11 Security breaches Worldwide – Week 32, 2019
Be informed about the latest 11 Security breaches Worldwide, identified and reported publicly during Week 32, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- New Android-based malware called QualPwn has been discovered by Chinese researchers.
- It can remotely control infected phones by leveraging three different Qualcomm chipset vulnerabilities. The Qualcomm company acknowledged the flaws. Google issued an update to patch the problem but Samsung hasn’t yet done so. Users should upgrade accordingly. New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking
- You have heard of wardriving, but how about warshipping?
- The practice involves mailing a small computer to a target company. Once the package has been delivered to the mailroom, it is activated and attempts to connect to the corporate network. IBM red team hackers were able to use this technique to infiltrate various networks. They have produced a video showing you how the attack is done. Package Delivery! Cybercriminals at Your Doorstep
- This post takes a deeper dive into how the MegaCortex ransomware operates.
- It has mostly been used to target businesses and used to work in conjunction with manual methods to infect various endpoints. Researchers have found a new version that can self-install, making it more potent. The malware creators have traded some security for ease of use and automation of their attacks. New version of MegaCortex targets business disruption
- There are five ways you can make cyberattacks more difficult to accomplish, according to this new research paper.
- Three of them are to make the data obsolete (by changing passwords for example), move quickly after a breach and identify threat vectors. Worthy showing to your managers. Modern-Day Manhunt – Operationalizing Cyber Attribution (pdf)
- Attacks are getting more targeted, hitting higher volumes and using more financial-astute methods.
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- The fashion and sneaker trading platform StockX was hit by hackers at the end of last week.
- It initially didn’t acknowledge the attack and first reset users’ passwords, then issued this statement. Reporters were able to verify that users’ account data was stolen from the site back in May. Financial data wasn’t involved. StockX was hacked, exposing millions of customers’ data
- The latest victim of a business email compromise attack is the North Carolina Cabarrus County School District.
- It discovered it sent a payment to a hacker’s bank account instead of its legit construction contractor thanks to a well-crafted phony email. The result was a $1.7M payment, only a part of which has been refunded by the bank. $1.7 million missing after Cabarrus County Government targeted in social engineering scam
- Details on 4M email accounts were recently leaked from Disney’s revamp of its Club Penguin website.
- It happened through a PHP vulnerability and had help from data obtained from another leak last year. There is a lot of confusing and contradictory information about what happened. 4 million Club Penguin Rewritten accounts exposed in breach
- The researchers who found the original DragonBlood WPA3 bugs are back with new vulnerabilities.
- Two new Dragonblood bugs allow attackers to recover passwords from WPA3 WiFi networks. The bugs allow hackers to steal passwords transmitted across the wireless network by brute-forcing authentications, and had to do with the ways the original bugs were patched. New Dragonblood vulnerabilities found in WiFi WPA3 standard
- The U.S. Army Cyberschool in Fort Gordon has changed its pedagogical tactics over the past several years.
- This post describes how more nimble instruction has become the norm, and how exercises are constructed to encourage collaboration to solve infosec problems. Students also switch between blue and red team exercises to widen their perspective. How the Army’s cyber school is changing
- The U.S. CERT has issued an advisory.
- It warns users of potential phishing scams that try to lure you in based on subject lines mentioning the past week’s tragedies in Dayton and El Paso. El Paso and Dayton Tragedy-Related Scams and Malware Campaigns