25 Security breaches Worldwide – Week 12, 2019
Be informed about the latest 25 Security breaches Worldwide, identified and reported publicly during Week 12, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- Here is a twofer phishing campaign.
- It tries to obtain credentials for both Shopify and PayPal. If you are reading the email message on a phone, you should beware. 2 in 1 Shopify and Paypal phishing scam
- A 20-something North Carolina man collected more than $3M over four years in a tech support scam.
- He used Google and Bing-based adware that mimicked Microsoft messages to drive traffic. He pled guilty last week. Microsoft tech support scammer pleads guilty to defrauding victims of $3 million
- A zero-day flaw in the Easy WP SMTP WordPress plug-in with 300,000 installs has been found.
- It allows hackers to use a backdoor to take admin control over a blog and redirect users to sites running tech support scams. Users should update to v. 1.3.9.1 which contains a patch. Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin. and WP Security: 21 plugin vulnerabilities in March 2019
- There has been a three-fold increase in DDoS attacks targeting SaaS sites, and an almost doubling of government targets.
- And almost all DDoS attacks could easily saturate any corporate network that they targeted. These and other findings are according to a new report from Netscout. NETSCOUT Releases 14th Annual Worldwide Infrastructure Security Report
- A phishing campaign that mimics a flu-related warning from the CDC is a new low in venality.
- The come-on message is reproduced below. Instead, it delivers an updated v. 5.2 of the GandCrab ransomware, which doesn’t have a readily-available decryptor. This Phishing Campaign Spoofed a CDC Warning to Deliver the Latest GandCrab Ransomware
- Brian Krebs broke this story about how for several years now, thousands of Facebook employees have access to millions of their users’ plain text passwords.
- Soon thereafter, a Facebook VP posted this explanation that said there is no evidence that anyone abused or improperly accessed this information. That is a different statement from saying that no one accessed them. There was also no explanation of why this data, which was contained in log files, was collected to begin with. My colleague Sean Gallagher in Ars has the best analysis. Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years and Keeping FaceBook Passwords Secure and Facebook apps logged users’ passwords in plaintext, because why not
- The SoftNAS cloud storage application had a major authentication bug.
- It was fixed with the help of security researchers and users should update their software.
- The hacking group FIN7 has improved its malware code.
- The group has added a better administrative console and a new remote access program written in SQL. It has stolen millions of payment card records over the years from various hospitality and entertainment-related businesses. FIN7 Revisited: Inside Astra Panel and SQLRat Malware
- Injections and scripting attacks, a majority of official EU government websites contain third-party ad tracking cookies.
- This goes against GDPR regs and comes from this report. The French government websites are the worst offenders, with more than 50 different trackers found. Cookiebot report: Hidden tracking of citizens on EU government and health sector websites
- You probably don’t know that a malicious JavaScript which is hosted on the public Internet can attack anyone’s internal network using the browser as a proxy.
- This post explains how to pull this off and how to stop it. Since a browser will by default have access to localhost as well as the local LAN, these public-to-private attacks can bypass not only the corporate/consumer perimeter firewall, but also the local host-based firewall. Attacking the internal network from the public Internet using a browser as a proxy
- MyPillow and Amerisleep were both hit by Magecart malware.
- The first attack happened last fall for two months, and was acknowledged by the company. The second is still ongoing. Neither informed customers about the breach. Magecart has been responsible for other recent attacks, including UK-based sneaker company Fila and several American ecommerce sites, according to this report. Its attraction is a simple deployment, with just one line of injected Javascript. Consumers May Lose Sleep Over These Two New Magecart Breaches and Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites
- Here is a depressing article about why phishing is so potent.
- Using a team of tech-saavy developers, a third of the recipients were still fooled by a very cleverly-designed phish to click on the embedded link. And 14 percent of them submitted personal data as a result. This post shows the importance of security awareness training. Phishing my company. An infosec lesson for businesses
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.
