29 Security breaches Worldwide – Week 13, 2019
Be informed about the latest 29 Security breaches Worldwide, identified and reported publicly during Week 13, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- Ecommerce sites that support the PayPal Payflow Pro protocols could be subject to abuse of their underlying Magento software.
- Hackers were able to use $0 transactions with stolen credit card numbers to check whether the cards are still valid. Magento is recommending web app firewalls or bot detection systems to protect their servers. Hackers abuse Magento PayPal integration to test validity of stolen credit cards
- Korean government-sponsored researchers have discovered dozens of bugs in the LTE wireless protocol stack.
- They documented them here and classified the problems into improper error handling, replayed message attacks, poor encryption implementation and bypasses of security procedures. Hackers could leverage these bugs to take control over phones, send SMS phishes and deny services. Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane
- This post reviews the history of the NIST cybersecurity framework.
- Since it was created in 2014, it has gone through several revisions and improvements. It is widely used as a reference model for numerous organizations. 5 Years of the NIST Cybersecurity Framework
- Organizations need to do a better job of defending — and monitoring — non-standard IP ports.
- This and lots more data from Sonicwall’s instrumentation can be found in its latest report. It identified thousands of new malware variants daily across its sensor network. 2019 SONICWALL CYBER THREAT REPORT
- Last week’s news about the Norsk Hydro ransom attack has some updates.
- There is this statement from the company itself, which could serve as a template for what businesses should do in the future. They were transparent, took proactive measures to provide the details, set up a temp website and held daily media briefings to answer questions by their senior staff. They also had solid backups available so they didn’t have to pay the ransom. Update on cyber attacks March 21 and Click to start the webcast
- A security researcher collected used PCs from local pawn shops and found a staggering amount of personal data on their hard drives.
- For $600, he obtained dozens of computers, cell phones and hard disks. He ran each drive through his own scanning tool and found dozens of SSNs, email accounts, credit card numbers and even two passports. It’s Scary How Much Personal Data People Leave on Used Laptops and Phones, Researcher Finds
- Hackers replaced the Asus software update tool with their own.
- This enabled them to distribute backdoors in malware to hundreds of thousands of PCs last year. Motherboard broke the story. The attack was discovered and confirmed by researchers who found a supply chain campaign. It is being called Operation ShadowHammer. What is interesting is that only a few hundred of the infected Asus PCs had backdoors that were actually activated by the malware authors. Asus has not confirmed the problem. The story shows the length that different teams of researchers went to work together to identify the malware and how it was designed to be precisely targeted and well-hidden. Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers and Operation ShadowHammer
- The US agency FEMA has accidentally leaked the personal data of more than 2 million disaster survivors from its third-party contractor.
- This is according to an OIG report released last week. The contractor has since updated its access rules, and the report says no evidence of compromise has been yet found. FEMA ‘unnecessarily’ shared data of 2.3 million disaster victims with contractor
- The BokBot’s man-in-the-browser attack is dissected in this post.
- It shows its inner workings, how it managed certs and data flow, and how code is injected into the browser connection. Interception: Dissecting BokBot’s “Man in the Browser”
- This post takes a deep dive into what happened with the Marriott/Starwood breach from 2014-2018.
- Nearly 400 million guests’ private data was leaked, costing the hotel chain $3M. The chain has bad security practice, and worse response tactics. Autopsying the Marriott Data Breach: This is why insurance matters
- DDoS attacks declined during 4Q18, according to this report from NexusGuard.
- One attack against a single target was observed each day during December, demonstrating how determined adversaries are these days. Durations increased to 450 minutes on average. DDoS Threat Report 2018 Q4
- Another zero-day bug with another WordPress plug-in.
- This time it is Social Warfare, a social sharing tool that has more than 70,000 installs and more than 900,000 downloads. The issue allows a scripting attack that can provide remote access to your website. The plug-in has been fixed in v. 3.5.3 and users should update. Unpatched Zero-Day Vulnerability in Social Warfare Plugin Exploited In The Wild and WP SECURITY BULLETIN – MARCH 2019.
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.
- A Lithuanian man has pleaded guilty in Manhattan federal court to stealing over $100M from Google and Facebook, posing as a hardware vendor.
- He sent victims phony invoices and contracts. He faces up to 30 years in prison and will be sentenced in July. Lithuanian pleads guilty in U.S. to $100 million fraud against Google, Facebook
- GitHub has been leaking more than 100,000 API and other digital keys, according to academic researchers.
- Thousands of new keys are leaked daily as well. The keys include those for SSH connections that enable encrypted communications and could be used to gain access to a wide variety of online sites, including AWS, Google and Twitter accounts, and Twilio. The researchers suggest several best practices, including using the .gitignore file and changing how Git libraries are structured to better protect these keys. How Bad Can It Git? Characterizing Secret Leakage
in Public GitHub Repositories
- Thousands of new keys are leaked daily as well. The keys include those for SSH connections that enable encrypted communications and could be used to gain access to a wide variety of online sites, including AWS, Google and Twitter accounts, and Twilio. The researchers suggest several best practices, including using the .gitignore file and changing how Git libraries are structured to better protect these keys. How Bad Can It Git? Characterizing Secret Leakage
- A very sensitive data leak from a spyware vendor has been available online for more than six weeks.
