11 September 2017

Week in review: major security incidents in September 4-10

Week in review: major security incidents in September 4-10

Monday

Over two first day of the week Internet users from all over the world observed raise of a new ransomware strain – Syn Ack (or SynAck). The first incident spreading SynAck was detected on August 3.

Researchers suppose Syn Ack uses RDP brute-force attack to gain remote access to the PC, encrypt files and add its own extension – ten random alpha characters.

Tuesday

LeakBase discovered a new data breach in Taringa, a Reddit-like social network website for Latin American users. Attackers obtained over 28 mln records containing usernames, passwords and emails. Total number of registered users amounts to 28,512,139 that means hackers stole 100% records from the site.

Taringa notified that the incident occurred on August 1 and recommended users to change their passwords. However, phone numbers and cryptocurrency wallets addresses weren’t stolen.

A hacking group CodeFork showed itself in a phishing campaign during the last week. According to the report of Radware Malware Research Team, hackers are using a customized version of the Gamarue malware and new infection techniques to spread the Necrus malware and deploy a modified version of xmrig.exe, a legitimate Monero miner.

Wednesday

Symantec informed about revelation of a new wave of Dragonfly group (also known as Energetic Bear and Crouching Yeti) activities, targeting the energy sector in Europe and North America. The cyber espionage group re-appeared in December, 2015 and has been using variety of infection vectors (malicious emails, watering hole attacks, and trojanized software) to gain network access to the systems and disclose credentials.

Thursday

Hackers compromised websites of Singapore-based AXA Insurance and Meridian Secondary School (the Young Illustrator Award site, which hosted an online art competition open to primary and secondary school students).

According to the emails, sent to the customers by AXA's data protection officer Eric Lelyon, attackers stole personal data of about 5,400 customers. Organization also informed that no important data (NRIC number, address, credit card or bank details, health status, claims history or marital status) were compromised.

In media report MSS claimed that attack occurred on August 30 and didn’t affect personally identifiable data.

American credit firm Equifax confirmed massive data leak, having affected over 143 mln its consumers. According to Equifax, cyberattack continued from mid-May till July 29 when it was firstly detected. Hackers managed to access credit card numbers and personal identifying information of about 209,000 and 180,000 customers respectively. Revealed information contained also data of residents from the UK and Canada.

Security experts for Kromtech revealed a publicly available database with personal data of almost half a million tourists. 400 Gb of accessible information involved 455 038 scanned documents (images of passports, identity cards, credit cards, tickets, etc.) as well as 88 623 unique passport numbers.

The database belongs to one of the Mexican leading provider of tax refund – MoneyBack that is a part of Mexican Investment Fund. According to the researchers, issue occurred due to CouchDB misconfiguration.

By Olga Vikiriuk.

Back to the list

Latest Posts

ATM Skimmers: What You Should Know

ATM Skimmers: What You Should Know

We hear about data breaches every day, criminals sell credit cards details (numbers, expiration date, and cardholders’ names) on black markets, and more people become victims of identity theft.
16 November 2017
Review of November’s Patch Tuesday for Microsoft, Adobe, and Mozilla

Review of November’s Patch Tuesday for Microsoft, Adobe, and Mozilla

The TOP software vendors fixed yesterday 153 vulnerabilities.
15 November 2017
Week in review: major cybersecurity incidents in November 6-12

Week in review: major cybersecurity incidents in November 6-12

The article contains a brief report of cybersecurity incidents for the past week.
14 November 2017