List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in August, 2019
SystemBC proxy • Sep 5, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
SystemBC proxy • Sep 5, 2019
August has come to an end and before we move ahead, let's have a quick look at the prominent breaches, malware attacks, vulnerabilities and scams that made a major impact in the cybersecurity world.
Talking about malware, security researchers uncovered various new malware last month. The newly discovered malware include SystemBC proxy, LookBack trojan, Lord exploit kit, GermanWiper ransomware, Gwmndy botnet, Saefko trojan and Cerberus Android trojan among others. Apart from these, new variants of DealPly adware, Lokibot trojan, Ursnif trojan, Echobot, Bashlite & Mirai botnets, and Asurex backdoor were also found infecting users' systems, important files, and network infrastructures.
The month of August also witnessed several instances of attacks due to malicious apps. The one that grabbed attention was related to CamScanner app. Experts discovered that the app which had more than 100 million downloads, included a malware which was capable of installing malicious payloads and harvesting users’ data. In another incident, a first-of-its-kind rogue spyware app called Radio Balouch or RB Music was uncovered distributing open-source cyber-espionage tool AhMyth.
In the realm of bugs, threat actors exploited authentication bypass vulnerability, remote code execution vulnerability and other critical security flaws to gain access to systems, servers and networks of organizations. Various new vulnerabilities such as ‘QualPwn flaw’, ‘URGENT/11’, SWAPGS and ‘SockPuppet vulnerability’ were also discovered affecting Qualcomm chips, VxWorks operating system, Intel CPUs and iOS devices respectively.
Several cities and organizations also suffered huge losses as a result of Business Email Compromise (BEC) attacks. This included City of Naples, City of Saskatoon, Collier County, City of Griffin and Portland Public Schools.
Coming to security fixes and patches, Adobe had released a series of updates to fix 118 flaws, while Microsoft had addressed 93 security issues found across its multiple products.
The following is a consolidated report of all major data breaches, malware, vulnerabilities and scams reported in August.
Randolph County, N.C., Website Falls Victim to Hackers
Logins for Over 4 Million Accounts Stolen From Admin-Backdoored Club Penguin Rewritten Site
One Million Bank Phone Calls Found in Exposed Server
Voter records for 80% of Chile's population left exposed online
Breach Alert in South Korea After 1 Million Card Details Were Put Up for Sale Online
Poshmark Clothing Marketplace Says Hacker Stole Customer Details
Popular Sneaker Retail Website StockX Resets User Passwords After Noticing Suspicious Activity
Ransom Note Replaces 2.1M Customer Records on Open MongoDB
Ransomware hits school district outside Tulsa, Oklahoma
Up to Ten Thousand Customers Possibly Affected in Aegon Life Insurance Data Leak
CafePress Hacked, 23 Million Accounts Compromised
Misconfigured JIRA Servers Leak Info on Users and Projects
Scammers trick City of Naples out of $700,000 in spear phishing cyber attack
NZ Institute of Directors' website defaced by hacker, passwords at risk
Democrats and Doctors Behind Latest Wave of Leaked Data
Neoclinical: Australians' Medical Histories Exposed in Big Data Breach
Binance Cryptocurrency Exchange Blackmailed Over Customer Data Hack
State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack
A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts
Transport for London Oyster system pulled offline after miscreants enter customers' accounts
Instagram boots ad partner Hyp3r for mass collection of user data
Online lender backed by Nas says it was hit by security breach
Key U.S. election systems could have been exposed online for months
FDNY EMS Notifies 10,000+ Patients of Possible Data Breach
Hundreds of exposed Amazon cloud backups found online – TechCrunch
iNSYNQ Ransom Attack Began With Phishing Email
A Remote-Start App Exposed Thousands of Cars to Hackers
Stevens Tech’s computer system shut down by hackers
Four Major Dating Apps Expose Precise Locations of 10 Million Users
Hackers deface Minnesota state, county websites
700K Guest Records Stolen in Choice Hotels Breach
Credit Karma glitch exposed users to other people’s accounts
