28 Security breaches Worldwide – Week 17, 2019
Be informed about the latest 28 Security breaches Worldwide, identified and reported publicly during Week 17, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- A popular WiFi locator app did more than just find hotspots.
- According to researchers, it also would copy users’ network passwords and transmit more than 2M of them to hackers. This database was found on a public server by security researchers. A hotspot finder app exposed 2 million Wi-Fi network passwords
- Here is a description of a new supply chain attack dubbed Operation ShadowHammer.
- It was seen at the beginning of the year. What is unique is how hackers were able to maintain the digital signatures of executable files that were phony ASUS updaters. Operation ShadowHammer: a high-profile supply chain attack
- The Intel Flashpoint website was hit earlier this month with a true WordPress zero-day attack.
- Here is their report of how they found it and remediated the site. Visitors were briefly redirected to a phony site serving up malware. After-Action Report: Flashpoint Remediation of 0-Day Exploit on Our Public-Facing Website
- A SQL injection attack has been discovered in a popular query tool from Laravel.
- The injection happens through the interaction of JSON and SQL command parsing. The software is patched with either v.1.16.1 or v.1.17.1, and users should upgrade. Serious SQL Injection vulnerability in laravel-query-builder
- The website bodybuilding.com received a phish back in July last year that eventually triggered a breach this past February.
- The company has more than a million members along with an e-commerce site. It acknowledged the leak of private customer data, although not any payment card numbers were divulged. All users’ passwords have been subsequently reset. DATA INCIDENT
- The source code of the Carbanak malware has been available on VirusTotal for the past two years.
- It was found only recently by researchers, and this week they begin taking apart the code and understanding the many complexities of how it works. The malware targeted banks and has successfully been used to steal more than $1B over time. This post is the first of a multi-part series. CARBANAK Week Part One: A Rare Occurrence
- The UK’s main cybersecurity agency has published a list of the top breached passwords.
- They used Troy Hunt’s Pwned list, and no surprise, 123456, 123456789 and qwerty headed the list. These passwords were found in tens of millions of instances. ‘123456’ Remains the World’s Most Breached Password
- Malware is getting more customized.
- Researchers have found odd executable formats that will only work with specific scripts and are usually ignored by scanners. It is called Ocean Lotus and from the Vietnamese hacking group APT32. It has some very creative obfuscation techniques. “Funky malware format” found in Ocean Lotus sample
- A researcher has found a bug in a Shopify API call that could be used for leaking transaction data.
- This ecommerce tool is used by more than 800,000 merchants all over the world. Thousands of them were vulnerable to this issue, and the vendor fixed it shortly after it was found last October. The researcher was denied any bounty payment due to how he conducted his analysis. How I gained access to revenue and traffic data of thousands of Shopify stores
- Researchers have found more than 60M LinkedIn user records on a series of public databases.
- Email IDs are included, along with work history and locations. Once journalists contacted Amazon, they were finally secured. It appears to belong to a third-party LinkedIn developer. Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data
- Researchers have seen a big increase in infected PDF attachments.
- They found with their global telemetry more than double the number of samples collected last year in just the first few months of 2019. SONICWALL DETECTS, REPORTS DRAMATIC RISE IN FRAUDULENT PDF FILES IN Q1 2019
- The hacker who accidentally stopped the spread of WannaCry has pled guilty to creating earlier banking malware.
- Marcus Hutchins has been under house arrest for several years while his case has wound its way through the courts. That malware was written when he was a teen, he is now 24. He originally faced ten charges and pled to two of them, expressing regret and accepting responsibility for his earlier actions. Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in last week.
- The Stuxnet story continues to unwind.
- New research from Google’s Chronicle unit found evidence of their early command server infrastructure, what they are calling Stuxshop. This ties the malware firmly to Flame, Duqu and other Equation Group (infographic in the link) activities. This adds to the theory that Stuxnet was in development since 2003. Revisiting the O.G. Threat Actor Supergroup
- This post explains how affiliate marketing scams work.
