9 Security breaches Worldwide – Week 30, 2019
Be informed about the latest 9 Security breaches Worldwide, identified and reported publicly during Week 30, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- The popular open source FTP server ProFTPd has a remote code execution bug (CVE-2019-12815). It can be exploited by authenticated users only.
- If you are using an older version or have recently installed this software, you need to re-install v.1.3.6 which has been patched. (The advisory is in German). Pro-FTPd: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes (lang=de)
- Mozilla has banned its browsers from using root certificates owned by the questionable entity DarkMatter of the UAE.
- The company is accused of selling hacking services. Google is planning on following suit for Chrome and Android users. These certs could be used to conduct MITM attacks. Google bans DarkMatter certificates from Chrome and Android
- The malware BrushaLoader is still being used by attackers.
- This was first discovered a year ago. This post dissects its multi-stage operation and how it is linked to the Danabot banking Trojan. It appears to be highly infectious and can be used to deploy a variety of malware payloads, including ransomware. BrushaLoader still sweeping up victims one year later
- The latest report from Sonicwall’s telemetry finds that overall, malware attacks have dropped by a fifth when compared to the first half of 2018.
- However, IoT-specific exploits have increased by 55 percent and ransomware attacks have increased by 15 percent. Ransomware targeting U.K. victims has increased nearly four-fold. The report also found that in May attacks using non-standard IP ports constituted a quarter of all malware. 2019 SONICWALL CYBER THREAT REPORT (reg. req.)
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- Three school districts have been hit by ransomware in North Louisiana this week.
- Louisiana Governor John Bel Edwards has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multple school districts. The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes — Sabine, Morehouse, and Ouachita. IT networks are down at all three school districts, and files have been encrypted and are inaccessible, local media outlets are reporting. Louisiana governor declares state emergency after local ransomware outbreak
- SyTech, a contractor to the Russia state intelligence agency FSB, was breached last week.
- The 7.5 TB of data stolen includes details on how to scrape social media accounts and also de-anonymize Tor traffic. Hackers who go by the name 0v1ru$ posted screenshots on Twitter and eventually sent some data to various journalists. They also defaced the company’s home page, and SyTech took down its website. Hackers breach FSB contractor, expose Tor deanonymization project and more
- A backdoor from the Chinese the Ke3chang group (also known as APT15) named Okrum has been newly discovered by researchers.
- The malware has been targeting diplomats in various countries. This report reviews the timeline of the group’s activities — which extend back several years — and what it does. It isn’t clear yet how it is distributed. Okrum: Ke3chang group targets diplomatic missions
- Brute-force NTLM attacks are fairly common.
- They are used for password spraying, account lockout exploits, and other authentication-based attacks. This post shows you how to investigate your various log files and audit your default domain policies and authentication activities to first better detect them and second to prevent them from happening. How to Investigate NTLM Brute Force Attacks
- More than 60 colleges who use the Ellucian Banner ERP software were recently targeted by hackers.
- They exploited a web services authentication bug (CVE-2019-8978) which was discovered earlier this year and fixed in May. The hackers specifically scanned for unpatched installations, and were successful at creating thousands of phony accounts on the ERP systems. However, no private data was compromised. TECHNOLOGY SECURITY ALERT – Exploitation of Ellucian Banner System Vulnerability