5 Security breaches Worldwide – Week 31, 2019
Be informed about the latest 5 Security breaches Worldwide, identified and reported publicly during Week 31, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- Internal network configuration data on Honda was found on an unsecured ElasticSearch server by a security researcher.
- This data was spread across 40 GB of various files and appeared to be a census of all of its global endpoint equipment. “The data makes it clear which vendor they use and which machines have the endpoint security software enabled and up to date.” The company worked quickly to lock this down and acknowledged the mistake. The interesting fact in this story was that it took the researcher several days to track down the appropriate contact at Honda to take action. This should be a lesson for all corporations to provide these contacts clearly on their corporate websites. Honda Motor Company leaks database with 134 million rows of employee computer data
- Researchers have found four different cases of security software phoning home data to its own servers without the customers’ permission or prior knowledge.
- Some of the exfiltrated data was sent to a known malicious IP address located in China that hosts malware. ExtraHop Security Advisory: Calling Home (reg. req.)
- One of the largest and longest-running DDoS attacks was observed this past spring.
- The botnet that caused the attack used more than 400,000 different computers, lasted 13 days and directed a peak flow of 292,000 Requests per second. It was successfully repelled, and this post has more details about its construction. a Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- Researchers have discovered three separate spear phishing campaigns that have targeted the utility operators.
- They have dubbed this LookBack. The malware tries to impersonate a US-based engineering licensing board. They were delivered last month using infected VBA macros in Word documents. LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
- Eleven different zero-day vulnerabilities in the embedded OS VxWorks were discovered by security researchers.
- The issues range from remote code execution to logic flaws and many of them are critical. There are billions of IoT devices that run this OS, and all versions dating back to v.6.5 are affected. 11 zero-day vulnerabilities in VxWorks®