24 Security breaches Worldwide - Week 15, 2019
Be informed about the latest 24 Security breaches Worldwide, identified and reported publicly during Week 15, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- A darkweb marketplace called Genesis is selling digital masks of end users to carding criminals.
- These are used to defeat anti-fraud systems because they contain each victim's online buying history, computer screen size, and other information from their browsers and cookies. One researcher calls this the next generation of carding after finding these transactions online. How crooks use your doppelgangers to pay with your card
- The Exodus spyware originally developed for Android devices is now infecting iOS too.
- This was accomplished by abusing the Apple Developer Enterprise program’s cert. It can access contacts, audio recordings, photos and videos from its victims. Apple neutralized the app once researchers published details about the malware. A powerful spyware app now targets iPhone owners
- NATO conducts its annual Locked Shields live-fire cyber exercise that once again threatens the fictional country of Berylia.
- There will be 1,000 participants from 30 different countries operating the Estonian Cyber Range. Locked Shields is a unique international cyber defence exercise offering the most complex technical live-fire challenge in the world
- The front-end and open source web framework called Bootstrap-Sass has been infected with malware based on a compromised version of RubyGems.
- While both are quite popular, the issue was spotted quickly and fixed after about a thousand users had downloaded the malware. Upgrade to v.3.2.0.4 asap. Bootstrap supply chain attack is another attempt to poison the barrel
- Those sextortion scammers are getting more sophisticated.
- They have lowered their ransom demands in the hopes of getting more victims to pay and also hidden their malware through multiple layers of encryption, passwords and programming. Big change in the plague of Blackmail, Sextortion Scam attempts
- Two WordPress-related malware strains have made the news.
- The first is called the GoBrut botnet. It is a more dangerous variant of the ELF family that expands its attack surface to both Windows and Linux systems. Another exploit is with the WordPress Duplicate-Page plugin. It could affect 800,000 websites. If you use it, please update to v.3.4, which has the fix that prevents stolen data and potentially admin access to your site. GoBrut Botnet ELF Variant and New C2 Discovered and SQL Injection in Duplicate-Page WordPress Plugin
- Dropbox has paid out bug bounties for hundreds of vulnerabilities, for a total of more than $300k.
- One of the participants was the appropriately named Jack Cable, a Stanford CS student who has racked up several hundred bounties by himself. This came from a hackathon in Singapore last week run by HackerOne. Dropbox uncovers 264 vulnerabilities in HackerOne Singapore bug hunt
- This post describes how a company got hit with the IEncrypt ransomware and how it proceeded.
- It all started with a phished email, and within a week attackers had gained control over the corporate network, encrypting files on hundreds of endpoints. The company paid the ransom and was able to decrypt its files. The post describes further forensic analysis that is worth reading IRESPONSE TO IENCRYPT
- Tomorrow is an important election in Israel, and there are claims of a major data breach in its voting registry.
- It could be old data that was leaked back in 2006, and authorities are investigating. It is part of an annual hacking campaign by various groups around the world. In the past, these campaigns haven’t had much success. In other news, Twitter has suspended dozens of suspicious accounts run by a Chinese group that has political messages posted in Hebrew. The group believes Jesus has been reincarnated as a Chinese woman living in Queens. Yes, you read that correctly. Hacker's Claims of Breaching Israeli Voter Registry Under Investigation and Israel Election: Twitter Suspended Dozens Of Hebrew-Language Accounts Run By A Strange Chinese Religious Sect
- If anyone should know about credential stuffing attacks, it would be Akamai.
- Last year it reported almost 30B attacks. That works out to hundreds of millions of them daily. The largest targets were video media and other entertainment companies. These attacks are on the rise thanks to automated construction kits that are sold online for just a few dollars per stolen credentials. Credential Stuffing: Attacks and Economies (pdf - Volume 5, Special Media Edition)
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.
- It is time for fintech regulators to accept the changing digital landscape, David Froud writes.
- There is no room for the status quo and it is time to realize that customers want access to their money wherever and whenever they please. FinTech vs The Status Quo
- Researchers have found a very sophisticated malware package called TajMahal.
