19 Security breaches Worldwide – Week 11, 2019
Be informed about the latest 19 Security breaches Worldwide, identified and reported publicly during Week 11, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- The best way to ensure solid security is to get everyone in your company invested in its success.
- This post from a new employee at Duo is worth reading about how a zero-trust model can be implemented. Using a Zero-Trust Framework to Make Sure Everyone is Part of Security
- Networks of four major London tourist attractions have been hit with millions of cyber attacks in the past three years.
- The networks targeted were the Natural History Museum, the Imperial War Museum, Kew Gardens and the Tate. None resulted in any compromises of membership data. Millions of cyber attacks on Kew Gardens and museums as hackers target people’s financial data
- Container security is focused on the wrong processes.
- Instead of hardening container-to-container communications, we need to be thinking about more holistic issues, such as poisoned containers, overall operational issues, and certifying images. That argument and more can be found in this post from my colleague Lori MacVittie. Operational Security is Critical for Container Safety
- Research based on 100,000 unauthorized logins to cloud services found that almost half of the companies had at least one compromised account.
- Almost half of these unauthorized logins originated from Nigerian IP addresses. And while the number of actual comprised accounts is a low percentage, this still means a weak entry point for a majority of cloud tenants. Threat actors leverage credential dumps, phishing, and legacy email protocols to bypass MFA and breach cloud accounts worldwide
- Researchers propose two new AI-based technologies to help in malware detection.
- One is called an adversarial autoencoder, which can help create new samples of malware code. The other uses semantic hashing to better study the malware behavior and find repeated code segments. Both are explained further in this post. A Machine Learning Model to Detect Malware Variants
- Google is adding an option to disable SMS as a second authentication factor in G Suite.
- This means you can have the best of both worlds: an admin can enforce MFA on accounts but still allow users to deploy authentication apps or hardware keys that are more secure. The policy is enforced across your entire domain and will be rolled out over the next couple of weeks to all G Suite customers. Disable SMS or voice codes for 2-Step Verification for more secure accounts
- Researchers have discovered a new campaign targeting Elasticsearch sites.
- It installs a nasty cryptominer called CryptoSink which will kill off competing miners it finds on the same host. It also swaps out the Linux ‘rm’ remove command to make it more persistent. Elasticsearch Crypto-Miner Sinkholes the Competition
- A massive misuse of more than two million SSL certs has been discovered.
- The certs were issued by Google, GoDaddy and Apple and will need to be revoked and replaced. The problem has to do with how the serial numbers are sequenced. While an actual exploit is highly unlikely, it is still a major nuisance A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates
- Researchers have discovered a major backdoor bug in the Swiss online voting system.
- It could make it easier for fraudulent ballots to be counted without detection. This revelation happened outside their bug bounty program announced last month. Researchers Find Critical Backdoor in Swiss Online Voting System
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.