The Latest 24 Security breaches Worldwide – Week 15, 2019

The Latest 24 Security breaches Worldwide - Week 15, 2019

24 Security breaches Worldwide – Week 15, 2019

Be informed about the latest 24 Security breaches Worldwide, identified and reported publicly during Week 15, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.


  • A darkweb marketplace called Genesis is selling digital masks of end users to carding criminals.
    • These are used to defeat anti-fraud systems because they contain each victim’s online buying history, computer screen size, and other information from their browsers and cookies. One researcher calls this the next generation of carding after finding these transactions online. How crooks use your doppelgangers to pay with your card

  • The Exodus spyware originally developed for Android devices is now infecting iOS too.
    • This was accomplished by abusing the Apple Developer Enterprise program’s cert. It can access contacts, audio recordings, photos and videos from its victims. Apple neutralized the app once researchers published details about the malware. A powerful spyware app now targets iPhone owners


  • The front-end and open source web framework called Bootstrap-Sass has been infected with malware based on a compromised version of RubyGems.


  • Two WordPress-related malware strains have made the news.
    • The first is called the GoBrut botnet. It is a more dangerous variant of the ELF family that expands its attack surface to both Windows and Linux systems. Another exploit is with the WordPress Duplicate-Page plugin. It could affect 800,000 websites. If you use it, please update to v.3.4, which has the fix that prevents stolen data and potentially admin access to your site. GoBrut Botnet ELF Variant and New C2 Discovered and SQL Injection in Duplicate-Page WordPress Plugin

  • Dropbox has paid out bug bounties for hundreds of vulnerabilities, for a total of more than $300k.

  • This post describes how a company got hit with the IEncrypt ransomware and how it proceeded.
    • It all started with a phished email, and within a week attackers had gained control over the corporate network, encrypting files on hundreds of endpoints. The company paid the ransom and was able to decrypt its files. The post describes further forensic analysis that is worth reading IRESPONSE TO IENCRYPT


  • If anyone should know about credential stuffing attacks, it would be Akamai.

 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.


  • It is time for fintech regulators to accept the changing digital landscape, David Froud writes.
    • There is no room for the status quo and it is time to realize that customers want access to their money wherever and whenever they please. FinTech vs The Status Quo

  • Researchers have found a very sophisticated malware package called TajMahal.


  • I reported about pending legislation by the Russian government to wall-off their Internet access.
    • Here is a nice visual explanation of how it can happen. The author reviews recent telemetry regarding the Russian search site Yandex. It shows either a coordinated DDoS attack or a test of the new Russian isolation technology. Yandex Packet Loss: DDoS or Russian Firewall?

  • A new phishing attack has been observed with a very complex logic flow. It basically counts on users to unsubscribe to the message.

  • Two WordPress plug-ins have had recent vulnerabilities discovered by researchers.
    • More than 60,000 users of the WordPress Yuzo Related Posts plug-in are at risk thanks to a XSS bug, according to this post. The author could have fixed the code, but instead reported a proof-of-concept bug online. The plug-in was subsequently removed from the WordPress library. Another SQL injection bug was found with the Advanced Contact Form 7 DB plug-in. According to Sucuri, there haven’t been any reported actual exploits, and the vendor has come out with a fix with v. 1.6.1.This one has more than 40,000 users. This plugin was closed on March 30, 2019 and is no longer available for download. and HACKED! MAILGUN WORDPRESS SITE FALLS UNDER HACKERS ATTACK and SQL Injection in Advance Contact Form 7 DB

  • Avanan analyzed more than 560,000 phished emails that evaded both Office 365 and Gmail filters.
    • This represents about one percent of the total mail flow through its infrastructure. A third of the phishes were delivered by Office 365, most of which contained malware. The report shows the various methods used and how to spot them. How many phishing attacks bypass Office 365?


  • A new info stealer malware called Baldr has been observed.
    • It is a well-crafted combination of Agressor for distribution, Overdot for sales and promotion, and LordOdin for development. It is a new type of stealer that operates as a ‘grab and go’ — meaning it is harder to detect, more opportunistic, and goes after a wider range of potential targets. Say hello to Baldr, a new stealer on the market

  • There is a new variant of Triton, and it appears to come from a Russian state-owned operation.
    • Researchers have discovered an attack on another industrial network, targeting its process controls systems and devices. It seems the attackers have been using Triton since 2014 and have continued to refine its toolset, which deploys more than a dozen different components that are described in the post. They say there are probably other unidentified victims. TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping


  • Operation Wire Wire
    • This post goes into detail about several cases of business email impersonation attacks, typically of corporate treasury officers who handle wire funds transfers. It also provides some tips to stop them, such as using two signature approvals and better email screening of these requests to filter out questionable ones. Business Email Compromise: Operation Wire Wire and New Attack Vectors


  • There are many different types of insider threats, according to researchers.

 


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!