The Month in Hacks: February 2017

"Cloudbleed" affects over five million sites, the voice recording of two million children are breached and Polish banks get malware - sent by the organization that regulates them. It's all this and more in The Month in Hacks.

Millions of Sites Affected by Severe Security Vulnerability Called "Cloudbleed"

CloudFlare, a web security provider that helps over 5.5 million sites improve their safety and performance, was found to have a severe security vulnerability that may have exposed passwords, as well as cookies and tokens used to authenticate users. CloudFlare's servers had an overflow issue that caused private data to be returned after a request, with many search engines caching the leaked information.

While the extent of exposed details is still being assessed, companies recommend that users change their passwords to avoid compromising any further data. Here a simple tool to see if a site was affected by Cloudbleed.

CloudPets Voice Recordings Held for Ransom by Hackers

California-based Spiral Toys was targeted by hackers after they left customer data in a publicly available database that wasn't encrypted or password protected. The database contained more than two million recordings saved from CloudPets, their line of stuffed animal toys that allow children and relatives to send recorded voicemails back and forth. Over 820,000 user email addresses and passwords may have also been compromised.

Iraqi Hacker Defaces Trump's Fundraising Website

Iraqi hacker Pro_Mast3r~ gained access to Donald Trump's official fundraising website during the CloudFlare security vulnerability. He or she then changed the screen to an image of a man in a black hat and the following message:

"Hacked by Pro_Mast3r

Attacker Gov

Nothing Is Impossible

Peace From Iraq"

Ars Technica confirmed that the server was an official Trump campaign server. The server was quickly taken offline, although the Trump-Pence campaign staff have released no official comment.

The Scope of Yahoo's Data Breaches Broaden

Following in the wake of the series of mega breaches that struck Yahoo in the past months, the company this month sent a warning to some customers that, attackers have accessed accounts through a sophisticated cookie forging attack.

The newest hack was the result of a security flaw in Yahoo's mail service that allowed hackers to use a forged cookie to gain access to accounts. The number of accounts affected by the forged cookie is still unknown.

Wordpress Helps Most Users Prevent Hack with Security Patch

In early February, Wordpress found a critical zero-day flaw in their code and worked quickly with security companies to create and install a patch to keep users' sites and data secure. However, despite these efforts, thousands of admins did not update their websites with the new patch, leaving them vulnerable to hacker exploitation.

Sites that weren't updated with the new patch saw hackers replacing their content with "Hacked by" messages or using their site to spread spam and gain rankings in search engines. Administrators who haven't updated their websites to release 4.7.2 are recommended to do so immediately to prevent further hacks.

Hackers Get Eyes and Ears into Ukrainian Businesses

A large-scale malware campaign called "Operation BugDrop" has infiltrated the computers of over 70 Ukrainian businesses, giving hackers access to sensitive data and allowing them to capture audio recordings using the hacked computers' microphones. Businesses affected by the hack include oil and gas, engineering, counter-terrorism, and scientific research firms. The group responsible for the hack still hasn't been identified, but given the scale and sophistication of the attacks, security firms believe them to be backed by an organization with significant resources.

Zerocoin Programmers Make a Typo and Lose over $500,000

Zerocoin, a Bitcoin extension that makes Bitcoin transactions completely private and untraceable, lost 370,000 Zerocoin ($585,000) because of a simple typo in their code. Due to one additional character in the code, a hacker was able to reuse valid proofs to complete the same transaction over and over. While the company is trying to track the hacker responsible for the theft, he or she was careful to cover their tracks, making the recovery of the stolen Zerocoin highly unlikely.

Hackers Use Social Engineering to Gain Access to IDF Soldiers' Phones

The Android phones of over 100 Israeli servicemen from the Israeli Defense Force have been hacked using spyware, resulting in access to high-value data and audio recordings. Soldiers were targeted on social messaging apps by hackers posing as women from different countries and were encouraged to download trojans disguised as chat apps SR Chat and YeeCall Pro.

Once the spyware was installed, hackers could remotely control the phone's microphone and camera. The hackers responsible for the infiltration have not been identified.

Poland's Financial Regulator Inadvertently Triggers a Massive Attack on Financial Sector

Twenty commercial banks across Poland were the targets of a malware infection, delivered to them by the organization tasked to regulate them. Hackers modified a Javascript file on the Polish Financial Supervision Authority (KNF) site, causing banks to download a malicious Javascript file instead. The undetectable malware was able to mine data from the banks, although the full effects are still unknown. Fortunately, it's unlikely that customers funds were compromised in the attack.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.