Capital One Hack Suspect May Have Breached More Than 30 Organizations
Researchers Find Publicly Accessible Database Containing Almost 28 Million Records
Hy-Vee Investigating Possible Data Breach; Customer Payment Data at Fuel Pumps Likely Exposed
Cyberattacks hit NCH Healthcare System and Grays Harbor Community Hospital
European Central Bank Shuts Down One of its Websites After Hacker Attack
Officials say at least 20 Texas government entities targeted in cyber attack
Eurofins Ransomware Attack Led to Backlog of 20,000 Cases
Popular Porn Site Breach Exposed 1.2 Million 'Anonymous' User Profiles
Arizona State University Accidentally Reveals Email Addresses of Thousands of Students
MoviePass security lapse exposed customer card numbers
Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares
Info of US Troops in South Korea Likely Stolen in Massive Hack of 1 Million Credit Cards
Massachusetts General Hospital Warns of Privacy Incident
Mastercard Reports Data Breach to German and Belgian DPAs
Regis University’s technology systems targeted by “malicious threat” likely from outside the country
Sonoma Valley Hospital Website, Email Addresses Hijacked
Rhode Island physician network alerts 3,000 patients of data breach
Hostinger Resets Customer Passwords after Security Incident Exposed Data of 14 Million Customers
Binance Confirms Hacker Obtained KYC Data of Thousands of Users from 3rd-Party Vendor
Capital & Coast DHB caught out by email phishing scam - but no privacy breach
Report: Sensitive Data from a U.S. Bioterrorism Defense Program was Easily Available for Years
Imperva discloses security incident impacting cloud firewall users
Malware Takes Down Lumber Liquidators’ Network
Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards
Starbucks Abandons Azure Site, Exposed Subdomain to Hijacking
Malicious Websites Silently Hacked into iPhones for Years
Ransomware hits hundreds of dentist offices in the US
Oregon Judicial Department hit by phishing attack
Some of Russia's surveillance tech leaked data for more than a year
Company behind Foxit PDF Reader announces security breach
Old-School Thieving Causes Latest University Data Breach
Twitter CEO account hacked, offensive tweets posted
Fraser Email Compromised in Phishing Scheme
SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits
Decoding the Neapolitan Backdoor Injection
PowerShell Empire Framework Is No Longer Maintained
Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians
DealPly Adware Abuses Microsoft Smartscreen to Boost AV Evasion
Malware Attack Delays Alabama District's School Year Twice
GermanWiper ransomware hits Germany hard, destroys files, asks for ransom
Malware Attack Delays Alabama District's School Year Twice
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
Puzzling Gwmndy Botnet Focuses on Low-Volume Proxy Connections
LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
Cryptolocking WordPress Plugin Locks Up Blog Posts
New ‘warshipping’ technique gives hackers access to enterprise offices
Smominru Hijacks Half a Million PCs to Mine Cryptocurrency, Steals Access Data for Dark Web Sale
New Windows malware can also brute-force WordPress websites
The Fully Remote Attack Surface of the iPhone
MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play
Crossrider Adware Still Causing Unwanted Mac Browser Redirects
Trojan targets news website with watering hole attack to backdoor your PC
New Saefko Trojan focuses on stealing your credit card details, crypto wallets
New Ursnif Variant Spreads Through Infected Word Documents
Emsisoft released a free decryptor for JSWorm 4.0
Beware of Fake Microsoft Account Unusual Sign-in Activity Emails
Attackers Using Excel 4.0 Macro Dropper to Spread ServHelper Backdoor
Unearthing the Troldesh Ransomware Dropper
Anomali discovers phishing campaign targeting Chinese government agencies
Google flags preinstalled malware as hidden threat on millions of Android phones
Sophisticated Dropper Masqueraded as Fake DHL Invoice to Distribute Ursnif Malware
PsiXBot Continues to Evolve with Updated DNS Infrastructure
Trojanized Apps Containing Ad Fraud Malware Downloaded 102 Million Times
A new malware is affecting cheaters on Fortnite, Apex Legends and CSGO
DanaBot banking trojan hits Germany again, with new targets
Researchers Discover Malware That Can Record the Screen of French Internet User's Watching Porn
This spooky Monero-mining malware waits to be controlled remotely
