22 security breaches Worldwide – Week 14, 2019
Be informed about the latest 22 Security breaches Worldwide, identified and reported publicly during Week 14, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- Researchers have discovered a new XLoader variant.
- It poses as a security app for Android devices and uses a malicious iOS profile for those devices. It uses Twitter for its command infrastructure and includes new features such as spyware. It spreads via SMS phishing lures. New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy
- Bayer was hit by the Winnti malware last year and only went public recently about the situation.
- No actual data theft occurred, and the company was monitoring the Chinese attackers covertly. The malware was removed last month. This group has hit other German businesses recently. Bayer contains cyber attack it says bore Chinese hallmarks
- Apache has found a bug in which server scripts can execute code with root privileges and take over the underlying web server.
- This is especially acute for shared tenant web providers. The issue is with Unix v.2.4.17 to v.2.4.38. You’ll want to upgrade to v.2.4.39 with the fix. Apache web server bug grants root access on shared hosting environments
- Researchers found two separate databases filled with Facebook user and plaintext passwords.
- Both were from third-party providers and found on unsecured online data structures. One had more than 20,000 passwords, the other had millions of records. The researchers had trouble getting in contact with the data owners to lock both of them down. Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
- CEO of Israeli spyware-maker NSO on fighting terror, Khashoggi murder, and Saudi Arabia.
- An Israeli company licenses software around the world that can crack just about any smartphone, but is its use always on the side of good? Tonight we’ll take you inside the growing, shadowy global market of cyber espionage.
- If you saw the 60 Minutes segment on NSO Group and Pegasus (above), you might be interested in reading the Citizen Lab’s rebuttal and examination of what was aired.
- Citizen Lab was interviewed on the show and still claims the Israeli software outfit is behind some heinous state-sponsored criminal activities. DUBIOUS DENIALS & SCRIPTED SPIN
- Current versions of both Microsoft Edge and IE browsers can share confidential data among websites without the user’s knowledge.
- Malicious JScript code makes this possible. Researchers call this a same-origin attack. Microsoft doesn’t yet have a fix for this. Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data
- Hackers use ransomware for other reasons than to extract money from victims.
- This post describes how attackers try to cover their tracks for more sustained damage to enterprise networks. The malware hides anything that forensic investigators can use to examine the incident. This can be helped inadvertently by IT departments that reimage the infected machines, removing this evidence. How hackers use ransomware to hide data breaches and other attacks
- Magento has released a security advisory for more than 30 different vulnerabilities.
- Users should upgrade to one of several new versions with these fixes asap. They are widely used as the backend system for many ecommerce websites. It has been hit with a variety of exploits recently, including code injection and remote code execution. Magento 2.3.1, 2.2.8 and 2.1.17 Security Update
- Hackers working for a surveillance company infected hundreds of people with several malicious Android apps that were hosted for years on the Google Play Store.
- They were discovered by researchers and labeled Exodus. The spyware was disguised as legit apps from Italian mobile providers. The apps have been removed now. Exodus: New Android Spyware Made in Italy
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.