26 Security breaches Worldwide – Week 20, 2019
Be informed about the latest 26 Security breaches Worldwide, identified and reported publicly during Week 20, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- Hackers have breached nearly half a million accounts at the Uniqlo stores owned by the Japanese company Fast Retailing.
- Partial payment card data may be included, along with customer contact information. Users are encouraged to reset their passwords. It happened over several weeks beginning last month. Unauthorized Logins on Fast Retailing Online Store Websites due to List Type Account Hacking and Request to Change Password
- Researchers have found Plead malware-based backdoors are being distributed from compromised routers and can perform MitM attacks against Asus WebStorage sites.
- Most of these are located in Taiwan. Another post discusses how to protect against MitM attacks and shows the important role that proper TLS implementation plays in stopping them. Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage and Protecting against Man-In-The-Middle Attacks
- Researchers have found bugs in web server portals to Microsoft SharePoint that could allow remote code execution.
- It is being labeled China Chopper and admins should patch their all versions of their SharePoint servers going back to 2010 SP2. SharePoint servers under attack through CVE-2019-0604
- Researchers have also found bugs in the Anker Roav A1 Dashcam software that can allow code execution thanks to a variety of issues.
- Some remain unpatched. The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for Android and iOS so that the users can toggle settings and download videos from the dashcam, along with a host of other features. These vulnerabilities could be leveraged by an attacker to gain arbitrary code execution on affected devices. Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam
- The network of the Indiana Pacers basketball team was hit last fall and breached by a phishing attack.
- The team issued this notification last week and it contained many unanswered questions, such as why did they wait so long, what data was divulged, and why did the breach continue for weeks after it was first discovered. NOTICE OF DATA INCIDENT
- US-CERT has posted a detailed analysis of an executable file found to be infected with the North Korean Lazarus group’s ElectricFish malware.
- The software can connect to systems remotely, even behind proxy servers, and steal credentials. Malware Analysis Report – North Korean Tunneling Tool: ELECTRICFISH
- Hackers used phishing scams to steal funds from about 100 Amazon sellers’ payment accounts in the UK.
- This happened last year over a period of six months’ time. The total amount stolen wasn’t made public. Amazon Hit by Extensive Fraud With Hackers Siphoning Merchant Funds
- A Russian hacking group called Fxmsp has stolen the source code from three of the major AV software vendors.
- They are selling it online for $300k. Other researchers confirm the code appears legit. Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies
- Researchers have discovered a new variant of the KPOT Stealer malware.
- It employs features to avoid detection and silently steal user credentials, including the ability to uninstall itself without a trace. New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials
- Beware of the fake VPN software called Pirate Chick.
- It is installed from adware and contains the Azorult data stealer on systems. It looks legit, with its free trial period and digital cert, but these are just ploys. Fake Pirate Chick VPN Pushed AZORult Info Stealing Trojan
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.