The Latest 25 Security breaches Worldwide – Week 12, 2019

Latest Security breaches Worldwide - Week 12, 2019

25 Security breaches Worldwide – Week 12, 2019

Be informed about the latest 25 Security breaches Worldwide, identified and reported publicly during Week 12, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.


  • Here is a twofer phishing campaign.



  • There has been a three-fold increase in DDoS attacks targeting SaaS sites, and an almost doubling of government targets.



  • The SoftNAS cloud storage application had a major authentication bug.

  • The hacking group FIN7 has improved its malware code.
    • The group has added a better administrative console and a new remote access program written in SQL. It has stolen millions of payment card records over the years from various hospitality and entertainment-related businesses. FIN7 Revisited: Inside Astra Panel and SQLRat Malware


  • You probably don’t know that a malicious JavaScript which is hosted on the public Internet can attack anyone’s internal network using the browser as a proxy.


  • Here is a depressing article about why phishing is so potent.
    • Using a team of tech-saavy developers, a third of the recipients were still fooled by a very cleverly-designed phish to click on the embedded link. And 14 percent of them submitted personal data as a result. This post shows the importance of security awareness training. Phishing my company. An infosec lesson for businesses

 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.


  • A new report from Red Canary shows some of the most common ATT&CK techniques they have observed across their networks.
    • It also includes why that is the case and provides some detection strategies to make them easier for you to find. PowerShell-based attacks lead the list. 2019 Threat Detection Report

  • Troldesh is a four-year-old malware that is on the rise.


  • Hidden Monero cryptominers are getting more sophisticated, according to this Check Point report that examines its forensics.

  • Based on Barracuda’s network telemetry, there are three major types of phishing attacks:
    • brand impersonation (which accounts for most of the attacks), business email compromise and blackmail. A third of attacks originate from Gmail accounts. Spear Phishing: Top Threats and Trends

  • A new Mirai variant has been seen that targets enterprise WePresent wireless display systems.

  • Norsk Hydro, one of the world’s largest aluminum producers, has been hit with an attack.

  • The story of how North Korean state-sponsored hackers pulled off a April 2018 $15M Mexican bank heist was told at the RSA Conference earlier this month.


  • The Pakistani passport office has been hit by a similar attack to last month’s one on Cairo’s Bangladeshi embassy.

  • Password spraying attacks are on the rise, as we mentioned last week.
    • This post suggests some ways to avoid them, such as deploying MFA, using stronger passwords, reviewing your password manager regularly, and doing regular security awareness training. There are also good suggestions on what to do after you have been hit with such an attack, including resetting passwords and reviewing your incident response logs. “Password Spraying”—What to Do and How to Avoid It


 


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!