Hiding malicious code with “Module Stomping”
Cybercom publicly posts malware linked to North Korean hackers
Remcos RAT campaign delivers new variant using AutoIt wrapper
Adware Posing as 85 Photography and Gaming Apps on Google Play Installed Over 8 Million Times
Microsoft Voicemail Notifications Used As Bait in Phishing Campaign
Energy Sector Phish Swims Past Microsoft Email Security via Google Drive
Organizations Expose Sensitive Data via Malware Analysis Sandboxes
Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response
Hackers Use Fake NordVPN Website to Deliver Banking Trojan
Backdoor found in Webmin, a popular web-based utility for managing Unix servers
Google Nest Security Cam Bugs Allow Device Takeover
Open Source-Based Ransomware Targets Fortnite Players
Backdoor code found in 11 Ruby libraries
Newly Registered Domains: Malicious Abuse by Bad Actors
NSA exploits used by worm-cryptominer combo to move laterally and attack systems
Phishing Attacks Scrape Branded Microsoft 365 Login Pages
npm Pulls Malicious Package that Stole Login Passwords
Google Android Warning As Devious Spyware Hits The Play Store
A botnet has been cannibalizing other hackers' web shells for more than a year
Majority of Malicious Job Attacks on Microsoft SQL Server Target Asia
Emotet Botnet Is Back, Servers Active Across the World
IRS Warns Taxpayers of New Scam Campaign Distributing Malware
The evasive Baldr malware may hit back in new forms, warns SophosLabs
Mobile Menace: Android Trojan raises xHelper
WordPress plugins attacked by malicious redirect campaign
Trojan Dropper Malware Found in Android App With 100M Downloads
WannaCry Remains No. 1 Ransomware Weapon
Dridex Operator Updates Tactics and Targets
'China Chopper' web shell makes a comeback in Lebanon, other Asian countries
French Police Dismantles Malware Botnet Ring that Infected 850,000 Computers
A new IOT botnet is infecting Android-based set-top boxes
Attackers Target Govt and Financial Orgs With Orcus, Revenge RATs
TrickBot, today's top trojan, adds feature to aid SIM swapping attacks
Fake Windows Game Booster Spreads Password Stealing Malware
Another Android Fraud Warning: 1.5M Users Are Being Forced To Click Malicious Ads
BRATA Android RAT Used to Infect and Spy on Brazilian Users
TimThumb Attacks: The Scale of Legacy Malware Infections
A Look Inside the Highly Profitable Sodinokibi Ransomware Business
New Credential-Theft Attack Weaponizes DNS
WordPress sites under attack as hacker group tries to create rogue admin accounts
Critical Vulnerabilities Found in Prima FlexAir Access Control System
Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks
Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger
Apple’s AirDrop and password sharing features can leak iPhone numbers
Critical Bug in Android Antivirus Exposes Address Books
QualPwn Vulnerabilities in Qualcomm Chips Allow Hackers to Compromise Android Devices
Industrial Giants Respond to 'Urgent/11' Vulnerabilities
Unpatched KDE vulnerability disclosed on Twitter
Clever Amazon Phishing Scam Creates Login Prompts in PDF Docs
New Echobot Botnet Variant Uses Over 50 Exploits to Propagate
Security bugs in popular Cisco switch brand allow hackers to take over devices
New Windows Hack Warning: Patch Intel Systems Now to Block SWAPGS Attack Exploits
SQL Injection Vulnerability Exposed Starbucks Financial Records
WhatsApp Protocol Decryption for Chat Manipulation and More
Researchers Discovered a Big Security Flaw In This Important Microsoft Product
Researchers uncover over 35 vulnerabilities in six leading enterprise printers
Vulnerability in Kubernetes Allows Access to Custom Resources
Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
Steam Zero-Day Vulnerability Affects Over 100 Million Users
Microsoft warns against BlueKeep vulnerability, advises users to update systems
LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script
Hidden Algorithm Flaws Expose Websites to DoS Attacks
How Apple Pay Buttons Can Make Websites Less Safe
Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc
13-Year-Old Encryption Bugs Still Haunt Apps and IoT
Researchers find security flaws in 40 kernel drivers from 20 vendors
Apple's iOS Contacts app claimed to be vulnerable to SQLite hack
ZTE 4G hotspots gateways to malicious websites: Report
Warning Issued For Apple's 1.4 Billion iPad And iPhone Users
Say Cheese: Researchers Leverage WiFi Connectivity to Infect Modern DSLR Cameras with Ransomware
