10 Security breaches Worldwide – Week 28, 2019
Be informed about the latest 10 Security breaches Worldwide, identified and reported publicly during Week 28, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- Huawei continues to have issues.
- First are reports of strong links between Huawei employees and Chinese intelligence agencies. Huawei says this is extremely common. So why did the company try to hide these credentials? Next are reports about three major vulnerabilities found in its web application products from Swascan. These include out of bounds exploits and command injections. The two companies worked together to fix the issues. Finally, the researchers at Finite State identified other bugs in various firmware images. “In virtually all categories we studied, we found Huawei devices to be less secure than comparable devices from other vendors,”. Huawei staff CVs reveal alleged links to Chinese intelligence agencies and Swascan uncovers Huawei ‘s vulnerabilities (pdf)
- British Airways has been hit with a massive £183 million (equivalent to $229 million) fine by the U.K. regulatory agency ICO.
- This was for a data leak that took place from May to September last year. More than half a million customers’ private data was compromised, resulting in GDPR violations. Intention to fine British Airways £183.39m under GDPR for data breach
- The FBI and the Immigration and Customs Enforcement agencies have been using driver’s license photos to feed data to thousands of facial recognition searches.
- This is without the drivers’ consent, according to this report. This means that these photos of many people are collected even though they haven’t been charged with a crime. Given that this is being done without any explicit legal approval, Congress is gearing up for legislation to regulate these activities. Both San Francisco and Somerville, Massachusetts, have banned police and other municipal agencies from using any facial recognition software. FBI, ICE find state driver’s license photos are a gold mine for facial-recognition searches
- Hackers have compromised the credentials of the GitHub account of Canonical.
- The company maintains one of the most popular Linux distributions, Ubuntu, and this account is used to post updates to portions of the OS and related apps. No source code was affected and the credentials were swiftly removed. Ubuntu-Maker Canonical’s GitHub Account Gets Hacked
- Perhaps one of the more audacious vulnerabilities was found by a researcher on the Mac Zoom video conferencing client.
- This is used by 4 million people currently. It turns on your video camera by default, and can be easily exploited by a hacker. The post discusses the issues, why Zoom made the decisions it did and how you can minimize your exposure (pun intended). Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- Researchers found a phony malware-infested Google Android app on 25 million phones, with half of them in India.
- Dubbed Agent Smith, it can be very intrusive and stealthy, stealing user credentials. Google has removed the apps from the Play Store. Agent Smith: A New Species of Mobile Malware
- The agency that manages Greece’s top-level internet domain has suffered another breach.
- It appears to be caused by state-sponsored actors dubbed Sea Turtle. This post describes the current attack, which used DNS hijacking techniques. Hackers breached Greece’s top-level domain registrar and Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
- A new type of FinSpy mobile implants has been found and linked to the Gamma hacking Group.
- This malware is an info stealer and its mobile versions have been around since 2012. The latest version can steal data from more smartphone apps on both iOS and Android devices, including recording voice calls. New FinSpy iOS and Android implants revealed ITW
- The Buhtrap hacking group has stepped up its game and is now using a zero-day privilege escalation bug (CVE-2019-1132) for the first time.
- This post reviews the group’s history and how it has evolved from simple financial crimes into more spying activities. Buhtrap group uses zero‑day in latest espionage campaigns
- Glamoriser hair straighteners have a Bluetooth connection.
- The smartphone app that connects to the device can be compromised to literally burn down your house with the right code injection. Burning down the house with IoT