that worked with DoorDash was compromised.
Solution
Change all account passwords that share a password to a Zynga account immediately.
What Our Customers Say
☆☆☆☆☆ 5/5
Previous
Next
Make Our Team, Your Team!
Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.