13 Security breaches Worldwide – Week 9, 2019
Be informed about the latest 13 Security breaches Worldwide, identified and reported publicly during Week 9, 2019. As these security-related breaches have a severe negative impact on your business, consider a security AUDIT to prevent any similar cases.
- Fortinet’s quarterly threat report has found 15 new zero day exploits across its network telemetry and a rise of ten percent in total exploits seen by each customer in the last quarter.
- It also maps the various IoT exploits as shown in the graph below. QUARTERLY Threat Landscape Report
- A report from Gigamon examines how the most prolific malware has evaded detection in the past year.
- It shows a rapid rise in Emotet in November and its kill chain and lateral activity is dissected. How Malware Traverses Your Network Without You Even Knowing About It
- Corero DDoS trends report has seen the average DDoS attack has gotten larger and briefer, with most of them lasting less than ten minutes.
- A fifth of victims are hit a second time within a day too. The number of attacks over 10Gbps have doubled, while the duration of attacks continues to decrease. Corero Full Year 2018 DDoS Trends Report
- Zscaler’s latest report on SSL traffic examined threats blocked by their products.
- Phishing increased by a factor of four from 2017, with Microsoft Office and One Drive being the most often brands targeted. Trickbot was responsible for more than half of botnet originated attacks. Find out what’s hiding in encrypted traffic
- On average, IoT devices come under attack within five minutes of being plugged in.
- They are also targeted by specific exploits within the first 24 hours of operation. The number of DDoS attacks in 2018 was up 26 percent compared to the year previously and the attacks are getting bigger too. DAWN OF THE TERRORBIT ERA
- Botnets have had a major impact on online ticketing sites, according to a new analysis by Distill Networks
- Several groups are using these bots, including ticket brokers and hospitality agencies, as well as true criminals. The attacks are getting more sophisticated, using ticket spinning (where they are held long enough to mess with seat availability), scalping and outright fraud. The report looks across this very complex ecosystem (see graphic below). How Bots Affect Ticketing
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just in the last 7 days.
- IBM’s latest Intelligence Index from its X-Force cybersecurity operation is now available.
- It has seen cryptomining attacks double in the past year, but ransomware is on the decline. It has also seen a trend towards using “living off the land” ploys (such as PowerShell and other OS-based tools) to launch attacks. Ransomware Doesn’t Pay in 2018 as Cybercriminals Turn to Cryptojacking for Profit
- An extensively researched report on the online criminal underworld is now available from Bromium.
- It documents how various players profit from malware, laundering money, scams, and theft of intellectual property, credit cards and data. These are all accomplished using a variety of techniques. The entirely of “cybercrime as a service” world is staggering. Cybercrime has gone from being a simple business to an entire “Web of Profit”– which is the name of this report and is worthy of your attention. Into the Web of Profit Landmark research by Dr. Mike McGuire
- Sweet contradicting irony
- Equifax CEO Mark Begor was asked by a congresswoman to reveal his SSN and birthdate in a public hearing, and wasn’t comfortable doing so. This contradicts what the company’s legal team is saying in a class action lawsuit. video – Rep. Katie Porter asks Equifax CEO to release his Social Security number
- Elasticsearch users are being targeted more often, including a significant leak from Dow Jones.
- That was caused by a third-party who made a copy of its Watchlist to a unsecured server. Researchers have seen a rise in attacks, especially users of v.1.4.2 and earlier, using script injections to download coin miner exploits. Users should update their code to the latest versions that prevent these exploits. Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked and Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
- Sports collectable and notable baseball card vendor Topps has been hit with a Magecart formjacking attack.
- The breach notification is posted here: NOTICE OF DATA BREACH . Online customers who made purchases at the end of 2018 could be at risk of personal data, including payment cards and should monitor their credit card statements.
- The Cairo Bangladeshi embassy’s website has been infected with a hidden crypto coinminer since last fall.
- Researchers have been in touch but the site hasn’t been fixed. Visitors will receive a malware-laced Word document. Bangladesh Embassy Website in Cairo Compromised
- Researchers have seen an increase in attacks on POS VMware Horizon thin clients around the world.
- They appear to come from the FIN6 hacking group and make use of a variety of malware pieces, including Cobalt Strike backdoors. NEW GLOBAL ATTACK ON POINT OF SALE SYSTEMS