Sri Lanka
The Sri Lanka Computer Emergency Readiness Team said that at least
ten of its country’s websites were hacked. To read more: https://menafn.com/1098541574/Sri-Lanka-comes-under-a-cyber-attack
LeakedSource
Defiant Tech pleaded guilty to trafficking identity information in
Canada last week. Defiant Tech is the company behind the
LeakedSource website, which launched in 2015 and provided access to
illegally obtained information to anyone willing to pay a fee. To
read more: https://www.zdnet.com/article/company-behind-leakedsource-pleads-guilty-in-canada/
OGusers.com
An online forum called OGusers.com, which is used by people who
steal online accounts, was itself hacked. Nearly 113,000 users’
email addresses, hashed passwords and IP addresses were breached. A
rival hacking community uploaded the OGusers database for anyone to
download. To read more: https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/
Instagram influencers
A database hosted by AWS that belonged to a Mumbai-based
social-media marketing company called Chtrbox was left open online
without a password. The database contained 49m records belonging to
Instagram influencers, celebrities, and brand accounts. To read
more: https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/
Winnti Linux
Security researchers discovered a Linux variant of Winnti malware
after Bayer, a German pharmaceutical company, was hit by a
cyberattack, and Winnti was found on its systems. There are code
similarities between the new Linux version and the Windows version.
To read more: https://www.zdnet.com/article/security-researchers-discover-linux-version-of-winnti-malware/
Google
Google announced that a number of enterprise customers had their
passwords stored on its system in plain text. The company
discovered that the way it had implemented password setting and
recovery for enterprises was faulty, and had been since 2005. No
consumer Gmail accounts were affected by the security lapse. To
read more: https://techcrunch.com/2019/05/21/google-g-suite-passwords-plaintext/
Game Golf
A security researcher found an Elastic database that was open on
the internet. The database belonged to Game Golf, an app with
coaching tools and GPS data for specific golf shots. The database
exposed 134m rounds of golf, 4.9m user notifications and 19.2m
records in the activity feed. To read more: https://threatpost.com/golfers-privacy-hazard-game-golf/144918/
Windows 10
An anonymous hacker released PoC exploit code for a zero-day
vulnerability exploiting Windows 10. The code was published on
GitHub and is a privilege-escalation bug. To read more: https://thehackernews.com/2019/05/windows-zero-day-vulnerability.html
The same hacker posted two more vulnerabilities that impact Microsoft’s Windows Error Reporting service and Internet Explorer 11. To read more: https://thehackernews.com/2019/05/microsoft-zero-day-vulnerability.html
APT28 malware
A malware sample that U.S. Cyber Command uploaded to VirusTotal
last week is still involved in active attacks. The malware was
linked with APT28, the group that breached the Democratic National
Committee. To read more: https://www.cyberscoop.com/cyber-command-virustotal-apt28-kaspersky-zonealarm/
Abusing code-signing
Hackers are abusing
code-signing to distribute malware by purchasing legitimate
certificates. Researchers recently used malware-scanner VirusTotal
to see how many Windows Executable files were actually malware, and
found that 3,815 malware samples met the criteria and were
legitimately signed. To read more: https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
Check out Have I Been Pwnedto see if any of your accounts have been exposed by the above breaches.
Khan Academy
Khan Academy, a non-profit learning company, fixed two
cross-site-request forgery flaws that could enable attackers to
take over accounts. The flaws came from a lack of CSFR tokens,
which double-check account log-in requests. To read more: https://threatpost.com/critical-flaws-in-khan-academy-opened-door-to-account-takeovers/144973/
Deutsche Bank
A German bank, Deutsche Bank, announced that the software it used
to screen customer transactions for suspicious activity had a bug.
The bank maintains that no suspicious transactions were executed
due to the flaw. To read more: https://www.nytimes.com/2019/05/22/business/deutsche-bank-money-laundering.html
WannaCry-infected laptop
A Windows laptop infected with various malwares, from WannaCry to
BlackEnergy, is up for auction as a work of art. Called “The
Persistence of Chaos,” it runs six pieces of malware that were
responsible for $95 billion in financial losses. It is for sale at
about $1m. To read more: https://threatpost.com/wannacry-infested-laptop-art-auction/144992/
First American Financial Corp
First American Financial Corp’s website leaked hundreds of millions
of mortgage documents dating back to 2003. The records included
wire-transaction receipts, bank-account numbers and statements,
driver-license images, and more. The California-based company is a
leading provider of title insurance and settlement services to the
real-estate and mortgage industries. To read more: https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/
TicketTrick
A security researcher discovered a flaw that hackers can use to
access companies’ internal communications. The bug has not been
fixed, but the researcher has contacted companies and affected
vendors as part of their bug-bounty programs. To read more:
https://medium.com/intigriti/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
Stolen NSA tools
The NSA’s stolen exploit, called EternalBlue, was used in
cyberattacks throughout the United States. Hackers are targeting
vulnerable American towns and cities with ageing digital
infrastructure, including Baltimore, San Antonio and Allentown. The
attack on Allentown cost $1m to remedy plus another $500,000 for
new cyber-defenses. The agency still has not acknowledged the loss
of the cyberweapon that is wreaking havoc. To read more: https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html
Elastic
Elastic announced that it was making core security features of the
Elastic Stack free and accessible to everyone. Elastic Stack is a
collection of open-source projects that companies use to format and
visualize large amounts of data in real time. Recently, due to
misconfiguration, thousands of Elasticsearch and Kibana servers
left millions of users’ data exposed online. To read more: https://thehackernews.com/2019/05/elastic-stack-security.html
U.S. companies and Huawei
U.S. President Donald Trump signed an executive order declaring a
national emergency to ban foreign companies from doing business
with Huawei, a Chinese telecommunications company, over
surveillance fears. Google appears to have suspended all activities
with Huawei and revoked its Android license. Besides Google, Intel,
Qualcomm and Broadcom are also cutting ties with Huawei. To read
more: https://thehackernews.com/2019/05/google-intel-huawei.html
Sign up below and receive these reports and more, directly in your inbox.