Zero-day flaw found in building control system
ASD releases warning of BlueKeep vulnerability
Google’s Project Zero Hackers Found 10 Ways to Break Into an iPhone
BACnet IoT building automation devices vulnerable to attack
Cerberus: A New Android 'Banking Malware For Rent' Emerges
New Critical Security Flaws Affect All Windows Versions, Millions Of Users At Risk
Siemens SCALANCE X Switches Vulnerable to DoS Attacks
Lenovo Warns of ThinkPad Bugs, One Unpatched
Notepad has a major security flaw that leaves Windows PCs vulnerable to hackers
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
Coinbase Reveals Password Glitch Affecting 3,500 Customers
iPhone Alert: Apple Accidentally Introduced A Critical Security Vulnerability In New iOS 12.4
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
Unpatchable Security Flaw Found in Popular SoC Boards
Flaw in New Facebook Design Allowed Removal of Profile Photos
Severe Flaws in Kubernetes Expose All Servers to DoS Attacks
Exposed Sphinx Servers Are No Challenge for Hackers
Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program
BitDefender Antivirus Free 2020 found vulnerable
Cisco Warns of Public Exploit Code for Critical Switch Flaws
Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products
Remote Code Execution Flaws Impact Aspose APIs
Unpatched Squid Servers Exposed to DoS, Code Execution Attacks
Four new RDP vulnerabilities in Windows
Lenovo High-Severity Bug Found in Pre-Installed Software
WordPress Plugins Exploited in Active Attack Redirecting Traffic
Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510
This Apple iMessage Hack Let Google Access iPhone Photos
VM escape flaw in QEMU allows for arbitrary code execution, denial of service
Hacker Finds Instagram Account Takeover Flaw Worth $10,000
Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems
Check Point vulnerability allowed hackers to escalate privileges and run code
Bitcoin’s Lightning Network found to have security vulnerabilities
Hiding in Plain Text: Jenkins Plugin Vulnerabilities
SingCert urges Chrome users to update Web browsers after 'critical vulnerability' found
Equifax settlement claims: The FTC says watch out for fake websites trying to scam you
France warned over fine payment website scam
Beware of Emails Asking You to "Confirm Your Unsubscribe" Request
Scammers increasingly hide behind legitimate company websites to spawn phishing mails
OPP Norfolk warn residents about porn extortion scam
Phishers trick users in new email scam disguised as Suspicious Sign-In alerts for Microsoft accounts
Beware of the mystery shopper job scam
Beware of Tax Scam Emails and Phone Calls, IRS Warns
Don’t fall for sextortion scams in UAE, warn police
Canadian city loses big money in phishing scam
$11M Email Scam at Caterpillar Sales Office Pinned to Nigerian Man
The anatomy of a sextortion spam campaign
Cyber crooks scam $184,000 from Collier County
IRAS warns of scam email, image circulating on WhatsApp
The lucrative business of Bitcoin sextortion scams
Blockbuster Indictment Against 80 Fraud Suspects Details a Complex Global Scam Operation
The new mobile phone scam delivering a problem
US charges two Canadian fraudsters over $230k Bitcoin theft
SP Group warns against e-mail impersonation scam asking for personal details
FBI warns of scammers impersonating agents
Fix LibreOffice now to thwart silent macro viruses
NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
New Dragonblood vulnerabilities found in WiFi WPA3 standard
Cylance Protect AV vulnerability patched
Adobe Patches 118 Vulnerabilities Across Eight Products
Microsoft August 2019 Patch Tuesday fixes 93 security bugs
SAP Patches Highest Number of Critical Flaws Since 2014
Trend Micro Patches Privilege Escalation Bug in its Password Manager
Vulnerability Patched in Firefox Password Manager
Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again
Microsoft Patches Vulnerable Android Remote Desktop App
Widely Popular VLC Player Found Infested with Dozens of Security Vulnerabilities; Patch Available
Apple Issues 3 Emergency Security Fixes To Block Hackers From Taking Over iPhones, Macs, Apple TVs
Facebook Patches Second Account-Takeover Flaw in Instagram
Apple issues supplemental security updates
Google updates Chrome to fix high-severity Blink engine flaw
Telsa Rolls Out Key Fob Update For Model S To Counter Security Flaw