Fiserv
A Pennsylvania credit union is suing Fiserv because of security
vulnerabilities that were allegedly wreaking havoc on its
customers. Fiserv, sells financial-services technology, including
account- and transaction-processing systems that small financial
institutions use on their websites. This is not the first credit
union that has sued Fiserv because of security issues. To read
more: https://krebsonsecurity.com/2019/05/credit-union-sues-fintech-giant-fiserv-over-security-claims/
Israel Defense Force
The Israel Defense Force (IDF) claimed to have neutralized a
cyberattack by launching an airstrike on the building that the
attack originated from. The IDF did not share any information about
the cyberattack. To read more: https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html
Github
Hackers are breaking into private Github code repositories, wiping
them and asking for a ransom. The hackers are also breaking into
Atlassian’s BitBucket, a similar service. One security researcher
estimates that around 1,000 people have been targeted. To read
more: https://www.vice.com/en_us/article/vb9v33/github-bitbucket-repositories-ransomware
Dark-web marketplaces
Europol shut down two dark-web marketplaces called Wall Street
Market and Silkkitie. These websites were used for trading drugs,
stolen credit-card information, malicious software and other
illegal goods. To read more: https://thehackernews.com/2019/05/europol-darkweb-market.html
TRON network
A security flaw was discovered in TRON, a blockchain platform, that
could have been used to break its entire blockchain ecosystem. An
attacker could send DDoS attacks to all or at least 51% of TRON’s
super-representative nodes and render the service unusable. To read
more: https://www.zdnet.com/article/tron-critical-security-flaw-could-break-the-entire-blockchain/
Buckeye
A hacking group known as Buckeye was found using some of the
zero-day exploits from the NSA a full year before the Shadow
Brokers group leaked them. Buckeye is known for attacking US
defense and other critical organizations. The group is believed to
be working on behalf of the Chinese Ministry of State Security. To
read more: https://thehackernews.com/2019/05/buckeye-nsa-hacking-tools.html
Samsung SmartThings
A lab used by Samsung engineers was found to be leaking source code
for several internal projects including SmartThings. The company
left these projects on a GitLab instance hosted on its own domain.
A security researcher discovered the exposed files, and found that
one project contained credentials that allowed access to an entire
AWS account. To read more: https://techcrunch.com/2019/05/08/samsung-source-code-leak/
Wyzant
This online marketplace, which connects students to private tutors
suffered a data breach and exposed the personal information of its
customers. A hacker gained access to one of Wyzant’s databases,
leading to the breach. To read more: https://thehackernews.com/2019/05/wyzant-data-breach.html
Baltimore
The city of Baltimore, Maryland?—?a state with a poor record of
investment in any critical infrastructure?—?was hit with yet
another ransomware attack, forcing officials to shut down the
majority of the city’s computer servers. The attack started on
Tuesday and infected Baltimore’s systems with an unknown virus that
spread throughout the network. To read more: https://thehackernews.com/2019/05/baltimore-ransomware-cyberattack.html
Binance
One of the largest cryptocurrency exchanges confirmed that it had
lost $41m of (or 7,000) Bitcoin in a cyberattack. According to
Binance, the attackers were able to breach a BTC hot wallet that
contained 2% of the company’s total holdings. To read more:
https://thehackernews.com/2019/05/binance-cryptocurrency-hacked.html
Wolters Kluwer
This popular Dutch tax-and-accounting software platform suffered a
malware attack that took its systems offline. Wolters Kluwer
provides software to all of the top 100 accounting firms in the US
and 90% of major global banks. To read more: https://www.cnbc.com/2019/05/08/wolters-kluwer-accounting-giant-hit-by-malware-causing-quiet-panic.html
LandMark White
LandMark White, an Australian property consultancy, revealed that
the data breach it experienced earlier this year has cost it $5–6m
in revenue. The company was exposed after an AWS S3 bucket was
misconfigured and the data was posted on a dark-web forum. To read
more: https://www.computerworld.com.au/article/661256/landmark-white-drops-revenue-forecast-by-11-5m-after-data-breach
Ever app
A photo-storage app called Ever is using photos uploaded to its
site to train the company’s facial-recognition system, which it
then sells to private companies, law enforcement and the military.
Without telling users, the cloud storage app pivoted from photo
hosting to AI. The CEO of Ever said that “Ever AI does not share
the photos or any identifying information about users with its
facial recognition customers.” Nonetheless, this appears to be a
clear breach of user privacy. To read more: https://www.nbcnews.com/tech/security/millions-people-uploaded-photos-ever-app-then-company-used-them-n1003371
Verizon Data Breach Investigations Report
Telco Verizon just released its 2019 Data Breach Investigations
Report, which is a lengthy analysis of recent data breaches.
