11 September 2017

Week in review: major security incidents in September 4-10

Week in review: major security incidents in September 4-10

Monday

Over two first day of the week Internet users from all over the world observed raise of a new ransomware strain – Syn Ack (or SynAck). The first incident spreading SynAck was detected on August 3.

Researchers suppose Syn Ack uses RDP brute-force attack to gain remote access to the PC, encrypt files and add its own extension – ten random alpha characters.

Tuesday

LeakBase discovered a new data breach in Taringa, a Reddit-like social network website for Latin American users. Attackers obtained over 28 mln records containing usernames, passwords and emails. Total number of registered users amounts to 28,512,139 that means hackers stole 100% records from the site.

Taringa notified that the incident occurred on August 1 and recommended users to change their passwords. However, phone numbers and cryptocurrency wallets addresses weren’t stolen.

A hacking group CodeFork showed itself in a phishing campaign during the last week. According to the report of Radware Malware Research Team, hackers are using a customized version of the Gamarue malware and new infection techniques to spread the Necrus malware and deploy a modified version of xmrig.exe, a legitimate Monero miner.

Wednesday

Symantec informed about revelation of a new wave of Dragonfly group (also known as Energetic Bear and Crouching Yeti) activities, targeting the energy sector in Europe and North America. The cyber espionage group re-appeared in December, 2015 and has been using variety of infection vectors (malicious emails, watering hole attacks, and trojanized software) to gain network access to the systems and disclose credentials.

Thursday

Hackers compromised websites of Singapore-based AXA Insurance and Meridian Secondary School (the Young Illustrator Award site, which hosted an online art competition open to primary and secondary school students).

According to the emails, sent to the customers by AXA's data protection officer Eric Lelyon, attackers stole personal data of about 5,400 customers. Organization also informed that no important data (NRIC number, address, credit card or bank details, health status, claims history or marital status) were compromised.

In media report MSS claimed that attack occurred on August 30 and didn’t affect personally identifiable data.

American credit firm Equifax confirmed massive data leak, having affected over 143 mln its consumers. According to Equifax, cyberattack continued from mid-May till July 29 when it was firstly detected. Hackers managed to access credit card numbers and personal identifying information of about 209,000 and 180,000 customers respectively. Revealed information contained also data of residents from the UK and Canada.

Security experts for Kromtech revealed a publicly available database with personal data of almost half a million tourists. 400 Gb of accessible information involved 455 038 scanned documents (images of passports, identity cards, credit cards, tickets, etc.) as well as 88 623 unique passport numbers.

The database belongs to one of the Mexican leading provider of tax refund – MoneyBack that is a part of Mexican Investment Fund. According to the researchers, issue occurred due to CouchDB misconfiguration.

By Olga Vikiriuk.

Back to the list

Latest Posts

Week in review: major security incidents in September 11-17

Week in review: major security incidents in September 11-17

The article contains a brief report of cybersecurity incidents for the past week.
18 September 2017
Patch Tuesday review: zero-day vulnerability in .NET Framework and 82 other bugs

Patch Tuesday review: zero-day vulnerability in .NET Framework and 82 other bugs

Microsoft patched 83 vulnerabilities in total.
12 September 2017
Exploring dark web: Marketplaces for wannabe hackers

Exploring dark web: Marketplaces for wannabe hackers

The top markets for criminals: some research into Deep Web.
12 September 2017
Featured vulnerabilities
Remote code execution in Foxit Reader
High Not Patched | 23 Sep, 2017
Remote code execution in Google Chrome
High Patched | 23 Sep, 2017
Command execution in Digium Asterisk GUI
High Not Patched | 22 Sep, 2017
Authentication bypass in Ctek SkyRouters
Low Patched | 22 Sep, 2017

Future events
Location: Hotel Grandior, konferenční centrum,Na Poříčí 42, Praha 1
End date: 2017-10-06

6. října 2016 na Vás čeká bohatý program, v rámci kterého představí své vize a novinky pro rok 2017 přední odborníci české IT scény. Nenechte si ujít důležité informace z oblasti licencování, technologických trendů, cloudových a poradenských služeb či produktových novinek předních světových výrobců softwaru!

Akce se koná v konferenčním centru hotelu Grandior, Na Poříčí 42, Praha 1.

Předběžný program:

Dopolední blok IT Inspiration

  • IT pro firmy nové generace
  • Digitální transformace a internet věcí z pohledu Microsoftu
  • Novinky a trendy v IBM Cloud Computingu

Odpolední blok Advisory & Security

  • Nový licenční program Enterprise Advantage
  • Force audit výrobce: Rizika, prevence a průběh
  • Hybridní licencování
  • Prezentace společnosti Comguard
  • Platforma Pyracloud by SoftwareONE

Blok Cloud

  • Firma As A Service
  • Virtualizace a cloudová řešení VMware
  • Jak na to: Transformace do cloudu
  • Prezentace společnosti Veeam
  • Ochrana informací a správa identit
  • BYOD

Registrovat se můžete na stránkách konference.

CIO Business World je partnerem akce.



Location: Na Strži 65/1702, Praha 4
Links: http://financnictvi.konference.cz/

Technologické inovace ve finančním sektoru (FINTECH). Kybernetická bezpečnost, risk management, decision engine, datová analýza, reporting, platformy bezpečnostních technologií, mobilní aplikace v globálním světě financí, projektové řízení, případové studie.
Location: Bajkalská 25/A, Bratislava
Links: http://bdd.exponet.sk/

Explózia dát je nepochybne sprievodným javom súčasnosti. Preto aj problematika bezpečnosti a dostupnosti dát zaznamenáva prevratný rozvoj a jej obsah a rozsah sa mení tiež v súvislosti s vývojom nových technológií. Ochrana dát sa netýka len jednotlivých zariadení, ale aj sietí, online úložísk a služieb. Množstvo dát, portfólio zariadení a úložisk sa tiež významne rozširuje s nástupom internetu vecí. Konferencia sa zameriava na aktuálne trendy a možnosti lepšej ochrany a efektívnej práce s dátami.
Location: Na Strži 65/1702, Praha 4
Links: http://did.konference.cz/

Konference přinese aktuální témata, vystoupení předních odborníků z praxe i z akademického prostředí, případové studie. V popředí zájmu budou big data, data analytics, propojování interních a externích dat, business intelligence, geodata, open data,  big data ve finančnictví, vzdělávání i astronomii.