19 Security breaches Worldwide – Week 11, 2019
Be informed about the latest 19 Security breaches Worldwide, identified and reported publicly during Week 11, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- The best way to ensure solid security is to get everyone in your company invested in its success.
- This post from a new employee at Duo is worth reading about how a zero-trust model can be implemented. Using a Zero-Trust Framework to Make Sure Everyone is Part of Security
- Networks of four major London tourist attractions have been hit with millions of cyber attacks in the past three years.
- The networks targeted were the Natural History Museum, the Imperial War Museum, Kew Gardens and the Tate. None resulted in any compromises of membership data. Millions of cyber attacks on Kew Gardens and museums as hackers target people’s financial data
- Container security is focused on the wrong processes.
- Instead of hardening container-to-container communications, we need to be thinking about more holistic issues, such as poisoned containers, overall operational issues, and certifying images. That argument and more can be found in this post from my colleague Lori MacVittie. Operational Security is Critical for Container Safety
- Research based on 100,000 unauthorized logins to cloud services found that almost half of the companies had at least one compromised account.
- Almost half of these unauthorized logins originated from Nigerian IP addresses. And while the number of actual comprised accounts is a low percentage, this still means a weak entry point for a majority of cloud tenants. Threat actors leverage credential dumps, phishing, and legacy email protocols to bypass MFA and breach cloud accounts worldwide
- Researchers propose two new AI-based technologies to help in malware detection.
- One is called an adversarial autoencoder, which can help create new samples of malware code. The other uses semantic hashing to better study the malware behavior and find repeated code segments. Both are explained further in this post. A Machine Learning Model to Detect Malware Variants
- Google is adding an option to disable SMS as a second authentication factor in G Suite.
- This means you can have the best of both worlds: an admin can enforce MFA on accounts but still allow users to deploy authentication apps or hardware keys that are more secure. The policy is enforced across your entire domain and will be rolled out over the next couple of weeks to all G Suite customers. Disable SMS or voice codes for 2-Step Verification for more secure accounts
- Researchers have discovered a new campaign targeting Elasticsearch sites.
- It installs a nasty cryptominer called CryptoSink which will kill off competing miners it finds on the same host. It also swaps out the Linux ‘rm’ remove command to make it more persistent. Elasticsearch Crypto-Miner Sinkholes the Competition
- A massive misuse of more than two million SSL certs has been discovered.
- The certs were issued by Google, GoDaddy and Apple and will need to be revoked and replaced. The problem has to do with how the serial numbers are sequenced. While an actual exploit is highly unlikely, it is still a major nuisance A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates
- Researchers have discovered a major backdoor bug in the Swiss online voting system.
- It could make it easier for fraudulent ballots to be counted without detection. This revelation happened outside their bug bounty program announced last month. Researchers Find Critical Backdoor in Swiss Online Voting System
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.
- For the past week, Russia has blocked users of the Protonmail encrypted email service from using its product.
- It is a very subtle method that disconnects the service from other Russian email servers. Protonmail explains what happened and how it got around the blocks. Update on the attempted blocking of ProtonMail email servers in Russia
- POS-based malware is getting more adept.
- First is one called DMSniff, which is now targeting POS systems in retail chains. It uses an algorithm to generate command servers dynamically. This blog post dissects its operation; IT managers should watch for SSH brute force attacks and abnormal Windows processes. Second is the one called GlitchPOS, which is so simple to use and comes with its own setup video. It looks like a game (see screencap below) and has been tracked to a very active POS malware author. Various security tools can block this one. ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses and GlitchPOS: New PoS malware for sale.
- When you have your mobile phone tethered to your desktop, you more than double the chances you will be attacked during online sessions than just using one device.
- This is according to a new report that examines various cybercrime trends in ecommerce and finserv sectors. 2018 CYBERCRIME REPORT – Global Insights from the ThreatMetrix® Digital Identity Network®
- Report on hacked websites using this vendor’s telemetry showed an eight percentage point increase in CEO spam from last year.
- WordPress still remains one of the most popular compromised sites. Speaking of which, this handy how-to shows you what you need to do to bring your WordPress blog up to using SSL. Hacked Website Trend Report – 2018
- This handy reference guide explains the level of privacy available with various security tools, such as VPNs, anonymous browsing sessions, and privacy-enhanced search engines.
- Each is evaluated for what data is divulged, such as DNS, IP address, and server info. Browsing Anonymously: Is It Really Anonymous?
- Two Kiev-based app developers have been sued by Facebook. The social networking company claims they have created malware-infested extensions to their platform.
- The apps have been downloaded more than 60,000 times and take the form of a series of online quizzes that were targeted at Russian speakers. Facebook sues Ukrainian browser extension makers for scraping user data
- A new form of malware that propagates via watering hole attacks and Slack channels has been discovered.
- It has several other infection stages as well that show how persistent it can be. New SLUB Backdoor Uses GitHub, Communicates via Slack
- Another open MongoDB database was hacked, this one containing API calls for Dalil, a Saudi caller ID app.
- The app has been downloaded more than five million times, and contains a wealth of private data, including phone numbers, GPS locations and user IDs of numerous other apps. Saudi caller ID Dalil app exposed data of more than 5 million users
- Four MongoDB databases spanning 190 GB and containing two billion records belonging to Verifications.io were left unsecured and breached last week.
- They were found by a researcher. Its website was taken offline and hasn’t yet been brought back. Security consultants are at work to determine the cause. Troy Hunt has some ideas how this trove was compiled on Twitter. 800+ Million Emails Leaked Online by Email Verification Service.
- Citrix’ internal network was breached by hackers last week.
- Resecurity (cited in The Hacker News) claims the Iranian-backed Iridium hacker group was responsible. They probably used a compromised password, which is characterized as password spraying. It was alerted about the breach by the FBI, which is investigating. The company posted the breach notification. It doesn’t know what data was accessed by the hackers yet. Citrix investigating unauthorized access to internal network and Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data.
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
