10 Security breaches Worldwide - Week 27, 2019
Be informed about the latest 10 Security breaches Worldwide, identified and reported publicly during Week 27, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- There has been another massive data leak from unsecured Elasticsearch storage.
- This one originates from Orvibo, makers of smart home products. There are more than 2 billion records online, and they include unsalted (but hashed) passwords and precise locations of their devices. There are about a million users’ details, including hotels, offices and residences. The implications are major because “Much of the data can be pieced together both to disrupt a person’s home while possibly leading to further hack,” according to the researchers who found the data. The company has tried to get the vendor to close the leak. Report: Orvibo Smart Home Devices Leak Billions of User Records and Smart home maker leaks customer data, device passwords
- The U.K.’s Cyber Security Center has issued a warning about increased Ryuk ransomware attacks.
- The ransomware has been active since last summer and is found after hackers have already been present on a victim’s network for some time, usually with Emotet and TrickBot malware initial infections. Criminals have collected at least the equivalent of $640,000 in ransoms to date. The standard preventions apply. Ryuk ransomware targeting organisations globally
- Earlier this week 7-Eleven launched new mobile pay app 7pay in Japan with major security flaws.
- About 900 customers lost the collective equivalent of half a million dollars due to hijacked accounts. The app had a poorly designed password reset function that allowed anyone’s new password to be sent to a new email address. 7-Eleven Japanese customers lose $500,000 due to mobile app flaw
- The Chinese government has created the BXAQ Android spyware that is being installed on all visitors’ phones crossing at Irkeshtam in Kyrgyzstan.
- The app downloads emails, texts, contacts and phone configuration details. Visitors' iPhones are also monitored with another routine.
Chinese border guards put secret surveillance app on tourists' phones and China Is Forcing Tourists to Install Text-Stealing Malware at its Border and Analysis-Report Chinese Police App “BXAQ” 03.2019
- The app downloads emails, texts, contacts and phone configuration details. Visitors' iPhones are also monitored with another routine.
- New malware that packs a punch, labeled WannaLocker, has been seen.
- It combines spyware, a RAT and a banking Trojan into an Android app. The name refers to similarities with WannaCry. It is targeting Brazilian banking customers. New triple-threat mobile version of the malware WannaLocker targets banks in Brazil
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- Google’s latest ReCaptcha v3 service is still vulnerable to automated attacks, according to new research.
- AI routines can be 90 percent effective at defeating it. This post describes the history of past CAPTCHA fails. Google's reCAPTCHA favors – you guessed it – Google: Duh, only a bot would refuse to sign into the Chocolate Factory
- Ryuk continues to make news, this time hitting the Georgia state courts’ network.
- The courts discovered the ransomware on Sunday on its servers providing case management. Other Ryuk attacks have been seen across Georgia state and local agencies. Georgia courts (mostly) shrug off ransomware attack
- A number of leaky AWS S3 storage buckets care of bad IT security at integrator Attunity (now owned by Qlik) was discovered by researchers recently.
- The firm works with half of the F100 and the leaks contain business-critical data such as emails, passwords and contacts. Two examples mentioned in this post are Ford project documents and a collection of Netflix authentication strings. Data Warehouse: How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
- We all know phishers are getting sneakier.
- Here is a report about how a phished URL was embedded in a QR code. Most phone apps will redirect the user to the malicious website without checking it, and this simple tactic also evades the corporate security filters too. Under the Radar – Phishing Using QR Codes to Evade URL Analysis
- The cost of numerous DNS attacks now can exceed more than $1M, according to a new survey done for IDG.
- Almost two thirds of the responding organizations said they have experienced a DNS-based attack recently. Understanding the Critical Role of DNS in Network Security Strategy - IDC 2019 Global DNS Threat Report
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
