17 Security breaches Worldwide - Week 26, 2019
Be informed about the latest 17 Security breaches Worldwide, identified and reported publicly during Week 26, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- Malware called Silex has been targeting numerous IoT devices.
- What is interesting is that the author is a 14-year old who goes by the handle Light Leafon. The malware exploits the default credentials and deletes any storage and configuration settings. Over 2,000 devices have been bricked in the span of a few hours. Attacks still ongoing. New Silex malware is bricking IoT devices, has scary plans
- The Chinese state-sponsored hacking group APT10 has compromised numerous technology service providers in a campaign labeled Cloud Hopper.
- Trend Micro reported on this in April, this current news story filled in details about their techniques at a series of attacks at Swedish telcom giant Ericsson. Many victims aren’t clear about what confidential data was stolen. Operation Cloud Hopper: What You Need to Know and Inside the West’s failed fight against China’s ‘Cloud Hopper’ hackers
- Third-party web trackers are proliferating, according to a new analysis.
- There are an average of 21 trackers per web page and Google, Facebook and Twitter are the most popular sources. Almost every ecommerce login page is at risk of leaking credentials to these trackers. Detecting the Hidden Behaviors of Externally Controlled Tools and Scripts (pdf)
- Hacking groups are targeting hotel WiFi networks because they are a rich data source.
- This report follows some of their exploits used by a white hat pen testing group. Back doors to your personal data can be found in everything from smart fish tanks to Wi-Fi pineapples. The Hotel Hackers Are Hiding in the Remote Control Curtains
- Argos is a major UK retailer that was a frequent phishing lure last year.
- Those attacks have continued, according to researchers. This post dissects the phished messages, showing the various tells such as a spoofed origination address, hidden URLs and copies of the company’s logos and email templates. The messages have eluded detection on some gateways. Phishing Attacks on High Street Target Major Retailer
- A personal post from security researcher Robert Heaton. He received a very convincing email request to judge an academic prize.
- Fortunately for him he viewed the email in Chrome; had he been using Firefox, he would have been hit with a zero day piece of malware hidden in that email. I was 7 words away from being spear-phished
- A new FireEye report shows a recent spike in URL-based HTTPS phishing attacks
- Why phishers are using HTTPS links in their lures. FireEye has noted this trend in a recent report and they expound on how it has made the lures more believable. If you get a message with just a link and no other content, don’t be tempted to click on it. HTTPS Phishing: The rise of URL-based attacks
- Beware of those “security consultants” that are marking up ransom demands and paying them on your behalf.
- This sting caught Red Mosquito Data Recovery in its net. We recently wrote about two U.S. firms that promised high-tech ransomware solutions but instead paid the cyber-attacker. A U.K. company appears to do the same. Sting Catches Another Ransomware Firm — Red Mosquito — Negotiating With “Hackers"
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- Last week saw escalations between the Iranian and U.S. governments on the cyber front.
- Yahoo News broke a report that the U.S. Cyber Command launched attacks against a state-sponsored “spy group” as retaliation against the country’s downing an American drone. Iran claims these attacks were neutralized. And there were reports from the U.S. Cybersecurity and Infrastructure Security Agency of an escalation Iranian-sponsored malware wiper campaigns directed at various American businesses and government agencies. In other related news, Symantec recently reported that back in November 2017 the Russian state-sponsored hacking group called Turla or Waterbug had hacked into the server infrastructure of an Iranian state-sponsored group known as APT34 or Oilrig. Turla had placed various pieces of malware on equipment infected with Oilrig hacking tools. Pentagon secretly struck back against Iranian cyberspies targeting U.S. ships and U.S. Government Warns of Data Wipers Used in Iranian Cyberattacks and Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
- The Philadelphia courts’ computer networks have been offline for more than a month after several PCs were hit with malware.
- Electronic filing and some email services haven’t been operational as the courts try to revive these systems. There were reports suggesting Russian origins but these were later repudiated. The Philadelphia Courts First Judicial District of Pennsylvania Notice and Phila. court official backs off on Russian connection to computer virus
- Nine staffers at the Oregon Department of Human Services were phished back in January.
- The upshot is that personal health data from more than 600,000 consumers might have been leaked, including Social Security numbers. Apparently, the reporting delay occurred because it took time to analyze millions of emails to determine the extent of the leak. On January 28, 2019, the Department of Human Services and the Department of Administrative Services Enterprise Security Office confirmed that sensitive information may have been accessed through targeted phishing.
- Researchers have discovered a new and more sophisticated cryptocurrency-mining botnet malware.
- It leverages existing SSH links and an open Android Debug Bridge port. It has been observed in more than 20 countries and is targeting South Korean Android users. Cryptocurrency-Mining Botnet Malware Arrives Through ADB and Spreads Through SSH
- Data was stolen from the network of NASA’s Jet Propulsion Lab in Pasadena, thanks to a hacked Raspberry Pi computer.
- More than 20 files were copied relating to one of the Mars science missions in April. NASA described the hackers as an "advanced persistent threat," a term generally used for nation-state hacking groups. NASA hacked because of unauthorized Raspberry Pi connected to its network
- Internet access across Ethiopia was shutdown after a failed attempted coup.
- Both events happened over the weekend. This follows shutdowns in other African countries recently. Internet shutdown in Ethiopia amid reports of attempted coup
- Operation Soft Cell
- Researchers identified a new Chinese threat group that is targeting telco providers. They call it Operation Soft Cell, and found it has been active since 2017, with a goal of obtaining call detail records from at least ten major telecom providers. This is a very target-rich environment: last year nearly a third of telecom providers reported some customer data stolen from their networks. These records can reveal all sorts of life patterns of the phone users and other sensitive metadata. What makes this group noteworthy is how often they changed attack methods (every quarter, as shown in the diagram above) and how focused they were. The attack began with a malware-infested web shell to gather intelligence about the enterprise infrastructure. The group used modified versions of the PoisonIvy RAT, Mimikatz, a Netbios-based network scanner, and other tools to penetrate various servers. Hackers are stealing years of call records from hacked cell networks and Telecom Report: Telecommunications industry woefully unprepared for cyberattacks and OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
- The LokiBot and Nanocore malware authors have combined forces, according to new research.
- The attack begins with a phishing message about an invoice that tricks users into downloading an infected ISO disk image file attachment. These files are usually whitelisted by AV scanners, so be on the lookout. LokiBot & NanoCore being distributed via ISO disk image files
- A group of consumer advocates has filed a petition to the U.S. Federal Trade Commission.
- They are trying to call attention to secret surveillance scoring techniques by major retailers. The scores are compiled from online behavior and from data brokers. They are used to charge some customers higher prices or get better customer service. Advocates push FTC crackdown on secret consumer scores
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
