The Latest 28 Security breaches Worldwide – Week 17, 2019

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in last week.

• The Stuxnet story continues to unwind.
  • New research from Google’s Chronicle unit found evidence of their early command server infrastructure, what they are calling Stuxshop. This ties the malware firmly to Flame, Duqu and other Equation Group (infographic in the link) activities. This adds to the theory that Stuxnet was in development since 2003. Revisiting the O.G. Threat Actor Supergroup

• This post explains how affiliate marketing scams work.
  • It picks apart a sample campaign using two years’ worth of numerous scams for context. They all start out looking a bit dodgy before redirecting users to a malicious site. Takedowns and Adventures in Deceptive Affiliate Marketing

• This post is a good primer (i.e., suitable for management) about what is credential stuffing and how hackers pull off these sorts of exploits.
  • You need three basic ingredients: leaked credentials, a special piece of parsing software, and a few proxy servers to perform the attacks. An inside look at how credential stuffing operations work

• The lineup of Black Hat briefings has been announced.
  • They include explanations of the NSA’s Ghidra open source toolkit, desynch HTTP attacks, and a history of Project Zero. As usual, it will be held in Vegas the first week of August. Black Hat USA

• Oracle WebLogic has a nasty remote code execution bug that affects all versions of the software.
  • The issue has to do with components that support specific operations and it could apply to more than 36,000 active users. It is a zero-day fault. To fix this, you will want to delete particular files that are at risk and set up appropriate access controls. The company is working on a patch. Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert

• Examining all the Microsoft patches from 2018, 81% of them could have been prevented if administrator rights had been more carefully used.
  • Critical vulnerabilities in Microsoft Edge have increased six-fold since its inception two years ago. These and other fun facts are from a new report that recommends a more careful approach to least privileged access controls. BeyondTrust Research Discovers that 81 Percent of Critical Microsoft Vulnerabilities Mitigated by Removing Admin Rights

• Microsoft patched an issue with its Windows 10 DHCP client last month.
  • This post explains how a specific command could produce unexpected crashes by creating a zero-length domain name. AN RCE VULNERABILITY IN THE WINDOWS 10 DHCP CLIENT

• The creators of the Emotet malware are continuing with improvements.
  • Researchers found a new infection method that uses compromised local devices as command proxies. This is just another mechanism for the malware to evade detection. Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers

• The Qbot banking Trojan continues to infect victims and was spotted last month.
  • It uses a very targeted phishing campaign that looks like a reply to a previous email. It contains a keylogger among other tools to steal information. Its nearly ten-year history is documented in this post. Qbot Malware Dropped via Context-Aware Phishing Campaign

• The Euro manufacturing firm Aebi Schmid was hit by ransomware recently.
  • The company, which makes airport maintenance vehicles among other things, took its Windows computers offline to repair them. Other details are still scarce. Manufacturing giant Aebi Schmidt hit by ransomware

• Hackers are increasingly using public cloud services to store their payloads and exfiltrate data from their victims.
  • Their latest attempt is abusing Github projects. Researchers found the popular site involved in several phishing campaigns. The projects were quickly deleted. Threat actors abuse GitHub service to host a variety of phishing kits

• Various government finance agencies around the world have been hit with rigged versions of the TeamViewer app along with malicious Excel spreadsheets for at least the past year.
  • Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer. FINTEAM: Trojanized TeamViewer Against Government Targets

• DDoS attacks are lasting longer with higher peak rates and overall volumes than ever before.
  • Attacks of 50 Gbps and higher have increased by nearly ten times what was seen last year. And all of them mitigated by Neustar’s services are using multiple threat vectors too. This is from their 2019 Q1 trends report. New Cyber Threats Report Reveals that DDoS Attacks Still Challenging

• The ecommerce site for the Atlanta basketball Hawks was hit with the Magecart malware this week.
  • It was found by a researcher and observed to be stealing names, addresses and credit card numbers of fans of the team. He continues to find at least 50 new instances of the malware daily, thanks to a custom search tool that he wrote. ATLANTA HAWKS SNIPED BY MAGECART

• The OilRig APT group, the threat actor behind the DNSpionage malware campaign, has rolled out a new variant called Karkoff.
  • The malware looks for Avira and Avast AV before infecting the machine with a better RAT tool that is written in .Net and runs a backdoor service. It also creates a log file, making it easier to analyze its timeline. DNSpionage brings out the Karkoff

• RATs have been found targeting finserv companies.
  • They are attributed to TA505, a Russian state-sponsored group. They start with phishing emails with malicious document attachments. New Tech: Digital Risk Protection, Q2 2018 (pdf)