The Latest 19 Security breaches Worldwide – Week 23, 2019

The Latest 19 Security breaches Worldwide - Week 23, 2019

19 Security breaches Worldwide – Week 23, 2019

Be informed about the latest 19 Security breaches Worldwide, identified and reported publicly during Week 23, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.


  • The Australian National University hacked again.
    • The university has been hit once again with another data breach. An estimated 200K student and staff data has been leaked, with data going back decades. Tax IDs, payroll and bank account details are part of the breach, but not credit card or medical data. Last July they had their first breach. Australian National University hit by huge data breach

  • Apple announced the SSO API “Sign in with Apple” as part of iOS 13, and it could be one of the biggest privacy wins in the platform’s history.
    • Users can employ their Apple ID credentials with full MFA support. The feature creates a unique and synthetic temporary email address for each sign in. This tracks any potential abuse, and also obviates the threat of abusing these synthetic addresses. If you receive spam to these addresses, you can just deactivate that address and choose another one. This also helps Apple app developers spot abuses too. But wait, there is more. Apple is also going to require apps with third-party sign-in options to implement this. Tim Cook gave an interview with “CBS Evening News” on night with more personal color about the feature, insisting that “we aren’t really taking a shot at” Facebook, Google, et al, but rather “focus[ing] on the user.” It will be available later this summer for beta tests. Apple CEO Tim Cook on iOS 13’s Sign In with Apple: ‘We’re Not Really Taking a Shot at Anybody’

  • A phishing scam has resulted in an Asian firm stealing more than €4.5M from the sporting organization Cricket Ireland.



  • Mailing Error for Inmediata, While Reporting Health Data Breach


  • Docker Hub Suffers a Data Breach, Asks Users to Reset Password

  • Two out of three hotels accidentally leak guests’ personal data
    • Two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec Corp on Wednesday. Symantec said Marriott was not included in the study.

 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.


  • Web-based ATM Magecart skimming software was found on AWS’ CloudFront servers.

  • Is Wajam a legitimate software vendor or a purveyor of malware?
    • Most likely the latter, and you might want to remove it from your endpoints ASAP. Here is the evidence, including using rootkits, purposeful obfuscation of its operations, and links to shady third-party adware vendors. How a Montreal-made “social search engine” application has managed to become widely-spread adware, while escaping consequences. Wajam: From start-up to massively-spread adware


  • The mail transfer agent Exim has a major security bug that enables remote command execution.
    • This software can be found in more than half of the email servers around the Internet and needs to be patched asap if you are running v. 4.87 to 4.91. The current version is 4.92, which only a small percentage of servers are running currently. Researchers inadvertently found the bug when this version fixed other issues. New RCE vulnerability impacts nearly half of the internet’s email servers


  • New malware called GoldBrute is trying to systematically force its way into the more than 2 million Microsoft RDP servers that can be found online.


  • Quest Diagnostics suffered a major data breach that began last August.

  • Hackers using two open source tools could possibly defeat MFA using a clever MITM attack scheme.
    • The tools, called Muraena and NecroBrowser, create reverse dynamic proxies that deliver the additional factors in real time using session cookies to dupe the authentication mechanisms into thinking the logins are legit. That is a lot to unpack, so review this post carefully. FIDO U2F hardware tokens still work properly, however. Phishing attacks that bypass 2-factor authentication are now easier to execute

  • The operators behind GranCrab are shutting down their ransomware-as-a-service operation by the end of the month.

 


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!