The Latest 27 Security breaches Worldwide – Week 16, 2019

The Latest 27 Security breaches Worldwide - Week 16, 2019

27 Security breaches Worldwide – Week 16, 2019

Be informed about the latest 27 Security breaches Worldwide, identified and reported publicly during Week 16, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.




  • OneLogin suffered two breaches within a year.
    • Here is the tale of how it owned up to its problems and recovered its customers’ trust. The company revealed the breach quickly, described the details of the attack and kept customers informed along the way. This could be used as a template for your own breach response playbook. How OneLogin responded to its breach and regained customer trust


  • Russians have been spoofing nearby GPS locations to major shipping lanes, military installations, VIP residences and intelligence offices.
    • In this encyclopedic 60-page report, the Center for Advanced Defense examines a variety of events that show their efforts are larger in scope and longer in duration than was previously suspected. Thousands of ship navigation systems have been affected. Exposing GPS Spoofing in Russia and Syria (pdf)

  • Researchers have found a new variant of Netwire.

  • If you are looking for a London flat on AirBnB, beware you might be looking at phishing pages that mimic the real website.



  • For the past nine years, three Romanian hackers ran a botnet that drove a massive online fraud enterprise netting more than $10M.


  • Major VPN vendors have been found to be at risk leaking private data.
    • The issue is how they store session cookies in log files or memory locations. Palo Alto Networks Global Protect, Cisco AnyConnect and Pulse Secure Connect are at list. Only Palo Alto has fixed their code and users should upgrade to v.4.1.1 asap. VPN applications insecurely store session cookies

 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in last week.




  • The source who calls itself Lab Dookhtegan used a Telegram channel to dump information about the OilRig hacking group.



  • MITM attacks are hard to detect when they leverage embedded browsers in apps.
    • The result is that bad actors can intercept your login credentials, which is typical the start of a phishing ploy. Google has announced they will block this path to prevent these kinds of compromises beginning in June. It recommends that app developers switch to browser-based OAuth authentication methods in the near future. Better protection against Man in the Middle phishing attacks

  • The Weather Channel was hit by a ransomware attack that took its live broadcast offline for more than an hour yesterday.

  • Security firm Verint was hit with a ransomware attack in its Israel offices.


  • Here is a new ransomware attack method called MegaLocker or NamPoHyu.
    • It uses cloud servers to remotely encrypt Samba file shares, leaving no residue on locally compromised PCs. It is using brute force password stuffing. There are more than half a million publicly available Samba servers, so they have a rich target surface. ‘NamPoHyu Virus’ Ransomware Targets Remote Samba Servers

  • Based on their own network telemetry, bad bots accounted for one-fifth of all internet traffic in 2018.
    • Finserv and ticketing sectors were the most often targeted, and half of the bot traffic is from the US. While bot traffic is slightly down, they continue to be a threat in numerous areas. Bad Bot Report 2019: The Bot Arms Race Continues (pdf)

  • The OilRig hacking group uses DNS tunneling to communicate with its command servers.

  • State-sponsored attacks are hijacking root DNS servers with increasing frequency, according to researchers.

  • Breach is at Chipotle, which hasn’t yet been fully acknowledged by the company.
    • Customers have posted on Reddit and Twitter, figuring it out thanks to some of them reporting password reuse. Chipotle says it could be the result of password stuffing, but that is questionable. It has no plans to roll out MFA requirements, however. Chipotle customers are saying their accounts have been hacked

 


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!