Scroll Top

The Latest 29 Security breaches Worldwide – Week 13, 2019


29 Security breaches Worldwide – Week 13, 2019

Be informed about the latest 29 Security breaches Worldwide, identified and reported publicly during Week 13, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.

  • Ecommerce sites that support the PayPal Payflow Pro protocols could be subject to abuse of their underlying Magento software.

  • Korean government-sponsored researchers have discovered dozens of bugs in the LTE wireless protocol stack.

  • This post reviews the history of the NIST cybersecurity framework.

  • Organizations need to do a better job of defending — and monitoring — non-standard IP ports.
    • This and lots more data from Sonicwall’s instrumentation can be found in its latest report. It identified thousands of new malware variants daily across its sensor network. 2019 SONICWALL CYBER THREAT REPORT

  • Last week’s news about the Norsk Hydro ransom attack has some updates.
    • There is this statement from the company itself, which could serve as a template for what businesses should do in the future. They were transparent, took proactive measures to provide the details, set up a temp website and held daily media briefings to answer questions by their senior staff. They also had solid backups available so they didn’t have to pay the ransom. Update on cyber attacks March 21 and Click to start the webcast

  • Hackers replaced the Asus software update tool with their own.
    • This enabled them to distribute backdoors in malware to hundreds of thousands of PCs last year. Motherboard broke the story. The attack was discovered and confirmed by researchers who found a supply chain campaign. It is being called Operation ShadowHammer. What is interesting is that only a few hundred of the infected Asus PCs had backdoors that were actually activated by the malware authors. Asus has not confirmed the problem. The story shows the length that different teams of researchers went to work together to identify the malware and how it was designed to be precisely targeted and well-hidden. Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers and Operation ShadowHammer

  • DDoS attacks declined during 4Q18, according to this report from NexusGuard.
    • One attack against a single target was observed each day during December, demonstrating how determined adversaries are these days. Durations increased to 450 minutes on average. DDoS Threat Report 2018 Q4


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.

  • GitHub has been leaking more than 100,000 API and other digital keys, according to academic researchers.
    • Thousands of new keys are leaked daily as well. The keys include those for SSH connections that enable encrypted communications and could be used to gain access to a wide variety of online sites, including AWS, Google and Twitter accounts, and Twilio. The researchers suggest several best practices, including using the .gitignore file and changing how Git libraries are structured to better protect these keys. How Bad Can It Git? Characterizing Secret Leakage
      in Public GitHub Repositories

  • A very sensitive data leak from a spyware vendor has been available online for more than six weeks.
    • The leak contained images and audio recordings from consumers’ phones. Troy Hunt examined the nearly 20GB of data to verify it is legit. Reporters have been unsuccessful with various attempts to contact the vendor, and are not naming the vendor to try to protect the data. This Spyware Data Leak Is So Bad We Can’t Even Tell You About It

  • This post summarizes how the feds are trying to up their cybersec game.

  • Trend Micro and the US Secret Service have put together this interesting report, Evolution of Cybercrime about the history of hacking.

  • Shodan Monitor is a new offering from the popular security search tool and might motivate you to become a paying member.
    • The site will send you an email when it finds an exposed Internet device. It monitors up to 16 IPs for Shodan members (who pay $49 to join) and 300,000 IPs for Shodan Corporate API members. Shodan has plug-ins for Nmap, Metasploit, Maltego and browsers too. Know What’s Connected

  • If you yearn to learn more about LockerGoga, here are two posts that take a deeper dive into its behavior:

  • Here is a nice dashboard of up-to-date current threats that are detected by Guadicore’s sensors

  • The developers of the info stealer Azorult Trojan have quit doing updates, but that hasn’t stopped others with new enhancements, including a complete rewrite in C++.
    • The AZORult Trojan is one of the most commonly bought and sold stealers. This post dissects what else is new with the code. AZORult++: Rewriting history

  • Researchers have found evidence of a new banking Trojan called Gustuff.
    • It has been stealing funds from more than 100 banks around the world and robbing users of various cryptocurrencies using infected Android wallets. It is an updated version of the AndyBot malware. It can use the Accessibility services to interact with screens from other apps and also turn off Google’s Play Protect feature. It spreads using your phone’s contact list. Gustuff Android Malware Targets 100+ Banking and 32 Cryptocurrency Apps

  • According to a new survey of CIOs, 60 percent have experienced cert-related outages that hit critical business systems within the last year.



Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts