11 September 2017

Week in review: major security incidents in September 4-10

Week in review: major security incidents in September 4-10


Over two first day of the week Internet users from all over the world observed raise of a new ransomware strain – Syn Ack (or SynAck). The first incident spreading SynAck was detected on August 3.

Researchers suppose Syn Ack uses RDP brute-force attack to gain remote access to the PC, encrypt files and add its own extension – ten random alpha characters.


LeakBase discovered a new data breach in Taringa, a Reddit-like social network website for Latin American users. Attackers obtained over 28 mln records containing usernames, passwords and emails. Total number of registered users amounts to 28,512,139 that means hackers stole 100% records from the site.

Taringa notified that the incident occurred on August 1 and recommended users to change their passwords. However, phone numbers and cryptocurrency wallets addresses weren’t stolen.

A hacking group CodeFork showed itself in a phishing campaign during the last week. According to the report of Radware Malware Research Team, hackers are using a customized version of the Gamarue malware and new infection techniques to spread the Necrus malware and deploy a modified version of xmrig.exe, a legitimate Monero miner.


Symantec informed about revelation of a new wave of Dragonfly group (also known as Energetic Bear and Crouching Yeti) activities, targeting the energy sector in Europe and North America. The cyber espionage group re-appeared in December, 2015 and has been using variety of infection vectors (malicious emails, watering hole attacks, and trojanized software) to gain network access to the systems and disclose credentials.


Hackers compromised websites of Singapore-based AXA Insurance and Meridian Secondary School (the Young Illustrator Award site, which hosted an online art competition open to primary and secondary school students).

According to the emails, sent to the customers by AXA's data protection officer Eric Lelyon, attackers stole personal data of about 5,400 customers. Organization also informed that no important data (NRIC number, address, credit card or bank details, health status, claims history or marital status) were compromised.

In media report MSS claimed that attack occurred on August 30 and didn’t affect personally identifiable data.

American credit firm Equifax confirmed massive data leak, having affected over 143 mln its consumers. According to Equifax, cyberattack continued from mid-May till July 29 when it was firstly detected. Hackers managed to access credit card numbers and personal identifying information of about 209,000 and 180,000 customers respectively. Revealed information contained also data of residents from the UK and Canada.

Security experts for Kromtech revealed a publicly available database with personal data of almost half a million tourists. 400 Gb of accessible information involved 455 038 scanned documents (images of passports, identity cards, credit cards, tickets, etc.) as well as 88 623 unique passport numbers.

The database belongs to one of the Mexican leading provider of tax refund – MoneyBack that is a part of Mexican Investment Fund. According to the researchers, issue occurred due to CouchDB misconfiguration.

By Olga Vikiriuk.

Back to the list

Latest Posts

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
Featured vulnerabilities
Denial of service in Asterisk
Medium Patched | 24 Sep, 2018
Multiple vulnerabilities in MediaWiki
Low Patched | 21 Sep, 2018
Remote code execution in Microsoft Jet Database
High Not Patched | 21 Sep, 2018
Remote code execution in Mozilla Firefox
Medium Patched | 21 Sep, 2018
Multiple vulnerabiltiies in Mozilla Firefox ESR
Medium Patched | 21 Sep, 2018