Ubuntu Hacked and Two Million Passwords Leaked

This week we hear about how Ubuntu was hacked and two million passwords leaked and how a Mac malware steals Keychain passwords.

Breach

Ubuntu Hacked and Two Million Passwords Leaked

It was confirmed on July 15 that Canonical, the commercial vendor behind Ubuntu Linux, was hacked, and the attacker was able to gain unauthorized access to a database of two million users. The downloaded information included usernames, email addresses, IP addresses, and passwords.

Canonical used vBulletin, a web forum software, and although it was regularly updated, the add-ons were not. Chief Executive Officer at Canonical, Jane Silber, acknowledged that there was a known SQL injection vulnerability in Forum Runner, a vBulletin add-on that hadn’t been patched, which led to the attack.

References: Two Million Passwords Breached in Ubuntu Hack | The Hacking of Ubuntu Linux Forums: Lessons Learned | Ubuntu Forum Breach Traced to Neglected Plugin

 

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management, and advanced anomaly detection. 
  • Solid patch management program to quickly mitigate the risk of a vulnerability 

Malware

Mac Malware Steals Keychain Passwords

Researchers at ESET discovered a new Mac malware, Keydnap, a backdoor program designed to steal credentials stored in Apple OS X keychains. When downloaded, the malware appears as a .zip file which contains a .txt or .jpg that has an additional space at the end of the filename. Opening the file will execute in the Terminal application, not in Preview or Text Edit. Once successfully executed, the code will download and install the backdoor, which will add an entry to the LaunchAgents directory to ensure it’s there even after a reboot. The backdoor can now receive commands to steal contents of the OS X keychain. 

References: Keydnap Malware Goes After Your Mac password treasure trove | Mac Malware OSX.Keydnap Steals Keychain | New Mac Backdoor Program Steals Keychain Content

Mitigation Strategies:

  • Antivirus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites

Top 20 IP Addresses

13.95.146.117 116.31.116.51
103.238.68.242 91.224.160.10
121.18.238.32 46.109.168.179
193.169.52.222 188.118.2.26
81.183.56.217 221.194.44.219
5.45.74.251 121.18.238.22
221.194.44.194 5.45.73.208
91.224.161.103 118.170.130.207
94.125.216.20 179.40.137.225
186.128.40.157 5.237.66.28

*IP addresses provided by Recorded Future.