- The leak contained images and audio recordings from consumers’ phones. Troy Hunt examined the nearly 20GB of data to verify it is legit. Reporters have been unsuccessful with various attempts to contact the vendor, and are not naming the vendor to try to protect the data. This Spyware Data Leak Is So Bad We Can’t Even Tell You About It
- This post summarizes how the feds are trying to up their cybersec game.
- It focuses on three major failures and three new initiatives to increase defensive operations in the DoD, DARPA and NIST. Feds Seek To Up Their Cybersecurity Game
- The hacking group APT35 (the folks responsible for Charming Kitten and other attacks) has been sued by Microsoft in US District Court in DC.
- As part of that process, Microsoft has taken over 99 domains the group has used in its campaigns. The group has been active for six years and has targeted hundreds of businesses and government agencies around the world. Microsoft has seized domains from the Fancy Bear hacking group in the past. We are taking new steps against broadening threats to democracy and Microsoft Corporation (“Microsoft”) has sued Defendants John Does 1-2 associated with the Internet domains listed below.
- The Nigerian email scams are well known, to the point where they are documented on Wikipedia.
- But what is not as well known is how pervasive the internal malware attacks are within the country. More than half of their businesses are attacked at least annually. The average dwell time is 200 days. Advance-fee scam and 60% of Firms suffering from Cyberattack every year in Nigeria
- Trend Micro and the US Secret Service have put together this interesting report, Evolution of Cybercrime about the history of hacking.
- It takes us through the year of the data breach in 2011, the mobile and botnet eras, and the rise of online banking attacks, among others. The Evolution of Cybercrime and Cyberdefense
- Shodan Monitor is a new offering from the popular security search tool and might motivate you to become a paying member.
- The site will send you an email when it finds an exposed Internet device. It monitors up to 16 IPs for Shodan members (who pay $49 to join) and 300,000 IPs for Shodan Corporate API members. Shodan has plug-ins for Nmap, Metasploit, Maltego and browsers too. Know What’s Connected
- If you yearn to learn more about LockerGoga, here are two posts that take a deeper dive into its behavior:
- The ransomware that caused $40M in damages to Norsk Hydro can change passwords on local user accounts, can log victims out of infected systems, and doesn’t yet replicate. Both posts dissect its code and operations. Born This Way? Origins of LockerGoga and Analysis of LockerGoga Ransomware
- If you are using Huawei PCManager on your laptops, pay attention.
- he company released a driver that contains a privilege escalation bug. This would be big news, but made bigger by the way this bug was found from Microsoft’s efforts. Huawei fixed the driver and published the safe version, which you should update asap. From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw and Security Advisory – Two Vulnerabilities in Huawei PCManager Product
- A massive survey of thousands of Internet users around the world found that they have taken steps to protect their online data.
- Contrary to popular belief, Millennials do care about online privacy. Gen Z are the most likely people to not update their software, however. Labs survey finds privacy concerns, distrust of social media rampant with all age groups
- Here is a nice dashboard of up-to-date current threats that are detected by Guadicore’s sensors
- It shows top IP addresses, malware samples, and malicious domains being used by hackers. Cyber Threat Intelligence
- A new study shows just how poor the average AV protection is against known malware campaigns.
- Tools from Symantec, McAfee and Trend Micro only catch a third of the samples, especially when used on disconnected PCs or when a single byte of code is changed. Part of the issue is that half a million new malware pieces are created daily. The Illusive 99.9% – Study of the efficacy of modern antivirus products against known malware
- Emotet has new variants that change its underlying communications infrastructure.
- It also replaces infected Office macros with Javascript droppers. Both of these make it harder to detect. Emotet Update: New C2 Communication Followed by New Infection Chain
- The developers of the info stealer Azorult Trojan have quit doing updates, but that hasn’t stopped others with new enhancements, including a complete rewrite in C++.
- The AZORult Trojan is one of the most commonly bought and sold stealers. This post dissects what else is new with the code. AZORult++: Rewriting history
- Researchers have found evidence of a new banking Trojan called Gustuff.
- It has been stealing funds from more than 100 banks around the world and robbing users of various cryptocurrencies using infected Android wallets. It is an updated version of the AndyBot malware. It can use the Accessibility services to interact with screens from other apps and also turn off Google’s Play Protect feature. It spreads using your phone’s contact list. Gustuff Android Malware Targets 100+ Banking and 32 Cryptocurrency Apps
- According to a new survey of CIOs, 60 percent have experienced cert-related outages that hit critical business systems within the last year.
- The vast majority of respondents predict that they will grow their use of certs in the coming years and many are concerned about their growing complexity of their infrastructure that will only make matters worse. Majority of Businesses Still Experience Outages: Are You Protecting Your Certificates?
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
