Worst Data Breaches of 2018
Were you wondering which breaches were the worst of 2018?
Fortune magazine compiled a list of last year’s most
significant breaches and vulnerabilities, ranked by the number of
people who were affected. To read more: http://fortune.com/2019/01/04/worst-data-breaches-of-2018/
Weather Forecast?—?World Weather Accurate
Radar
A weather app built by a Chinese company is collecting massive
amounts of data and attempting to subscribe some users to paid
services without their permission. The app collects data on users’
geographic locations, email addresses and unique International
Mobile Equipment Identity numbers on a server in China. To read
more: https://www.wsj.com/articles/popular-weather-app-collects-too-much-user-data-security-experts-say-11546428914
Twinning App
A photo-matching app called Twinning experienced a data leak that
exposed photos for its entire user base. The photos can be publicly
accessed via a storage bucket hosted on AWS. Popsugar, the app
creator, has since made the bucket private. To read more: https://www.dailymail.co.uk/sciencetech/article-6543031/Popsugar-app-matches-selfies-celebrities-exposed-personal-photos-report-claims.html
Singapore Airlines
A software glitch caused a data breach that impacted 285 frequent
flyer members of Singapore Airlines. The bug compromised various
personal details including passport and flight information. To read
more: https://www.zdnet.com/article/singapore-airlines-data-breach-affects-284-accounts-exposes-travel-details/
Dataresolution.net
Cloud-hosting provider dataresolution.net is trying to bring its
systems back online after suffering a ransomware attack on
Christmas Eve. The attackers exploited a compromised login account
and infected servers with Ryuk ransomware. To read more: https://krebsonsecurity.com/2019/01/cloud-hosting-provider-dataresolution-net-battling-christmas-eve-ransomware-attack/
Chromecasts & smart TVs
A hacker duo claims to have hijacked exposed Chromecasts, smart TVs
and Google Home devices. This is the second hack that was executed
to urge users to subscribe to PewDiePie’s Youtube channel. To read
more: https://www.zdnet.com/article/hacker-hijacks-thousands-of-chromecasts-and-smart-tvs-to-play-pewdiepie-ad/
German Politicians
A group of hackers leaked highly sensitive personal information for
more than 100 German politicians including Chancellor Angela Merkel
on Twitter. The data includes phone numbers, email addresses,
private chats, bills and more. To read more: https://thehackernews.com/2019/01/germany-politicians-hacked.html
Town of Salem
A hacker stole the personal details of 7.6 million users of the
online game the “Town of Salem.” Someone sent a copy of the stolen
data to DeHashed, a service similar to Have I Been Pwned. The
compromised servers were finally secured this week. To read more:
https://www.zdnet.com/article/town-of-salem-game-suffers-data-breach-exposing-7-6-million-user-details/
Marriott
Marriott has announced that its guest-reservation system was hacked
and that the personal information of almost 500 million guests was
potentially exposed. The hack affects the Starwood reservation
database, which the hackers apparently first gained access to in
2014. To read more: https://www.cnn.com/2018/11/30/tech/marriott-hotels-hacked/index.html
Luas
Hackers are holding Luas, a tram system in Dublin, Ireland, hostage
with a potential leak of private data should the company fail to
pay a Bitcoin ransom. The firm’s website was compromised, and a
malicious message posted on the homepage. The site is still
offline. To read more: https://www.zdnet.com/article/dublins-luas-tram-system-threatened-with-private-data-leak/
Spectre and Meltdown
Intel is still working to clean up the problems caused by the
Spectre and Meltdown vulnerabilities that were disclosed a year
ago. To read more: https://www.wired.com/story/intel-meltdown-spectre-storm/
Blur
The company behind the Blur password manager revealed that it had
experienced a data breach impacting almost 2.4 million users. To
read more: https://www.zdnet.com/article/data-of-2-4-million-blur-password-manager-users-left-exposed-online/
Sednit APT
Researchers found the first-ever successful instance of a rootkit
targeting the Windows Unified Extensible Firmware Interface. The
rootkit is called LoJax, which is a modified version of Absolute
Software’s LoJack recovery software. To read more: https://threatpost.com/uefi-rootkit-sednit/140420/
Adobe
Adobe has issued patches for two critical vulnerabilities outside
its usual security-update cycle. The vulnerabilities allow
privilege escalation and arbitrary code execution, and affect both
MacOS and Windows. To read more: https://thehackernews.com/2019/01/adobe-reader-vulnerabilities.html
Apple phishing
A new phishing scam spoofs the legitimate Apple support page and
phone number. What is most concerning is that if the recipient of
the scam call is an iPhone user, the fake call gets indexed in the
phone’s recent calls list as a call from the legitimate Apple
Support line. To read more: https://krebsonsecurity.com/2019/01/apple-phone-phishing-scams-getting-better/
Android
Google patched a privacy vulnerability in the Chrome web browser
for Android that could enable remote attackers to identify
unpatched devices and exploit other vulnerabilities. A security
researcher initially reported the issue to Google three years ago.
To read more: https://thehackernews.com/2019/01/google-chrome-android-privacy.html
Golduck malware
Security researchers found more than a dozen iPhone apps
communicating with a Golduck malware server. The malware has been
around for over a year but was previously specific to Android. To
read more: https://techcrunch.com/2019/01/05/dozen-iphone-apps-linked-to-golduck-malware
ReCAPTCHA
Researchers have managed to fool Google’s reCAPTCHA with a 90%
success rate. To read more: https://motherboard.vice.com/en_us/article/pa55z8/researchers-fool-recaptcha-with-googles-own-speech-to-text-service
Sign up below and receive these reports and more, directly in your inbox.