The Latest 13 Security breaches Worldwide – Week 33, 2019

The Latest 13 Security breaches Worldwide - Week 33, 2019

13 Security breaches Worldwide – Week 33, 2019

Be informed about the latest 13 Security breaches Worldwide, identified and reported publicly during Week 33, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.


  • One of the websites of the European Central Bank was shut down after it was infected with malware.

  • The Bluetooth encryption protocol has a major flaw and been assigned CVE-2019-9506.

  • Speaking of Bluetooth, there is a new tool in the arsenal to fight credit card skimmers that often use this protocol to transmit the stolen card data.
    • It is called Bluetana and has been used by law enforcement to track criminals who install the skimmers, typically on gas pumps. Over a year more than a thousand skimmers were located all over the country. Here is a tip: avoid using debit cards when paying for gas. Meet Bluetana, the Scourge of Pump Skimmers

  • The hacking group known as Cloud Atlas is still active.
    • This post dissects some of its recent spate of malware campaigns, including PowerShower (a PowerShell exploit) and a new polymorphic campaign called VBShower that accomplishes the same tasks only with more stealth. Recent Cloud Atlas activity

  • Microsoft Outlook has a major remote code execution vulnerability that has been assigned CVE-2019-1199.
    • It has to do with create memory corruption conditions using specially crafted messages. Users should apply the recent patches to prevent it from happening. Use-After-Free (UAF) Vulnerability CVE-2019-1199 in Microsoft Outlook

  • This report describes “lateral phishing attacks” is presented in this phishing report from Barracuda.
    • The notion is for a hacker to take control over a legit email account and send phishing lures from that account, thereby bypassing many protective measures. The typical subject lines involve sharing a document link or resets due to account errors. One in seven organizations has experienced such an attack recently. Spear Phishing: Top Threats and Trends (reg. req., pdf)

 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.


  • State Farm was hit with a credential stuffing attack last month.
    • It disclosed this in an advisory that was short on details. The company posted suggestions on how to improve customer password hygiene, such as using MFA and more complex and unique passwords. Customers who were affected had their passwords reset. No personal data was leaked. State Farm Notice of Data Breach for Credential

  • About 1,200 customers of London Transport had their Oyster contactless payment cards hacked with another credential stuffing attack last week.
    • Malicious logins have been detected on the Oyster website, with TfL blaming people using repeated usernames and passwords. It’s one of 2019’s most popular attacks. These cards were suspended and the company took down its website. As of this morning, the website isn’t yet back in service. TfL kills the Oyster website as customers are hit by a dumb hack


  • The NYC fire department issued a warning that a stolen employee’s hard drive could have leaked data from more than 10,000 patients.

  • F5’s Big-IP firewalls have a code injection bug.
    • It was found by researchers and has to do with how a bad actor can manipulate its scripting language. While the exploit hasn’t been seen in actual use, it can occur if the scripts are poorly written and F5 has issued an advisory. K15650046: Tcl code injection security exposure

  • Joel Stein’s column on how he tried to protect his privacy from Big Tech is worth reading.
    • His journey takes him through using a variety of tools such as Jumbo (a smartphone app that reconfigures your privacy settings of major social networks), MySudo (for disposable email addresses), Abine’s DeleteMe opt-out service, the Brave browser and DuckDuckGo search engine. I Tried Hiding From Silicon Valley in a Pile of Privacy Gadgets

  • The biometric access platform BioStar 2 suffered a massive data leak of fingerprints and facial data from at least 1.5M different people in numerous countries.
    • This data included unencrypted usernames and passwords, including those of admin accounts. What is worse is that many passwords were “ridiculously simple” and that many large businesses use these biometrics for access controls. This data was publicly available for more than a week while researchers tried to contact Suprema, the owner of the data, unsuccessfully. The potential for fraud and abuse is high, because once this data is stolen people can’t change their faces or fingers. Data Breach in Biometric Security Platform Affecting Millions of Users

 


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment