26 Security breaches Worldwide – Week 20, 2019
Be informed about the latest 26 Security breaches Worldwide, identified and reported publicly during Week 20, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- Hackers have breached nearly half a million accounts at the Uniqlo stores owned by the Japanese company Fast Retailing.
- Partial payment card data may be included, along with customer contact information. Users are encouraged to reset their passwords. It happened over several weeks beginning last month. Unauthorized Logins on Fast Retailing Online Store Websites due to List Type Account Hacking and Request to Change Password
- Researchers have found Plead malware-based backdoors are being distributed from compromised routers and can perform MitM attacks against Asus WebStorage sites.
- Most of these are located in Taiwan. Another post discusses how to protect against MitM attacks and shows the important role that proper TLS implementation plays in stopping them. Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage and Protecting against Man-In-The-Middle Attacks
- Researchers have found bugs in web server portals to Microsoft SharePoint that could allow remote code execution.
- It is being labeled China Chopper and admins should patch their all versions of their SharePoint servers going back to 2010 SP2. SharePoint servers under attack through CVE-2019-0604
- Researchers have also found bugs in the Anker Roav A1 Dashcam software that can allow code execution thanks to a variety of issues.
- Some remain unpatched. The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for Android and iOS so that the users can toggle settings and download videos from the dashcam, along with a host of other features. These vulnerabilities could be leveraged by an attacker to gain arbitrary code execution on affected devices. Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam
- The network of the Indiana Pacers basketball team was hit last fall and breached by a phishing attack.
- The team issued this notification last week and it contained many unanswered questions, such as why did they wait so long, what data was divulged, and why did the breach continue for weeks after it was first discovered. NOTICE OF DATA INCIDENT
- US-CERT has posted a detailed analysis of an executable file found to be infected with the North Korean Lazarus group’s ElectricFish malware.
- The software can connect to systems remotely, even behind proxy servers, and steal credentials. Malware Analysis Report – North Korean Tunneling Tool: ELECTRICFISH
- Hackers used phishing scams to steal funds from about 100 Amazon sellers’ payment accounts in the UK.
- This happened last year over a period of six months’ time. The total amount stolen wasn’t made public. Amazon Hit by Extensive Fraud With Hackers Siphoning Merchant Funds
- A Russian hacking group called Fxmsp has stolen the source code from three of the major AV software vendors.
- They are selling it online for $300k. Other researchers confirm the code appears legit. Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies
- Researchers have discovered a new variant of the KPOT Stealer malware.
- It employs features to avoid detection and silently steal user credentials, including the ability to uninstall itself without a trace. New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials
- Beware of the fake VPN software called Pirate Chick.
- It is installed from adware and contains the Azorult data stealer on systems. It looks legit, with its free trial period and digital cert, but these are just ploys. Fake Pirate Chick VPN Pushed AZORult Info Stealing Trojan
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- The South Carolina company Micfo used numerous shell companies and aliases to secure more than 700,000 IP addresses from the ARIN registrar.
- Micfo, which resold the addresses to spammers, had the audacity to sue ARIN, but lost the case and was ordered to pay $350,000 in legal fees. Over 757K Fraudulently Obtained IPv4 Addresses Revoked by ARIN
- Members of an international cybercriminal syndicate supposedly responsible for creating the GozNym malware have been arrested and charged with stealing $100 million from more than 41,000 victims.
- The group combined two banking Trojans and operated for more than a year, starting in October 2015. The arrests were carried out in several eastern European countries, involving several different federal law enforcement agencies. Suspected members of the GozNym cybercrime network have been charged in relation to the organised and automated theft of tens of thousands of people’s sensitive personal and financial information. IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF PENNSYLVANIA (pdf) and $100 million GozNym cybercrime network dismantled as suspects charged
- Steganography, or hiding data inside images, is very well-known.
- What is less known is using this method to hide malware executables. Researchers have found .Net-based code samples that are used to avoid detection as the first malware stage. This post shows how the image files are constructed, so that you can watch out for this attack vector. Pretty Pictures Sometimes Disguise Ugly Executables
- The network of the Red Cross in Singapore has been breached and personal data of 4,000 potential blood donors has been leaked online.
