22 November 2017

Week in review: major cybersecurity incidents in November 13-19

Week in review: major cybersecurity incidents in November 13-19

The past week was not marked by loud cybersecurity incidents. We have observed only 6 major incidents, involving security and data breaches in Forever 21 manufacture, US Department of Defence, DXC Technologies and Australian Broadcasting Corporation (ABC).

Below is the list of the most noticeable incidents along with brief description and commentary.


-         One of the largest manufacturers and retailers of fashionable clothing Forever 21 reported a security breach. Due to improper protection on some of PoS-terminals in Forever 21' stores, unknown actors managed to obtain unauthorized access to payment card data.

The company didn't specify, which stores were affected. However, it stated that customers who made purchases from March to October 2017 could be affected.

-         American IT company DXC Technologies suffered a great damage after its private AWS key was mistakenly left in open access.

On September 27, a technical group member created an open repository on GitHub and uploaded the key. This AWS key has been used for 4 days to create 244 AWS virtual machines and cause DXC Technologies damage to the extent of $ 64K.


-         Experts for Bitdefender detected a new banking Trojan dubbed Terdot. The malware is able to track and modify users' publications on Facebook and Twitter, as well as intercept e-mails. The Trojan’s code is based on Zeus malware.

Troyan has been active since the middle of 2016 and mainly attacks users in the US, Canada, Britain, Germany and Australia.

Terdot is spread via phishing emails containing a link to a PDF document. When the system is affected, the Trojan embeds in the browser processes to intercept traffic. It can also download additional spyware to extract data and send it to C&C servers.

-         According to Ukrainian law enforcement agencies unknown hackers published a list of ATO (military operation conducted in the east of Ukraine) participants allegedly stolen from the server of the Ministry of Internal Affairs of Ukraine.

Employees of the Department of Cyber Police of the National Police of Ukraine managed to detect a computer used for access local network and steal personal data.

-         The Australian Broadcasting Corporation (ABC) accidentally allowed the leakage of confidential user data stored on at least two unprotected Amazon Web Services S3 servers.

The incident was revealed by analysts at Kromtech Security Center during a study of incorrectly configured cloud storage. The discovered archive contained thousands of e-mails, logins and hashes of user passwords, requests for licensed content from producers, private keys and credentials for access to other repositories, video content, as well as 1.8 thousand daily backup copies of MySQL database (since 2015 till nowadays).


-         Security expert Chris Vickery discovered three improperly configured Amazon S3 servers containing about 1.8 billion publications made by users around the world.

Discovered databases under the names "centcom-backup", "centcom-archive" and "pacom-archive" belong to the US Central Command (CENTCOM) and the Pacific Command of the US Armed Forces (PACOM).

By Olga Vikiriuk
Analyst at Cybersecurity Help

Back to the list

Latest Posts

Patch Tuesday in December 2018: 1 zero-day and more than 100 bugs fixed by Microsoft and Adobe

Patch Tuesday in December 2018: 1 zero-day and more than 100 bugs fixed by Microsoft and Adobe

Vulnerability statistics for Patch Tuesday in December 2018.
12 December 2018
Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
Featured vulnerabilities
Denial of service in GraphicsMagick
Low Patched | 18 Dec, 2018
Cross-site scripting in Lxml
Low Patched | 18 Dec, 2018
Multiple vulnerabilities in Jenkins
High Patched | 18 Dec, 2018
SQL injection in Katello
Low Patched | 17 Dec, 2018