Round 4
A fourth batch of records came up for sale on the dark web. The
fourth round contains 27m new users’ records originating from six
other websites. The hacked sites include Youthmanual, GameSalad,
Bukalapak, Lifebear, EstanteVirtual, and Coubic. These credentials
are worth 1.2431 Bitcoin, which is roughly $5,000. To read more:
https://thehackernews.com/2019/03/data-breach-security.html
Fabian Woser
A man named Fabian Woser is working with victims of ransomware
around the world to get their files back without paying hackers.
Hackers hate him so much that they leave angry threats buried
within the code of their own viruses. To read more: https://www.bbc.co.uk/news/resources/idt-sh/hated_and_hunted_the_computer_virus_malware_ransomware_cracker
Chinese online recruitment sites
A database containing the personal details of 33m candidates from
online recruitment sites like 51Job, Lagou, and Zhilian were found
open online. The unencrypted database was discovered by a security
researcher. The owner of the database was not identified. To read
more: http://theindependent.sg/china-data-breaches-33-mil-unprotected-job-applicant-profiles-leaked/
London attractions
Kew Gardens, National History Museum, Tate Gallery and Imperial War
Museum were hit by 109m cyber attacks over the last few years.
Spyware was the most prevalent type of attack. To read more:
https://www.itpro.co.uk/security/33243/londons-top-attractions-besieged-by-more-than-100-million-cyber-attacks
Elsevier
Elsevier, the company behind scientific journals like The Lancet,
left a server open to the internet exposing email addresses and
passwords. It is not clear how long the server was exposed or how
many accounts were impacted. To read more: https://motherboard.vice.com/en_us/article/vbw8b9/elsevier-user-passwords-exposed-online
Magecart
Researchers identified two new Magecart attacks targeting MyPillow
and Amerisleep. Magecart is well known after hackers attacked
British Airways, Ticketmaster, and Newegg. The attack is a digital
payment card skimmer with malicious Javascript code. To read more:
https://thehackernews.com/2019/03/magecart-ecommerce-hackers.html
Norsk Hydro
One of the world’s largest aluminum producers was forced to shut
down several plants across Europe and the US after a cyber attack
left the companies’ IT systems unusable. The plants were shut down
and switched the manual operations where possible. Norsk Hydro is
still investigating the full extent of the attack, but the company
was hit with a new strain of ransomware called LockerGoga. To read
more: https://thehackernews.com/2019/03/norsk-hydro-ransomware-attack.html
Used laptops and phones
A security consultant collected used desktop, hard disks,
cellphones, and other technology from pawn shops near his home. He
found that their former owners left tons of personal information on
the devices. He found 41 Social Security numbers, 50 dates of
birth, 611 email accounts, 19 credit card numbers, and more. To
read more: https://gizmodo.com/its-scary-how-much-personal-data-people-leave-on-used-l-1833383903
Tornado sirens
A hacker took control of tornado emergency sirens in two North
Texas towns. The cities shut down their emergency warning systems a
day before major storms were set to hit the area. To read more:
https://www.zdnet.com/article/hacked-tornado-sirens-taken-offline-in-two-texas-cities-ahead-of-major-storm/
UK Police
The UK Police Federation confirmed that it was hit by a
cyberattack. The organization represents 119,000 police officers
across England and Wales. The ransomware attack hit the
federation’s Surrey headquarters, and several databases and emails
systems were encrypted. To read more: https://techcrunch.com/2019/03/21/police-federation-ransomware
GitHub Repos
Over the last six months, 100,000 GitHub repos leaked API tokens
and cryptographic keys. The scan was conducted by a team from North
Carolina State University and the results were shared with GitHub.
GitHub has since accelerated its work on a new security feature
called Token Scanning, which is in beta. To read more: https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-cryptographic-keys/
Oregon Department of Human Services
The Oregon Department of Human Services announced that a data
breach possibly exposed the personal information of 1.6m residents.