According to the report, hackers are especially targeting “low
hanging fruit.” To read more: https://www.politico.com/newsletters/morning-cybersecurity/2019/05/08/low-hanging-fruit-tops-trends-in-verizon-data-breach-report-614264
Freedom Mobile
Freedom Mobile, a Canadian wireless provide, confirmed that it was
impacted by a security breach from March to April of this year. The
carrier said that 15,000 customers were affected. To read more:
https://business.financialpost.com/telecom/freedom-mobile-hit-by-data-breach-company-says-up-to-15000-customers-affected
Indiana Pacers
Pacers Sports & Entertainment announced a security breach where
hackers had gained access to sensitive user data. The company
behind the Indiana basketball team blamed the breach on a phishing
campaign that successfully accessed several employee accounts. To
read more: https://www.zdnet.com/article/indiana-pacers-disclose-security-breach/
MongoDB database
A MongoDB database exposing 275m records of Indian citizens was
found open on the internet for more than two weeks. A security
researcher discovered the database hosted on AWS using Shodan. The
data exposed information such as name, gender, date of birth,
professional information and more. The owner of the database is
currently unknown. To read more: https://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/
Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.
Japanese Defense Ministry
Japan’s Defense Ministry is working with contractors to create
malware that it plans to use to defend systems. To read more:
https://www.zdnet.com/article/japanese-government-to-create-and-maintain-defensive-malware/
PrinterLogic
This seller of print-management software disclosed several
high-severity flaws in its services. The flaws could enable
unauthenticated, remote attackers to execute arbitrary code with
admin privileges. To read more: https://threatpost.com/printerlogic-remote-code-execution/144383/
Microsoft Exchange
A Russian cyber-espionage group developed one of the most complex
backdoors ever seen. The backdoor, called LightNeuron, works as a
mail transfer agent. It integrates into the working flow of
Microsoft Exchange, giving hackers full control over everything
that passes through an infected mail server. To read more: https://www.zdnet.com/article/russian-cyberspies-are-using-one-hell-of-a-clever-microsoft-exchange-backdoor/
Android
Google patched four remote-code-execution flaws in Android. Three
of the bugs are responsible for core apps such as the dialer, email
and camera. To read more: https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/
ELECTRICFISH
A new malware variant called ELECTRICFISH was found tunneling
traffic out of compromised computer systems. The Department of
Homeland Security and the FBI issued a joint alert warning users of
this malware. To read more: https://thehackernews.com/2019/05/north-korean-hacking-tool.html
Alpine Linux Docker images
For the last three years, the Alpine Linux Docker images
distributed through Docker Hub have been using a blank password for
the root account. This issue was first discovered back in 2015 and
apparently patched, only to be re-discovered again this year. To
read more: https://www.zdnet.com/article/alpine-linux-docker-images-ship-a-root-account-with-no-password/
Magento ecommerce CMS software
Researchers found an ongoing credit-card hacking campaign that is
stealing information of customers visiting sites with Magento
ecommerce software installed. The attackers injected JavaScript
scripts hosted on a malicious domain into a hundred shopping
websites. To read more: https://thehackernews.com/2019/05/magento-credit-card-hacking.html
Dharma ransomware
A family of ransomware known as Dharma is tricking victims into
installing file-locking malware by posing as anti-virus software.
The attacks start with phishing emails with messages from
“Microsoft” urging users to update and verify their anti-virus by
clicking on a download link. To read more: https://www.zdnet.com/article/this-ransomware-sneakily-infects-victims-by-disguising-itself-with-anti-virus-software/
UC Browser
There is an unpatched browser address bar vulnerability that
exploits Chinese UC and UC Browser Mini apps for Android. UC
Browser has more than half a billion users worldwide, many of them
in China and India. The bug could enable an attacker to control the
URL string displayed in the address bar. To read more: https://thehackernews.com/2019/05/uc-browser-url-spoofing.html
Microsoft SharePoint
Hackers are targeting Microsoft SharePoint servers to exploit a
recently patched vulnerability. Security patches were released for
the weakness in February, March and April of this year, but many
organizations continue to be slow to implement system updates. To
read more: https://www.zdnet.com/article/microsoft-sharepoint-servers-are-under-attack/
Sign up below and receive these reports and more, directly in your inbox.