28 Security breaches Worldwide – Week 17, 2019
Be informed about the latest 28 Security breaches Worldwide, identified and reported publicly during Week 17, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- A popular WiFi locator app did more than just find hotspots.
- According to researchers, it also would copy users’ network passwords and transmit more than 2M of them to hackers. This database was found on a public server by security researchers. A hotspot finder app exposed 2 million Wi-Fi network passwords
- Here is a description of a new supply chain attack dubbed Operation ShadowHammer.
- It was seen at the beginning of the year. What is unique is how hackers were able to maintain the digital signatures of executable files that were phony ASUS updaters. Operation ShadowHammer: a high-profile supply chain attack
- The Intel Flashpoint website was hit earlier this month with a true WordPress zero-day attack.
- Here is their report of how they found it and remediated the site. Visitors were briefly redirected to a phony site serving up malware. After-Action Report: Flashpoint Remediation of 0-Day Exploit on Our Public-Facing Website
- A SQL injection attack has been discovered in a popular query tool from Laravel.
- The injection happens through the interaction of JSON and SQL command parsing. The software is patched with either v.1.16.1 or v.1.17.1, and users should upgrade. Serious SQL Injection vulnerability in laravel-query-builder
- The website bodybuilding.com received a phish back in July last year that eventually triggered a breach this past February.
- The company has more than a million members along with an e-commerce site. It acknowledged the leak of private customer data, although not any payment card numbers were divulged. All users’ passwords have been subsequently reset. DATA INCIDENT
- The source code of the Carbanak malware has been available on VirusTotal for the past two years.
- It was found only recently by researchers, and this week they begin taking apart the code and understanding the many complexities of how it works. The malware targeted banks and has successfully been used to steal more than $1B over time. This post is the first of a multi-part series. CARBANAK Week Part One: A Rare Occurrence
- The UK’s main cybersecurity agency has published a list of the top breached passwords.
- They used Troy Hunt’s Pwned list, and no surprise, 123456, 123456789 and qwerty headed the list. These passwords were found in tens of millions of instances. ‘123456’ Remains the World’s Most Breached Password
- Malware is getting more customized.
- Researchers have found odd executable formats that will only work with specific scripts and are usually ignored by scanners. It is called Ocean Lotus and from the Vietnamese hacking group APT32. It has some very creative obfuscation techniques. “Funky malware format” found in Ocean Lotus sample
- A researcher has found a bug in a Shopify API call that could be used for leaking transaction data.
- This ecommerce tool is used by more than 800,000 merchants all over the world. Thousands of them were vulnerable to this issue, and the vendor fixed it shortly after it was found last October. The researcher was denied any bounty payment due to how he conducted his analysis. How I gained access to revenue and traffic data of thousands of Shopify stores
- Researchers have found more than 60M LinkedIn user records on a series of public databases.
- Email IDs are included, along with work history and locations. Once journalists contacted Amazon, they were finally secured. It appears to belong to a third-party LinkedIn developer. Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data
- Researchers have seen a big increase in infected PDF attachments.
- They found with their global telemetry more than double the number of samples collected last year in just the first few months of 2019. SONICWALL DETECTS, REPORTS DRAMATIC RISE IN FRAUDULENT PDF FILES IN Q1 2019
- The hacker who accidentally stopped the spread of WannaCry has pled guilty to creating earlier banking malware.
- Marcus Hutchins has been under house arrest for several years while his case has wound its way through the courts. That malware was written when he was a teen, he is now 24. He originally faced ten charges and pled to two of them, expressing regret and accepting responsibility for his earlier actions. Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in last week.