The Latest 14 Security breaches Worldwide – Week 35, 2019

The Latest 14 Security breaches Worldwide - Week 35, 2019

14 Security breaches Worldwide – Week 35, 2019

Be informed about the latest 14 Security breaches Worldwide, identified and reported publicly during Week 35, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.


  • Imperva suffered a major data breach recently affecting users of its Cloud Web Application Firewall (Incapsula).
    • According to its CEO’s post, hackers made off with customer API keys and SSL certificates and user passwords. Users should change their passwords, implement SSO logins and generate new SSL certs ASAP. Cybersecurity Firm Imperva Discloses Breach

  • A massive research by Google into more than a dozen different iPhone exploits is described here.

  • Newly-registered domain names are often a red flag, indicating bad actors ahead.
    • This post takes a deep dive into how these domains are used to compromise your networks, and found that the vast majority of them are used as command sites for malicious purposes. Many of these domains are only alive for a few hours or days and disappear before researchers have found them. Newly Registered Domains: Malicious Abuse by Bad Actors

  • Researchers have found a new campaign using Trickbot to steal cellphone PIN codes of three American providers.
    • The malware injects a phishing form requesting the PIN; users should be on the lookout, as this could lead to additional fraudulent use of your cell account. The long-running botnet added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims’ voice and text communications. TrickBot Modifications Target U.S. Mobile Users

  • The upcoming Moscow city election’s blockchain-based voting system had a major bug.


 


Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.


  • Web hosting vendor Hostinger has reset all of its user passwords after a breach.
    • They warned that a third party has gained unauthorized API access to usernames, emails, hashed passwords, first names and IP addresses but no financial data. The company has 14 million customers but didn’t divulge the exact number who were affected. Security Incident: What You Need To Know

  • An open Elasticsearch database contained more than 1 million users of the adult website Luscious.
    • The data contained usernames, email addresses, locations, activity logs, and genders. Users were located all over the world and once notified, the server was finally secured. The leak could be used to dox or compromise these users, given the nature of the content. Report: Data Breach in Adult Site Compromises Privacy of All Users

  • Numerous WordPress plugins have been found to maliciously reroute traffic to criminal websites.

  • This post dives into the dark world of carding shops.
    • These are repositories of stolen credit card numbers, and researchers paint a dismal picture of how they operate, the two different kinds of data collected (the card numbers and information from the magnetic strips on the cards), and how they provide search tools for criminal customers. Understanding their operation can be helpful for defenders. Navigating Card Shops Data Essential for Fraud, Security Teams

  • Google has a post describing how it is trying to build a better and more private web that will still serve its advertisers’ needs.
    • It is a delicate balance to be sure, especially after this post about what the company doesn’t know about us. To this end, they have announced a “privacy sandbox” that will obviate the need to wholesale block cookies and provide more nuanced solutions. Potential uses for the Privacy Sandbox


  • Researchers have discovered a new phishing campaign that uses the Adwind malware.

  • This post describes the Neutrino malware.
    • It attacks PHP servers and injects malicious scripts into phpMyAdmin. When it succeeds in gaining entry, it lies in wait until activated by the attacker to download additional components to run cryptominers and infect additional computers across the network. Finding Neutrino

 


 

Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

Do you have any concerns with Security breaches? Leave your thoughts in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!