The breach occurred in January after nine employees opened a
phishing link. To read more: https://www.ktvz.com/news/oregon-dept-of-human-services-confirms-data-breach/1061408539
FEMA
The Federal Emergency Management Agency acknowledged that it shared
personal addresses and banking information for more than 2m
disaster survivors. The agency shared personally identifiable
information of disaster survivors of the California wildfires and
Hurricanes Harvey, Irma and Maria. To read more: https://www.washingtonpost.com/national/health-science/fema-data-breach-hits-25-million-disaster-survivors/2019/03/22/3e2c6232-4cec-11e9-93d0-64dbcf38ba41_story.html?utm_term=.6482eea38650
Voova
A fired employee went on a rampage through his former employer’s
AWS accounts using a stolen login and took down 23 servers. Steffan
Needham worked for Voova for a month before he was let go. He
managed to get ahold of a colleague’s AWS login and destroy
£500,000 worth of business-critical data. To read more: https://www.theregister.co.uk/2019/03/20/steffan_needham_aws_rampage_prison_sentence_voova
Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.
Libssh2
A popular open source client-side C library implementing the SSHv2
protocol released the latest version of its software to patch nine
security vulnerabilities. The library is available for all major
Linux distributions. The vulnerabilities are memory corruption
issues which could enable arbitrary code execution. To read more:
https://thehackernews.com/2019/03/libssh2-vulnerabilities.html
Windows
A security researcher at Google found a new class of
vulnerabilities in Windows. He discovered how Windows performs
permissions check when opening files and other secured objects.
Google and Microsoft are working together to fix the issue. To read
more: https://arstechnica.com/gadgets/2019/03/google-project-zero-microsoft-collaborate-for-12-months-to-find-new-kind-of-windows-bug/
Mirai variant
Researchers found a new variant of Mirai that is targeting embedded
devices to carry out DDoS attacks. The variant is targeting
WePresent WiPG-1000 Wireless Presentation systems and LG Supersign
TVs among others. To read more: https://thehackernews.com/2019/03/mirai-botnet-enterprise-security.html
SQLRat malware
A threat actor group called Fin7 was found using a new form of
malware. The hackers stole at least 15 million credit card records
from over 6,500 PoS terminals. The malware is called SQLRat and
executes SQL scripts on a compromised system. To read more:
https://www.zdnet.com/article/global-cybergang-fin7-returns-with-new-sqlrat-malware/
PuTTY
A popular SSH client program called PuTTY released an updated
version of its software that includes patches for eight
high-severity security bugs. PuTTY is a widely used open-source
client-side program that allows users to access a computer over SSH
remotely, Telnet and Rlogin network protocols. To read more:
https://thehackernews.com/2019/03/putty-software-hacking.html
Ethereum Classic Blockchain
The security team at Coinbase found that an attacker gained control
of more than half of the network’s computing power and was using it
to rewrite Ethereum Classic’s blockchain transaction history. This
attack is called a 51% attack and made it possible to spend the
same cryptocurrency more than once. Coinbase claims that no
currency was stolen from any accounts. To read more: https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/?utm_source=share&utm_medium=ios_app
Facebook
Facebook confirmed that it stored “hundreds of millions” of account
passwords in plaintext for years. None of the passwords were
visible to anyone outside of Facebook, but the logs were still
accessible to some 2,000 engineers. Read the Krebsonsecurity
report. To read more: https://techcrunch.com/2019/03/21/facebook-plaintext-passwords/
PewDiePie
PewDiePie fans released at least two PewDiePie themed ransomware
strains under the guise of supporting the YouTube channel’s quest
to remain the top channel. The two ransomware strains are
destroying user data or encrypting files without a method to
recover the data. To read more: https://www.zdnet.com/article/pewdiepie-fans-keep-making-junk-ransomware/
Medtronic defibrillators
750,000 heart devices made by Medtronic PLC contain a cybersecurity
vulnerability that could enable an attacker to alter programming on
an implanted defibrillator. The US Homeland Security Department
issued an alert describing the vulnerability found in 16 models of
the devices sold around the world. To read more: http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/
Nokia
Some Nokia phones sent data to servers in China without consent
from users. Finland will investigate the phones to see whether they
breached data rules. To read more: https://bgr.com/2019/03/21/nokia-data-breach-nokia-7-plus-sent-data-to-chinese-servers/
Sign up below and receive these reports and more, directly in your inbox.