The Latest 15 Security breaches Worldwide – Week 18, 2019

The Latest 15 Security breaches Worldwide - Week 18, 2019

15 Security breaches Worldwide – Week 18, 2019

Be informed about the latest 15 Security breaches Worldwide, identified and reported publicly during Week 18, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.


  • Telemetry from their network traffic for the first quarter of this year show that businesses are still the prime targets of hackers.
    • Emotet and ransomware are growing. Also, the amount of hidden cryptomining has moved from individual users to corporate accounts has increased. All this means that overall user trust in business use of their private data has reached new lows. Cybercrime Tactics and Techniques 2019: Q1 Report

  • Another hacker is using GitHub projects to run scripts to collect credit cards skimmed by Magecart malware.
    • Hundreds of ecommerce websites running Magento are running these scripts, a situation which was discovered by security researchers and quickly removed by GitHub. That doesn’t stop the hackers from trying to inject new skimmer scripts. Make sure your CMS plug-ins are at current patch levels and check your user authentication records and policies. GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores


  • Telemetry from their network traffic for the first quarter of this year show that businesses are still the prime targets of hackers.
    • Emotet and ransomware are growing. Also, the amount of hidden cryptomining has moved from individual users to corporate accounts has increased. All this means that overall user trust in business use of their private data has reached new lows. Cybercrime Tactics and Techniques 2019: Q1 Report (pdf)

  • Varonis analyzed more than 700 custom risk assessments that looked more than 50B files.
    • They do this annually to spot trends and find data vulnerabilities. This year’s report had more than half the companies had over a thousand sensitive files that were available to every employee in the organization, and 15% of the companies had more than a million folders available to everyone. More than a third of users had non-expiring passwords, which is a big jump from last year’s report of only 10%. And more than half the companies had more than a thousand inactive user accounts. 2019_GLOBAL DATA RISK REPORT FROM THE VARONIS DATA LAB (pdf)

  • In advance of its anticipated IPO, Slack has filed its S-1 stating that cyber attacks by nation-state actors could be a major risk.

  • Another hacker is using GitHub projects to run scripts to collect credit cards skimmed by Magecart malware.
    • Hundreds of ecommerce websites running Magento are running these scripts, a situation which was discovered by security researchers and quickly removed by GitHub. That doesn’t stop the hackers from trying to inject new skimmer scripts. Make sure your CMS plug-ins are at current patch levels and check your user authentication records and policies. GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores

 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in last week.


  • A church has had $1.75M stolen using a phony email that purported to be from the church’s construction contractor.
    • This probably originated from a phished email that tricked staffers into sending the funds to the wrong account. The Saint Ambrose Catholic Parish in Ohio acknowledged the loss and asked the FBI to investigate. another catholic disaster


  • A report found that almost two million different webcams and smart doorbells have major vulnerabilities allowing hackers to spy on you.
    • Most of them are in China and the EU. The issue is that these devices are set to enable P2P remote access by default. Hundreds of brands are at risk, using a common component called iLinkP2P, developed by a Chinese vendor (and different from UPnP). You can check your UID prefix to see if your devices are in the list. At the very least, you should block outbound traffic on port 32100. Device vendors were notified back in January but never responded with any fixes. Security cameras vulnerable to hijacking

  • Italian and German users have been targets of new spam campaigns dubbed JasperLoader.

  • A new cryptojacking campaign is hitting Chinese users.
    • It is called Beapy and is based on NSA exploits and stolen credentials. It begins with a malicious email Excel attachment which has a DoublePulsar backdoor. Then a PowerShell command downloads the coinmining routine. Beapy: Cryptojacking Worm Hits Enterprises in China

  • Another new Windows backdoor is called ExtraPulsar, because it also uses the NSA’s DoublePulsar exploit for SMB v.1 file shares.

  • Researchers last week have found an online database containing particulars on 80M American households without any password protection.
    • It was taken offline yesterday. The data has personal details including occupants’ incomes and email addresses but not SSNs or payment card details, and a screenshot of a typical redacted record is shown here. The researchers believe it is the largest breach of such explicit information and could make it easier for ID thieves to impersonate you. It wasn’t clear who owned the data Report: Unknown Data Breach Exposes 80 Million US Households

  • You don’t often hear about how Macs can be infected with malware.
    • This post goes into details on using what is now called the WindShift exploit to malicious websites that download payloads to trigger a custom URL which results in downloading the actual malicious app. Middle East Cyber-Espionage

 


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!