19 Security breaches Worldwide - Week 23, 2019
Be informed about the latest 19 Security breaches Worldwide, identified and reported publicly during Week 23, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- The Australian National University hacked again.
- The university has been hit once again with another data breach. An estimated 200K student and staff data has been leaked, with data going back decades. Tax IDs, payroll and bank account details are part of the breach, but not credit card or medical data. Last July they had their first breach. Australian National University hit by huge data breach
- Apple announced the SSO API “Sign in with Apple” as part of iOS 13, and it could be one of the biggest privacy wins in the platform’s history.
- Users can employ their Apple ID credentials with full MFA support. The feature creates a unique and synthetic temporary email address for each sign in. This tracks any potential abuse, and also obviates the threat of abusing these synthetic addresses. If you receive spam to these addresses, you can just deactivate that address and choose another one. This also helps Apple app developers spot abuses too. But wait, there is more. Apple is also going to require apps with third-party sign-in options to implement this. Tim Cook gave an interview with "CBS Evening News" on night with more personal color about the feature, insisting that “we aren’t really taking a shot at” Facebook, Google, et al, but rather “focus[ing] on the user.” It will be available later this summer for beta tests. Apple CEO Tim Cook on iOS 13's Sign In with Apple: 'We're Not Really Taking a Shot at Anybody'
- A phishing scam has resulted in an Asian firm stealing more than €4.5M from the sporting organization Cricket Ireland.
- Details are scarce, but it appears to be the result of a phony invoice. The organization has asked for a loan to pay its bills. Cricket Ireland hit by 'six-figure' cyber fraud
- A new and complex collection of malware has been discovered called BlackSquid.
- It can evade sandbox and VM detection and uses EternalBlue and other exploits to penetrate networks. The end result is the XMRing cryptominer. BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
- Last month another open Elasticsearch data repository was found.
- This one belonged to the University of Chicago Medical Center and contained philanthropic donors, including emails and “wealth info and status.” It was secured within two days’ time. The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
- Mailing Error for Inmediata, While Reporting Health Data Breach
- Patients impacted by Inmediata Health Group’s web exposure breach are reportedly receiving multiple breach notification letters, some addressed to other patients. 1.5M Patients Impacted by Inmediata Breach, Mailing Issue
- Massive data breach exposes ages, addresses, income on 80 million U.S. families
- It is scary enough that a team of Israeli security researchers discovered a massive unprotected database with the full names, ages, income brackets and marital status on more than 80 million U.S. households. Massive data breach exposes ages, addresses, income on 80 million U.S. families
- Docker Hub Suffers a Data Breach, Asks Users to Reset Password
- Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub Suffers a Data Breach, Asks Users to Reset Password
- Two out of three hotels accidentally leak guests' personal data
- Two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec Corp on Wednesday. Symantec said Marriott was not included in the study.
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- Web-based ATM Magecart skimming software was found on AWS’ CloudFront servers.
- Injected JavaScript libraries used two levels of encoding (hex followed by Base64) to hide payloads from detection. This type of hosting makes for ready distribution of the malware, too. Magecart skimmers found on Amazon CloudFront CDN
- Is Wajam a legitimate software vendor or a purveyor of malware?
- Most likely the latter, and you might want to remove it from your endpoints ASAP. Here is the evidence, including using rootkits, purposeful obfuscation of its operations, and links to shady third-party adware vendors. How a Montreal-made "social search engine" application has managed to become widely-spread adware, while escaping consequences. Wajam: From start-up to massively-spread adware
- Researchers found a very targeted campaign that brought together a series of unrelated open source malware components they dubbed "Frankenstein."
- The campaign was active the first four months of 2019 and had numerous obfuscation techniques too. It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign
- The mail transfer agent Exim has a major security bug that enables remote command execution.
- This software can be found in more than half of the email servers around the Internet and needs to be patched asap if you are running v. 4.87 to 4.91. The current version is 4.92, which only a small percentage of servers are running currently. Researchers inadvertently found the bug when this version fixed other issues. New RCE vulnerability impacts nearly half of the internet's email servers
- German cyber-security agency warns against buying or using four low-end smartphone models.
- The German Federal Office for Information Security (BSI) has issued security alerts today warning about dangerous backdoor malware found embedded in the firmware of at least four smartphone models sold in the country. Impacted models include the Doogee BL7000, the M-Horse Pure 1, the Keecoo P11, and the VKworld Mix Plus (malware present in the firmware, but inactive). All four are low-end Android smartphones. Germany: Backdoor found in four smartphone models; 20,000 users infected and Google confirms that advanced backdoor came preinstalled on Android devices
- New malware called GoldBrute is trying to systematically force its way into the more than 2 million Microsoft RDP servers that can be found online.
- It isn’t very sophisticated, in that it is just on a recon phase and isn’t doing any damage... yet. New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers
- Yet another backdoor has been found, this time being delivered via well-known Microsoft Office vulnerabilities.
- It is called Hawkball and it uses the MS Equation Editor to drop malware onto your endpoint. It has been seen in Central Asian networks. Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
- Quest Diagnostics suffered a major data breach that began last August.
- Almost 12M customers could be at risk, thanks to a leak in one of their third-party billing providers, the American Medical Collection Agency. Banking data and SSNs could be part of the breach but not lab test results. Quest had another breach three years ago. Quest Diagnostics says 11.9 million patients affected by data breach
- Hackers using two open source tools could possibly defeat MFA using a clever MITM attack scheme.
- The tools, called Muraena and NecroBrowser, create reverse dynamic proxies that deliver the additional factors in real time using session cookies to dupe the authentication mechanisms into thinking the logins are legit. That is a lot to unpack, so review this post carefully. FIDO U2F hardware tokens still work properly, however. Phishing attacks that bypass 2-factor authentication are now easier to execute
- The operators behind GranCrab are shutting down their ransomware-as-a-service operation by the end of the month.
- The service has been losing customers, even though it was one of the most active infections over the past year. The group claims to have extorted a total of two billion dollars from its victims. GandCrab creators plan to end its operations soon
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
