15 Security breaches Worldwide - Week 24, 2019
Be informed about the latest 15 Security breaches Worldwide, identified and reported publicly during Week 24, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- What appears to be a new campaign using some elements of the Necurs botnet and DNS compromises has been seen in the UK.
- It recycles other well-known methods, such as bulk domain purchases to appear more legit. It looks like another DNS compromise hack happening
- Consumer Reports, with the help of a $6M grant from Craigslist founder Craig Newmark, is launched a new digital testing lab to better examine privacy and security issues with new products.
- An earlier effort uncovered security bugs in Samsung smart TVs that were subsequently corrected. Consumer Reports Launches New Digital Lab
- Scammers and spammers have been abusing various Google services.
- Here is a compilation, including using messages that appear to originate from Calendar notifications, fake entries in Photos, Forms used to harvest credentials and more. How spammers use Google services
- Azure is inadvertently hosting a bitcoin phishing scheme.
- It uses a phony "verify your identity" message that just harvests your credentials. This researcher complains that reporting scam sites isn't easy, and Microsoft should simplify the process if it wants to stamp out these scammers. Bitcoin verify your Identity phishing scam hosted on Microsoft Azure hosting
- Google had two important security announcements this week.
- First, they have created a more granular API for Chrome extensions to limit their requests into your private data. Second, phones running Android v7 or above now have a built-in MFA tool. Both business and individual users with Google Accounts can use their phones to verify their logins as another physical security key. You’ll need to enable Bluetooth and also download the Google Smart Lock app. The latest news and insights from Google on security and safety on the Internet
- The Mirai botnet has been seen with a series of enhancements that make it more lethal.
- Researchers found new intended targets, including wireless presentation systems and smart home controllers. The new code also exploits Dell Kace and Oracle WebLogic servers with remote code execution attacks. New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices
- A new take on Rowhammer has been developed by academic researchers.
- They call it RAMBleed. It can break into RAM storage and hackers can lift your encryption keys. Dan Goodin at Ars provides more context and why error-correcting memory doesn't matter. Researchers use Rowhammer bit flips to steal 2048-bit crypto key
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- A single phishing email resulted in one check being written to the hacker for more than half a million dollars by the City of Burlington, Ontario.
- This shows the need for better treasury security and multiple signatories, along with improvement phishing awareness training. To that end, perhaps it is time for another review of the best and worst phishing examples by the SSL Store. City of Burlington defrauded out of $503,000 due to phishing scam and Phishing Email Examples: The best & worst
- A hacking group that previously was targeting control systems in the oil and gas industry has branched out to focus on electric utilities.
- It is called Xenotime and while it hasn’t yet successfully penetrated any utilities it has been very actively looking for entry points in safety control systems. The post contains a few tips to improve detection. Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas
- A survey of international infosec practitioners has found the top three threat actors remain cybercriminals, hackers and nonmalicious insiders.
- It also found that cybercrime may be vastly underreported, and ransomware attacks have nearly doubled. New Study Reveals Cybercrime May Be Widely Underreported—Even When Laws Mandate Disclosure
- This report reviews what is happening in Vietnam and how heavy-handed government censorship, state-sponsored hacking and cybercriminals are all flourishing.
- The report tracks the efforts of OceanLotus (APT32) and its watering hole attacks against Vietnamese and Cambodian media outlets on behalf of the state. Threat Brief: The Rising Vietnamese Cybercriminal Landscape (pdf)
- Last Thursday, a European ISP had a BGP routing error that was exploited for several hours by China Telecom.
- This meant Internet traffic that was meant for the EU was instead routed through Chinese networks. It isn’t clear if this was an intentional effort to spy on this traffic by the Chinese or just another human error. “Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications.” Large European Routing Leak Sends Traffic Through China Telecom
- Researchers at Ben Gurion University have used AI to create an attack that can autonomously generate keystroke commands in the user’s style.
- Called Malboard, it can inject the keystrokes as malicious software and evade detection. It worked successfully with USB keyboards from Microsoft, Lenovo and Dell. Malboard: A novel user keystroke impersonation attack and trusted detection framework based on side-channel analysis
- In September, the next phase of the EU’s PSD2 directives go into effect, called Strong Customer Authentication.
- It will require multi-factor authentication on all e-commerce transactions where the business and the customer both reside in the EU. This post has more details. Strong Customer Authentication
- Criminals are now trying a new extortion scheme: damaging your online reputation.
- Instead of encrypting your data, they are threatening to send spam using your domain and leave nasty comments across the web. You should ignore such messages. New Extortion Scam Threatens to Ruin a Website's Reputation
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
