18 Sept 2020 | Asia Cyber Summary

In the spotlight this week: 

  • Razer experiences server misconfiguration

  • Grab issued stern warning and steep fine following fourth data breach

  • WordPress plugin breach

  • Zerologon bug patched by Microsoft

Razer Experiences Server Misconfiguration, Allowing Public Access 

Personal and shipping information as well as order details of 100,000 Razer customers around the world were in danger of being exposed due to a server misconfiguration issue. While no credit card numbers or passwords were revealed, the information was available online for public access since August 18. The case is currently under review with Singapore’s Personal Data Protection Commission.

Grab’s Fourth Privacy Breach: A Cause for Concern

Ride-hailing company Grab has been fined SGD $10,000 by Singapore’s Personal Data Protection Commission for its fourth breach since 2018. The data breach that exposed the personal data of more than 21,500 users including profile pictures, names, wallet balance, and the vehicle number plate was patched within an hour. However, for a company that processes large volumes of personal information,  this is a significant cause for concern. The commission ordered Grab and its mobile applications to implement a “data protection by design policy” where developers consider data and privacy issues at the design phase. 

WordPress Under Attack

Millions of WordPress sites are being probed in automated attacks looking to exploit a recently discovered plugin vulnerability. This zero-day bug affects File Manager which, as the name suggests, is a plugin that helps users to manage files on their WordPress sites. The plugin has been installed more than 700,000 times, and WordFence estimates that 37% of sites are still running a vulnerable version. 

Attacks against this vulnerability have increased dramatically over this past week with over one million attacks on September 4th itself.  Sites not using this plugin are still being probed by bots looking to identify and exploit vulnerable versions of the File Manager plugin.

Nearly 2000 Magento 1 Stores Hacked Over the Weekend

In the last 7 days around 2,000 Magento stores that were running Magento version 1 have been compromised in an attack nicknamed "CardBleed". Version 1 was announced as “end-of-life” in June however an estimated 95,000 stores still rely on this version, indicating that the impact of this attack is likely going to increase over the coming weeks. The attack follows the usual kill chain observed against Magento: an automated scanner identifies the vulnerable site then fires a remote code exploit. Following this, malware is installed and the threat actor copies card information as it is entered and sends it back to their database.

Zerologon Attack Allows Hackers to Takeover Enterprise Networks

Last month, Microsoft patched one of the most severe bugs ever reported to the company – an issue that could be abused to easily take over Windows Servers running as domain controllers in enterprise networks. The vulnerability received the maximum severity rating of 10, but details were never made public, meaning users and IT administrators never know how dangerous the issue really was. 

According to Secura experts, the bug, which they named “Zerologon”, takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process. This bug allows an attacker to manipulate Netlogon authentication procedures and:

  • Impersonate the identity of any computer on a network when trying to authenticate against the domain controller

  • Disable security features in the Netlogon authentication process

  • Change a computer's password on the domain controller's Active Directory (a database of all computers joined to a domain, and their passwords)

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.