The Latest 18 Security breaches Worldwide – Week 22, 2019

The Latest 18 Security breaches Worldwide - Week 22, 2019

18 Security breaches Worldwide – Week 22, 2019

Be informed about the latest 18 Security breaches Worldwide, identified and reported publicly during Week 22, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.

  • One of the largest real estate title companies has been using extremely poor security for years.
    • One website operated by First American Financial Corp. had designed their database so that anyone who knew the URL for a valid document could view other documents easily. These documents contain SSNs, bank accounts, and other personal financial data. Hundreds of millions of files could have been accessed. The company acknowledged a “design defect” and removed the website to work on a fix. First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

  • ZScaler examined a month of itsr network telemetry in this report.
    • It shows the most frequently seen IoT device categories used by its enterprise customers and examine the transaction data for 10 specific types. Few IoT devices use SSL and most have outdated firmware and weak or nonexistent credentials. Also, despite attempts to eradicate it, Mirai is still very active. IoT in the Enterprise – An analysis of traffic and threats (pdf)

  • The Chinese state-sponsored hacking group APT10 is using new tricks in its malware, according to researchers.
    • They are based on JavaScript DLL side-loading techniques to help exfiltrate data and avoid detection. These malware families have a rich history of being used in many targeted attacks against government and private organizations. The activity surfaced in Southeast Asia, a region where APT10 frequently operates. UNCOVERING NEW ACTIVITY BY APT10


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.

  • The Pyramid Hotel Group has had a massive data leak lasting at least a month.
    • Compromised information included server API keys and passwords, IP addresses of incoming connections, malware alerts, restricted applications, login attempt records, application errors, security audit logs, which also include personally identifying information (PII) of employees of the affected companies, and go back as far as April 19, 2019 and other log data. Researchers using Shodan queries found it because of a compromise of the chain’s Wazuh IDS open source tool. Report: Security Platform Leaking Hotel Security Logs, Including Marriott Properties

  • A large collection of Instagram users’ data has been leaked online.

  • What do you do when your malware becomes the gift that just keeps on giving?
    • An automated attack, targeting poorly-protected Apache Tomcat servers, turns enterprise hardware into a high-end cryptominer. That was the case seen by Sophos researchers who tried repeatedly to eradicate a Tomcat server from the XMrig Monero cryptominer. Worms deliver cryptomining malware to web servers

  • Hackers had breached the network of Perceptics. Given the kind of data collected by these systems, it is a major breach.
    • The company is the major supplier of automated license plate reader technology for US Customs and operates at dozens of our border crossings. The company confirmed the breach but provided no specific details. Reporters at The Register broke the story and offered evidence that the stolen data appears to be legit. “The nature of the company’s business – border security data acquisition, commercial vehicle inspection, electronic toll collection and roadway monitoring – means that it’s likely to have a significant amount of sensitive information.” Maker of US border’s license-plate scanning tech ransacked by hacker, blueprints and files dumped online

  • The news aggregator Flipboard was breached and hackers stole user credentials from its servers.
    • The event went undetected for nine months and was only found after a second intrusion was discovered. The issue here is because of how the site operates, these credentials include links to social media and other accounts of each user. The company said it had not seen unauthorized access to third-party accounts. All passwords and third-party tokens have been reset as a precaution, even though not every user was impacted. NOTICE OF SECURITY INCIDENT

  • Researchers discovered in early April an unprotected Elasticsearch node on the Investment Week website.
    • Two weeks later, on 18 April 2019, they probed manually and found a database containing approximately 330,000 unprotected records of sensitive personal user information: Full names, Email addresses, Subscription information, City, Phone number, Company Country. The records contained unsalted, md5 hashed passwords. All passwords have been reset as a result. UK’s Investment Week data leak: 330k user records exposed and Potential data breach management

  • The drive-thru restaurant chain Checkers/Rally suffered a data breach.
    • Malware was placed on the payment processing system at more than 100 stores, which is about 15 percent of the total in the combined chain. The company posted the locations and time frames, and said possible payment card data could have been compromised. Some stores were breached in 2016. NOTICE OF DATA BREACH

  • More than half of malicious email spam sent during the first quarter was due to Emotet, according to analysis of Proofpoint’s network telemetry.

  • Using their own network telemetry, evidence of WannaCry’s penetration across the world is documented by security vendor Armis.
    • More than 3500 hourly attacks still happen, and more than 145,000 endpoints are still infected, two years from the initial attack. Cringe statistics: 103 countries still impacted Over + 145,000 devices worldwide are compromised + At least 3,500 successful WannaCry attacks per hour, worldwide + 22% of Internet service providers (ISPs) have customers impacted by WannaCry + 60% of manufacturing organizations and 40% of Healthcare organizations suffered a WannaCry attack in the past six monthsTwo Years In and WannaCry is Still Unmanageable



Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.