- It is able to steal data from CDs, USB drives, browser cookies and print queues. It has been in operation for the past five years. This post dissects its operation. Project TajMahal – a sophisticated new APT framework
- Researchers have found new evidence of the Flame malware that was active between 2014-2016.
- Flame was thought to have disappeared, but it seems the hackers behind it have retooled their spyware kit and made it harder to detect. Researchers Uncover New Version of the Infamous Flame Malware
- I reported about pending legislation by the Russian government to wall-off their Internet access.
- Here is a nice visual explanation of how it can happen. The author reviews recent telemetry regarding the Russian search site Yandex. It shows either a coordinated DDoS attack or a test of the new Russian isolation technology. Yandex Packet Loss: DDoS or Russian Firewall?
- A new phishing attack has been observed with a very complex logic flow. It basically counts on users to unsubscribe to the message.
- As you can see in the screencap here the first paragraphs are actually an image, and you can view the details about the malicious unsubscribe link at the bottom. How Phishing Scams Are Evolving—And How Not to Get Caught
- Two WordPress plug-ins have had recent vulnerabilities discovered by researchers.
- More than 60,000 users of the WordPress Yuzo Related Posts plug-in are at risk thanks to a XSS bug, according to this post. The author could have fixed the code, but instead reported a proof-of-concept bug online. The plug-in was subsequently removed from the WordPress library. Another SQL injection bug was found with the Advanced Contact Form 7 DB plug-in. According to Sucuri, there haven’t been any reported actual exploits, and the vendor has come out with a fix with v. 1.6.1.This one has more than 40,000 users. This plugin was closed on March 30, 2019 and is no longer available for download. and HACKED! MAILGUN WORDPRESS SITE FALLS UNDER HACKERS ATTACK and SQL Injection in Advance Contact Form 7 DB
- Avanan analyzed more than 560,000 phished emails that evaded both Office 365 and Gmail filters.
- This represents about one percent of the total mail flow through its infrastructure. A third of the phishes were delivered by Office 365, most of which contained malware. The report shows the various methods used and how to spot them. How many phishing attacks bypass Office 365?
- After the Starwood breach, Symantec looked at the security of more than 1,500 hotel websites in 54 countries.
- It found two-thirds of them could be exploited for a similar data leak of guests’ data. The leaks could enable third-party services (such as advertisers) to login to a guest reservation and view personal details. Two in Three Hotel Websites Leak Guest Booking Details and Allow Access to Personal Data
- A new info stealer malware called Baldr has been observed.
- It is a well-crafted combination of Agressor for distribution, Overdot for sales and promotion, and LordOdin for development. It is a new type of stealer that operates as a ‘grab and go’ -- meaning it is harder to detect, more opportunistic, and goes after a wider range of potential targets. Say hello to Baldr, a new stealer on the market
- There is a new variant of Triton, and it appears to come from a Russian state-owned operation.
- Researchers have discovered an attack on another industrial network, targeting its process controls systems and devices. It seems the attackers have been using Triton since 2014 and have continued to refine its toolset, which deploys more than a dozen different components that are described in the post. They say there are probably other unidentified victims. TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping
- The Thai plant of the Japanese optical company Hoya was shut down by a malware attack in February.
- It was hit by a combination of an information stealer, DDoS and cryptominer. Cyber Attack Shuts Down Hoya Corp's Thailand Plant for Three Days
- Operation Wire Wire
- This post goes into detail about several cases of business email impersonation attacks, typically of corporate treasury officers who handle wire funds transfers. It also provides some tips to stop them, such as using two signature approvals and better email screening of these requests to filter out questionable ones. Business Email Compromise: Operation Wire Wire and New Attack Vectors
- A study found that half of IT executives have held back multiple times on doing security updates.
- The same percentage have had difficulty in explaining why being more resilient to digital threats is important. CIOs and CISOs hold off on crucial updates due to potential impact on business operations
- There are many different types of insider threats, according to researchers.
- Here are 11 different ways you can prevent them, such as better HR controls, better data access mechanisms and regular network vulnerability scans. Ignore the Insider Threat at Your Peril
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