- It is the third such leak in the past year in the city-state. Red Cross website hacked in latest Singapore cyber attack
- A bug in the WP Live Chat WordPress plug-in could allow script injections.
- It has been fixed with v.8.0.27 but could affect more than 60,000 users. Persistent Cross-site Scripting in WP Live Chat Support Plugin
- A UK-based private parking lot manager is being used as the lure for a new phishing scam that copies its website and email notifications.
- These campaigns are generally very well done & use sites that resemble strongly the genuine UKPC Appeals site ukpcappeals.co.uk. Gootkit banking Trojan via Fake UKPC parking penalty appeals
- These campaigns are generally very well done & use sites that resemble strongly the genuine UKPC Appeals site ukpcappeals.co.uk. Gootkit banking Trojan via Fake UKPC parking penalty appeals
- The NY-based firm Proven Data Recovery regularly made ransom payments to SamSam hackers over more than a year, research has shown.
- These payments eventually were delivered to Iranians running various high-profile ransomware scams. They are just one of many “payment mills” that are documented in this report. THE TRADE
SECRET – Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
- These payments eventually were delivered to Iranians running various high-profile ransomware scams. They are just one of many “payment mills” that are documented in this report. THE TRADE
- A new side channel attack on Intel CPUs called ZombieLoad has been discovered by EU-based academic researchers.
- It shares some lineage with Spectre and Meltdown, and affects all computers running on any x86 chipsets. It isn’t easy to exploit, but Microsoft has issued a patch, along with a script to run to test if your CPU is vulnerable. The linked document explains it in detail. Watch out! Your processor resurrects your private browsing-history and other sensitive data and Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities and How to test MDS (Zombieload) patch status on Windows systems and Yet Another Meltdown – A Microarchitectural Fill Buffer Data Sampling Vulnerability (CVE-2018-12130).
- Here is a profile of the hacking group behind Emotet called TA542.
- This malware has been operating a lethal botnet that has been part of numerous recent large-scale attacks. It discusses its favorite targets, timeline and other details. Threat Actor Profile: TA542, From Banker to Malware Distribution Service
- Passport and personal data for more than 2M Russians has been leaked online.
- The leak stems from multiple government sources including the Russian SNILS (equivalent to our SSNs), emails and tax IDs. Government agencies were notified by a security researcher months ago but ignored warnings, claiming this data was public property anyway. Russian government sites leak passport and personal data for 2.25 million users
- The mobile provider Boost Mobile has acknowledged a breach in March recently.
- The notification is short on details, but the company sent automatic PIN resets to affected customers. Boost Mobile hacked
- The Korean state-sponsored hacking group ScarCruft continues to improve its malware and is investigated further in this post.
- One unique feature is a Bluetooth harvesting routine. ScarCruft continues to evolve, introduces Bluetooth harvester
- Chinese government officials have constructed mobile apps for mass surveillance of its citizens.
- This report documents how these apps work and why they violate privacy and free movement international laws. China’s Algorithms of Repression – Reverse Engineering a Xinjiang Police Mass Surveillance App
- The Israeli spyware vendor NSO Group has been leveraging a buffer overflow vulnerability in WhatsApp that allows hackers remote code execution on users’ phones.
- The victims don’t necessarily have to answer a call, which then disappears from call logs. Users should update their software immediately to prevent this. (The patch doesn’t explicitly state this bug as a reason to update.) Affected phones of several high-profile victims were cited in the report, including a human rights lawyer. WhatsApp vulnerability exploited to infect phones with Israeli spyware
- Picreel and the open source Alpaca Forms project have both suffered a supply chain breach with infected code.
- The code has been found collectively in more than 4,000 websites. Picreel tracks very detailed visitor interaction, like mouse movement and page scrolling. Alpaca is a JScript-based forms provider. Alpaca quickly took down its servers with the malware. Hackers are collecting payment details, user passwords from 4,600 sites
- Researchers have found two major bugs in Cisco’s IOS router operating system.
- One would allow a hacker to remotely obtain root access to the devices. Also another bug can defeat the Trust Anchor feature on hundreds of millions of Cisco units around the world. Cisco has announced a patch, although there is no evidence that the technique is being used. Cisco Secure Boot Hardware Tampering Vulnerability and Thrangrycat
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
