11 September 2017

Week in review: major security incidents in September 4-10

Week in review: major security incidents in September 4-10


Over two first day of the week Internet users from all over the world observed raise of a new ransomware strain – Syn Ack (or SynAck). The first incident spreading SynAck was detected on August 3.

Researchers suppose Syn Ack uses RDP brute-force attack to gain remote access to the PC, encrypt files and add its own extension – ten random alpha characters.


LeakBase discovered a new data breach in Taringa, a Reddit-like social network website for Latin American users. Attackers obtained over 28 mln records containing usernames, passwords and emails. Total number of registered users amounts to 28,512,139 that means hackers stole 100% records from the site.

Taringa notified that the incident occurred on August 1 and recommended users to change their passwords. However, phone numbers and cryptocurrency wallets addresses weren’t stolen.

A hacking group CodeFork showed itself in a phishing campaign during the last week. According to the report of Radware Malware Research Team, hackers are using a customized version of the Gamarue malware and new infection techniques to spread the Necrus malware and deploy a modified version of xmrig.exe, a legitimate Monero miner.


Symantec informed about revelation of a new wave of Dragonfly group (also known as Energetic Bear and Crouching Yeti) activities, targeting the energy sector in Europe and North America. The cyber espionage group re-appeared in December, 2015 and has been using variety of infection vectors (malicious emails, watering hole attacks, and trojanized software) to gain network access to the systems and disclose credentials.


Hackers compromised websites of Singapore-based AXA Insurance and Meridian Secondary School (the Young Illustrator Award site, which hosted an online art competition open to primary and secondary school students).

According to the emails, sent to the customers by AXA's data protection officer Eric Lelyon, attackers stole personal data of about 5,400 customers. Organization also informed that no important data (NRIC number, address, credit card or bank details, health status, claims history or marital status) were compromised.

In media report MSS claimed that attack occurred on August 30 and didn’t affect personally identifiable data.

American credit firm Equifax confirmed massive data leak, having affected over 143 mln its consumers. According to Equifax, cyberattack continued from mid-May till July 29 when it was firstly detected. Hackers managed to access credit card numbers and personal identifying information of about 209,000 and 180,000 customers respectively. Revealed information contained also data of residents from the UK and Canada.

Security experts for Kromtech revealed a publicly available database with personal data of almost half a million tourists. 400 Gb of accessible information involved 455 038 scanned documents (images of passports, identity cards, credit cards, tickets, etc.) as well as 88 623 unique passport numbers.

The database belongs to one of the Mexican leading provider of tax refund – MoneyBack that is a part of Mexican Investment Fund. According to the researchers, issue occurred due to CouchDB misconfiguration.

By Olga Vikiriuk.

Back to the list

Latest Posts

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

NetBSD users are advised to install patched ASAP.
12 February 2018
Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

Second zero-day this year. No remedy available.
1 February 2018
Jackpotting: Weird Attack On ATM

Jackpotting: Weird Attack On ATM

Jackpotting requires not only technical skills and great coordination but also acting skills, audacity and composure.
30 January 2018