- A new report from Red Canary shows some of the most common ATT&CK techniques they have observed across their networks.
- It also includes why that is the case and provides some detection strategies to make them easier for you to find. PowerShell-based attacks lead the list. 2019 Threat Detection Report
- Troldesh is a four-year-old malware that is on the rise.
- It starts with an infected email attachment that contains a Javascript downloader to install its ransomware component. It appears to have Russian origins. Spotlight on Troldesh ransomware, aka ‘Shade’
- This post shows how a Paypal phishing attack works and how easily victims can be compromised.
- It also points out a few tools that researchers use to analyze the malware and understand its inner workings. RETURN TO SENDER: A TECHNICAL ANALYSIS OF A PAYPAL PHISHING SCAM
- Hidden Monero cryptominers are getting more sophisticated, according to this Check Point report that examines its forensics.
- One sample has all the complexities of an APT, including two Trojans, various persistence mechanisms, and situational awareness. Check Point Forensic Files: A New Monero CryptoMiner Campaign
- Based on Barracuda’s network telemetry, there are three major types of phishing attacks:
- brand impersonation (which accounts for most of the attacks), business email compromise and blackmail. A third of attacks originate from Gmail accounts. Spear Phishing: Top Threats and Trends
- A new Mirai variant has been seen that targets enterprise WePresent wireless display systems.
- That makes its focus unique. It contains 11 new exploits. It can now compromise a wide range of routers from DLink, Zyxel and Netgear, among other devices. That along with added exploit techniques means it has become more dangerous and can launch more potent DDoS attacks. New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems
- Norsk Hydro, one of the world’s largest aluminum producers, has been hit with an attack.
- Its corporate website was knocked offline. It operates in 40 different countries, and said its entire IT systems across many different departments were affected in this press video briefing. Norway’s CERT said it appeared to be a victim of the LockerGoga malware. The company won’t pay the ransom and will restore data from its backups. Aluminium Giant Norsk Hydro Suffers Major Cyber-Attack and Skreddersydd dobbeltangrep mot Hydro
- The story of how North Korean state-sponsored hackers pulled off a April 2018 $15M Mexican bank heist was told at the RSA Conference earlier this month.
- A smaller yet still elaborate series of attacks allowed hackers to siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican banks. HOW HACKERS PULLED OFF A $20 MILLION MEXICAN BANK HEIST
- Certainly, fileless malware is on the rise.
- Paul Gillin has written an excellent analysis on why it is trending and what some researchers are calling vaporworms. Will We See the Rise of Vaporworms and Other New Fileless Attacks in 2019?
- The Pakistani passport office has been hit by a similar attack to last month’s one on Cairo’s Bangladeshi embassy.
- Malware loads the Scanbox data stealer and keystroke logger and uses similar obfuscation techniques to avoid detection. Attacker Tracking Users Seeking Pakistani Passport
- Password spraying attacks are on the rise, as we mentioned last week.
- This post suggests some ways to avoid them, such as deploying MFA, using stronger passwords, reviewing your password manager regularly, and doing regular security awareness training. There are also good suggestions on what to do after you have been hit with such an attack, including resetting passwords and reviewing your incident response logs. “Password Spraying”—What to Do and How to Avoid It
- Should researchers rush to publish proof-of-concept code?
- A new report recommends they should work with vendors and wait until patches are available. They list five different exploits that were disclosed early and resulted in malware campaigns that leveraged the zero-day code. This post interviews the report authors and provides additional context. Is it still a good idea to publish proof-of-concept code for zero-days? and Cybersecurity threatscape Q4 2018
- Researchers have seen new malware that uses the 737 Max 8 crashes as a subject line.
- They contain infected JAR files that install two Trojans: the H-Worm for remote access and the Adwind data stealer. US CERT issued this alert and Spam Warns about Boeing 737 Max Crashes While Pushing Malware
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
