22 security breaches Worldwide – Week 14, 2019
Be informed about the latest 22 Security breaches Worldwide, identified and reported publicly during Week 14, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- Researchers have discovered a new XLoader variant.
- It poses as a security app for Android devices and uses a malicious iOS profile for those devices. It uses Twitter for its command infrastructure and includes new features such as spyware. It spreads via SMS phishing lures. New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy
- Bayer was hit by the Winnti malware last year and only went public recently about the situation.
- No actual data theft occurred, and the company was monitoring the Chinese attackers covertly. The malware was removed last month. This group has hit other German businesses recently. Bayer contains cyber attack it says bore Chinese hallmarks
- Apache has found a bug in which server scripts can execute code with root privileges and take over the underlying web server.
- This is especially acute for shared tenant web providers. The issue is with Unix v.2.4.17 to v.2.4.38. You’ll want to upgrade to v.2.4.39 with the fix. Apache web server bug grants root access on shared hosting environments
- Researchers found two separate databases filled with Facebook user and plaintext passwords.
- Both were from third-party providers and found on unsecured online data structures. One had more than 20,000 passwords, the other had millions of records. The researchers had trouble getting in contact with the data owners to lock both of them down. Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
- CEO of Israeli spyware-maker NSO on fighting terror, Khashoggi murder, and Saudi Arabia.
- An Israeli company licenses software around the world that can crack just about any smartphone, but is its use always on the side of good? Tonight we’ll take you inside the growing, shadowy global market of cyber espionage.
- If you saw the 60 Minutes segment on NSO Group and Pegasus (above), you might be interested in reading the Citizen Lab’s rebuttal and examination of what was aired.
- Citizen Lab was interviewed on the show and still claims the Israeli software outfit is behind some heinous state-sponsored criminal activities. DUBIOUS DENIALS & SCRIPTED SPIN
- Current versions of both Microsoft Edge and IE browsers can share confidential data among websites without the user’s knowledge.
- Malicious JScript code makes this possible. Researchers call this a same-origin attack. Microsoft doesn’t yet have a fix for this. Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data
- Hackers use ransomware for other reasons than to extract money from victims.
- This post describes how attackers try to cover their tracks for more sustained damage to enterprise networks. The malware hides anything that forensic investigators can use to examine the incident. This can be helped inadvertently by IT departments that reimage the infected machines, removing this evidence. How hackers use ransomware to hide data breaches and other attacks
- Magento has released a security advisory for more than 30 different vulnerabilities.
- Users should upgrade to one of several new versions with these fixes asap. They are widely used as the backend system for many ecommerce websites. It has been hit with a variety of exploits recently, including code injection and remote code execution. Magento 2.3.1, 2.2.8 and 2.1.17 Security Update
- Hackers working for a surveillance company infected hundreds of people with several malicious Android apps that were hosted for years on the Google Play Store.
- They were discovered by researchers and labeled Exodus. The spyware was disguised as legit apps from Italian mobile providers. The apps have been removed now. Exodus: New Android Spyware Made in Italy
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.
- Talos researchers have been tracking 74 different shady Facebook groups.
- Members gather to sell payment card data, email spamming tools and stolen credentials. The post describes their continuing efforts to eradicate these criminals. “Security teams and vendors must work together to actively share information, take action and inform our customers,” they say. Hiding in Plain Sight
- How Man-in-the-Middle (MITM) attacks work their mischief.
- The post catalogs the different types, including ARP and DNS spoofing, session hijacking and SSL stripping. It also provides several preventative measures, such as using MFA, a WAP and VPN Man-in-the-Middle (MITM) Attacks: An Introduction
- Cell phones from Xiaomi have a pre-installed infected — and phony — security app called Guard Provider.
- These were subsequently deleted after researchers notified the vendor. The app ironically could be used to carry out MITM attacks, among others. Xiaomi Vulnerability: When Security Is Not What it Seems
- Researchers have found several WordPress and Joomla sites infected with Shade/Troldesh ransomware.
- The code leverages hidden HTTP directories. The likely cause is outdated plug-ins that were used as entry points for attackers. Abuse of hidden “well-known” directory in HTTPS sites
- Researchers have found a collection of US-based web servers which distribute 10 major malware families for spam campaigns.
- Authors appear to use one set of servers for email hosting and another set for actual malware operations. Mapping Out a Malware Distribution Network
- A new study published by Ben-Gurion University in Israel shows how hackers can tamper with 3D medical scans.
- What makes this significant is that this tampering can be constructed in such a way as to deceive many radiologists. Here is a video of the scans before and after they have been altered. This is the same group of researchers who have found all sorts of side-channel attacks over the years. CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning and video here Injecting and Removing Cancer from CT Scans
- A major breach in VoterVoice campaign data was discovered unsecured online by a researcher.
- It contained 300,000 unique voter email IDs, addresses and phone numbers. The site is used to send messages to elected officials. The vendor claimed it was public information anyway, and ignored several attempts to lock it down. Exclusive: A political “grassroots advocacy” company that lets concerned citizens contact their lawmakers about issues that affect them has exposed hundreds of thousands of people’s data. and here Thousands of ‘take action’ messages to lawmakers exposed by political advocacy giant
- As the UK continues to stumble over its Brexit plans, this post examines what this means for cybersecurity there.
- It isn’t clear if EU cyber standards will apply in the UK and how data sharing governance will happen. UK businesses will need to review their own privacy policies too. Mind the Brexit gap in cyber security
- Analysis of thousands of email spoofing campaigns show that email gateways fail to stop almost all of these messages from being delivered.
- The tried and true techniques of sender name and domain impersonation do the dirty work. Secure Email Gateways Miss 99.5 Percent of All Non-Exact Email Spoofing Attacks, New IRONSCALES Research Concludes
- Remember the release of the NSA open source hacking toolkit called Ghidra?
- Here is a post that shows how it is used to examine the Azorult malware, using reverse engineering of its code to explore the various components. The post shows how valuable this tool can be for defenders. Analyzing AZORult malware using NSA Ghidra suite
- Beware of tax-themed Trojans and email phishing lures this time of year.
- Proofpoint has the details of several campaigns it has seen from its telemetry. Tax-themed Email Campaigns Target 2019 Filers
- Equipment owned by the author of the OrcusRAT malware has been seized by federal agents in Toronto.
- He claims his software has legitimate purposes. Canadian Police Raid ‘Orcus RAT’ Author
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!