Data Security Blog Articles

Keeping You Up-To-Date With The Latest Security & Compliance News

Breach Report September 2019

Data Security

October 30th

9:30AM

Data Breach Report: September 29th 2019

Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world. 

Data Breach Report: September 29th 2019

Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world. 

Baltimore Ransomware

The city of Baltimore was encountered with a ransomware attack in early May. Balitmore’s systems vulnerable to Eternalblue, which exploits a vulnerability in SMBv1 servers, commonly found in Windows XP and Vista systems. The attackers went after their online services and records and demanded 13 bitcoins to unlock the data. The city rejected the ransom and has spent more than $18.2 million to recover. Baltimore’s information technology department stated that outdated proper backup method was the primary reason for the loss of data. 

Root Cause

Robinhood ransomware utilizes the Eternalblue exploit to stop key windows system functions that control repair tools and security controls. The ransomware then proceeds to encrypt system files and finishes by deleting log files. Outdated proper backups did not allow for the easiest method of dealing with ransomware: simply restoring systems from backups. 

Security Impact

The city government’s assets were rendered unusable and due to lack of backups, incurred massive expenses to restore everything as the city government refused to pay the ransom.

Solution

Organizations must ensure that proper onsite and offsite backups are made regularly to avoid complete data loss.

Door Dash

The food delivery company DoorDash revealed that 4.9 million customers, delivery workers, and merchants have had their information stolen this past May. The company noticed unusual activity in the beginning of September and realized what had happened. An unauthorized third party accessed consumer data such as password hashes, names, email addresses, customer addresses, order history, and phone numbers. DoorDash has since added further security measures to improve its ability to recognize these threats. The company also suggested users to reset their passwords as well as being cautious with sharing your personal information online.  

Root Cause

A 3rd party solution provider that worked with DoorDash was compromised.

Security Impact

A 3rd party solution provider that worked with DoorDash was compromised.

Solution

Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly.

WhatsApp

A flaw was discovered in the Android version of WhatsApp that allows for privilege escalation and remote code execution on vulnerable devices using malicious GIFs. For the attack to work, the victim need only download the GIF and open the WhatsApp Gallery. The attack utilizes a double-free bug, which involves calling to the same memory location twice, which can open a vulnerability. Avoid the use of GIFS in WhatsApp, update WhatsApp to the latest version as soon as possible, or avoid use altogether.

Root Cause

There are two attack vectors that were used: Local privilege escalation and remote code execution. Local privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access. Remote code execution is an attacker's ability to execute arbitrary commands or code on a target machine or in a target process. 

Security Impact

Millions of devices are vulnerable to potential root control due to the security flaws in WhatsApp. 

Solution

Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly

Word With Friends

More than 218 million Words with Friends accounts were hacked in the month of September. The Pakistani hacker, known as Gnosticplayers, had previously stolen data from 45 online services earlier in 2019. He has now claimed to have hacked Zynga Inc. Zynga is one of the world’s most popular gaming companies and has over a billion people playing their games. The breach affected any iOS and Android users who downloaded the game before September 2nd this year. The company revealed the hacker got access to emails, login names, and passwords. Since then, Zynga has taken precautions to protect consumer accounts and requested people to update their passwords. Same passwords used across other sites and accounts should also be changed. 

Root Cause

Proper security controls to ensure that data was not compromised were not in place and were not properly audited. 

Security Impact

A 3rd party solution provider that worked with DoorDash was compromised.

Solution

Change all account passwords that share a password to a Zynga account immediately.

Stay Up To Date

Whether you’re looking to secure your business, or stay PCI compliant, MegaplanIT has the certified team of experts that can help you every step of the way. Follow us to stay up-to-date on the latest security news and trends.

Subscribe To Our Newsletter

The MegaplanIT Team

The Management Team oversees each project, working alongside our IT security specialists to ensure your company has a successful engagement. 

Let Us Assist You

Please leave us a message, and a MegaplanIT qualified expert will contact you shortly.

MAKE OUR TEAM

YOUR TEAM

At MegaplanIT, we understand the demands of your business. You need your data to be accessible to your organization, yet impenetrable from the outside. You also have to comply with increasingly stringent information security regulations, which are vital not only to your security but to your success. On top of that, you’re still, well—running a business.

Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.