The Latest 24 Security breaches Worldwide – Week 15, 2019

The Latest 24 Security breaches Worldwide - Week 15, 2019

24 Security breaches Worldwide – Week 15, 2019

Be informed about the latest 24 Security breaches Worldwide, identified and reported publicly during Week 15, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.


  • A darkweb marketplace called Genesis is selling digital masks of end users to carding criminals.
    • These are used to defeat anti-fraud systems because they contain each victim’s online buying history, computer screen size, and other information from their browsers and cookies. One researcher calls this the next generation of carding after finding these transactions online. How crooks use your doppelgangers to pay with your card

  • The Exodus spyware originally developed for Android devices is now infecting iOS too.
    • This was accomplished by abusing the Apple Developer Enterprise program’s cert. It can access contacts, audio recordings, photos and videos from its victims. Apple neutralized the app once researchers published details about the malware. A powerful spyware app now targets iPhone owners


  • The front-end and open source web framework called Bootstrap-Sass has been infected with malware based on a compromised version of RubyGems.


  • Two WordPress-related malware strains have made the news.
    • The first is called the GoBrut botnet. It is a more dangerous variant of the ELF family that expands its attack surface to both Windows and Linux systems. Another exploit is with the WordPress Duplicate-Page plugin. It could affect 800,000 websites. If you use it, please update to v.3.4, which has the fix that prevents stolen data and potentially admin access to your site. GoBrut Botnet ELF Variant and New C2 Discovered and SQL Injection in Duplicate-Page WordPress Plugin

  • Dropbox has paid out bug bounties for hundreds of vulnerabilities, for a total of more than $300k.

  • This post describes how a company got hit with the IEncrypt ransomware and how it proceeded.
    • It all started with a phished email, and within a week attackers had gained control over the corporate network, encrypting files on hundreds of endpoints. The company paid the ransom and was able to decrypt its files. The post describes further forensic analysis that is worth reading IRESPONSE TO IENCRYPT


  • If anyone should know about credential stuffing attacks, it would be Akamai.

 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!