- It picks apart a sample campaign using two years’ worth of numerous scams for context. They all start out looking a bit dodgy before redirecting users to a malicious site. Takedowns and Adventures in Deceptive Affiliate Marketing
- This post is a good primer (i.e., suitable for management) about what is credential stuffing and how hackers pull off these sorts of exploits.
- You need three basic ingredients: leaked credentials, a special piece of parsing software, and a few proxy servers to perform the attacks. An inside look at how credential stuffing operations work
- The lineup of Black Hat briefings has been announced.
- They include explanations of the NSA’s Ghidra open source toolkit, desynch HTTP attacks, and a history of Project Zero. As usual, it will be held in Vegas the first week of August. Black Hat USA
- Oracle WebLogic has a nasty remote code execution bug that affects all versions of the software.
- The issue has to do with components that support specific operations and it could apply to more than 36,000 active users. It is a zero-day fault. To fix this, you will want to delete particular files that are at risk and set up appropriate access controls. The company is working on a patch. Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
- Examining all the Microsoft patches from 2018, 81% of them could have been prevented if administrator rights had been more carefully used.
- Critical vulnerabilities in Microsoft Edge have increased six-fold since its inception two years ago. These and other fun facts are from a new report that recommends a more careful approach to least privileged access controls. BeyondTrust Research Discovers that 81 Percent of Critical Microsoft Vulnerabilities Mitigated by Removing Admin Rights
- Microsoft patched an issue with its Windows 10 DHCP client last month.
- This post explains how a specific command could produce unexpected crashes by creating a zero-length domain name. AN RCE VULNERABILITY IN THE WINDOWS 10 DHCP CLIENT
- The creators of the Emotet malware are continuing with improvements.
- Researchers found a new infection method that uses compromised local devices as command proxies. This is just another mechanism for the malware to evade detection. Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers
- The Qbot banking Trojan continues to infect victims and was spotted last month.
- It uses a very targeted phishing campaign that looks like a reply to a previous email. It contains a keylogger among other tools to steal information. Its nearly ten-year history is documented in this post. Qbot Malware Dropped via Context-Aware Phishing Campaign
- The Euro manufacturing firm Aebi Schmid was hit by ransomware recently.
- The company, which makes airport maintenance vehicles among other things, took its Windows computers offline to repair them. Other details are still scarce. Manufacturing giant Aebi Schmidt hit by ransomware
- Hackers are increasingly using public cloud services to store their payloads and exfiltrate data from their victims.
- Their latest attempt is abusing Github projects. Researchers found the popular site involved in several phishing campaigns. The projects were quickly deleted. Threat actors abuse GitHub service to host a variety of phishing kits
- Various government finance agencies around the world have been hit with rigged versions of the TeamViewer app along with malicious Excel spreadsheets for at least the past year.
- Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer. FINTEAM: Trojanized TeamViewer Against Government Targets
- DDoS attacks are lasting longer with higher peak rates and overall volumes than ever before.
- Attacks of 50 Gbps and higher have increased by nearly ten times what was seen last year. And all of them mitigated by Neustar’s services are using multiple threat vectors too. This is from their 2019 Q1 trends report. New Cyber Threats Report Reveals that DDoS Attacks Still Challenging
- The ecommerce site for the Atlanta basketball Hawks was hit with the Magecart malware this week.
- It was found by a researcher and observed to be stealing names, addresses and credit card numbers of fans of the team. He continues to find at least 50 new instances of the malware daily, thanks to a custom search tool that he wrote. ATLANTA HAWKS SNIPED BY MAGECART
- The OilRig APT group, the threat actor behind the DNSpionage malware campaign, has rolled out a new variant called Karkoff.
- The malware looks for Avira and Avast AV before infecting the machine with a better RAT tool that is written in .Net and runs a backdoor service. It also creates a log file, making it easier to analyze its timeline. DNSpionage brings out the Karkoff
- RATs have been found targeting finserv companies.
- They are attributed to TA505, a Russian state-sponsored group. They start with phishing emails with malicious document attachments. New Tech: Digital Risk Protection, Q2 2018 (pdf)
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!