Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Skip to main content

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in August, 2019

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in August, 2019 - Featured Image

SystemBC proxy Sep 5, 2019

August has come to an end and before we move ahead, let's have a quick look at the prominent breaches, malware attacks, vulnerabilities and scams that made a major impact in the cybersecurity world.

Talking about malware, security researchers uncovered various new malware last month. The newly discovered malware include SystemBC proxy, LookBack trojan, Lord exploit kit, GermanWiper ransomware, Gwmndy botnet, Saefko trojan and Cerberus Android trojan among others. Apart from these, new variants of DealPly adware, Lokibot trojan, Ursnif trojan, Echobot, Bashlite & Mirai botnets, and Asurex backdoor were also found infecting users' systems, important files, and network infrastructures.

The month of August also witnessed several instances of attacks due to malicious apps. The one that grabbed attention was related to CamScanner app. Experts discovered that the app which had more than 100 million downloads, included a malware which was capable of installing malicious payloads and harvesting users’ data. In another incident, a first-of-its-kind rogue spyware app called Radio Balouch or RB Music was uncovered distributing open-source cyber-espionage tool AhMyth.

In the realm of bugs, threat actors exploited authentication bypass vulnerability, remote code execution vulnerability and other critical security flaws to gain access to systems, servers and networks of organizations. Various new vulnerabilities such as ‘QualPwn flaw’, ‘URGENT/11’, SWAPGS and ‘SockPuppet vulnerability’ were also discovered affecting Qualcomm chips, VxWorks operating system, Intel CPUs and iOS devices respectively.

Several cities and organizations also suffered huge losses as a result of Business Email Compromise (BEC) attacks. This included City of Naples, City of Saskatoon, Collier County, City of Griffin and Portland Public Schools.

Coming to security fixes and patches, Adobe had released a series of updates to fix 118 flaws, while Microsoft had addressed 93 security issues found across its multiple products.

The following is a consolidated report of all major data breaches, malware, vulnerabilities and scams reported in August.

Breaches

Randolph County, N.C., Website Falls Victim to Hackers

Logins for Over 4 Million Accounts Stolen From Admin-Backdoored Club Penguin Rewritten Site

One Million Bank Phone Calls Found in Exposed Server

Voter records for 80% of Chile's population left exposed online

Breach Alert in South Korea After 1 Million Card Details Were Put Up for Sale Online

Poshmark Clothing Marketplace Says Hacker Stole Customer Details

Popular Sneaker Retail Website StockX Resets User Passwords After Noticing Suspicious Activity

Ransom Note Replaces 2.1M Customer Records on Open MongoDB

Ransomware hits school district outside Tulsa, Oklahoma

Up to Ten Thousand Customers Possibly Affected in Aegon Life Insurance Data Leak

Cofense Labs Publishes Database of Over 200 Million Compromised Accounts Targeted by Sextortion Email Campaigns

CafePress Hacked, 23 Million Accounts Compromised

Misconfigured JIRA Servers Leak Info on Users and Projects

Scammers trick City of Naples out of $700,000 in spear phishing cyber attack

NZ Institute of Directors' website defaced by hacker, passwords at risk

Democrats and Doctors Behind Latest Wave of Leaked Data

Neoclinical: Australians' Medical Histories Exposed in Big Data Breach

Binance Cryptocurrency Exchange Blackmailed Over Customer Data Hack

State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

Transport for London Oyster system pulled offline after miscreants enter customers' accounts

Instagram boots ad partner Hyp3r for mass collection of user data

Online lender backed by Nas says it was hit by security breach

Key U.S. election systems could have been exposed online for months

FDNY EMS Notifies 10,000+ Patients of Possible Data Breach

Hundreds of exposed Amazon cloud backups found online – TechCrunch

iNSYNQ Ransom Attack Began With Phishing Email

A Remote-Start App Exposed Thousands of Cars to Hackers

Stevens Tech’s computer system shut down by hackers

Four Major Dating Apps Expose Precise Locations of 10 Million Users

Hackers deface Minnesota state, county websites

700K Guest Records Stolen in Choice Hotels Breach

Credit Karma glitch exposed users to other people’s accounts

Capital One Hack Suspect May Have Breached More Than 30 Organizations

Researchers Find Publicly Accessible Database Containing Almost 28 Million Records

Hy-Vee Investigating Possible Data Breach; Customer Payment Data at Fuel Pumps Likely Exposed

Cyberattacks hit NCH Healthcare System and Grays Harbor Community Hospital

European Central Bank Shuts Down One of its Websites After Hacker Attack

Officials say at least 20 Texas government entities targeted in cyber attack

Eurofins Ransomware Attack Led to Backlog of 20,000 Cases

Popular Porn Site Breach Exposed 1.2 Million 'Anonymous' User Profiles

Arizona State University Accidentally Reveals Email Addresses of Thousands of Students

MoviePass security lapse exposed customer card numbers

Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares

Info of US Troops in South Korea Likely Stolen in Massive Hack of 1 Million Credit Cards

Massachusetts General Hospital Warns of Privacy Incident

Mastercard Reports Data Breach to German and Belgian DPAs

Regis University’s technology systems targeted by “malicious threat” likely from outside the country

Sonoma Valley Hospital Website, Email Addresses Hijacked

Rhode Island physician network alerts 3,000 patients of data breach

Hostinger Resets Customer Passwords after Security Incident Exposed Data of 14 Million Customers

Binance Confirms Hacker Obtained KYC Data of Thousands of Users from 3rd-Party Vendor

Capital & Coast DHB caught out by email phishing scam - but no privacy breach

Report: Sensitive Data from a U.S. Bioterrorism Defense Program was Easily Available for Years

Imperva discloses security incident impacting cloud firewall users

Malware Takes Down Lumber Liquidators’ Network

Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards

Starbucks Abandons Azure Site, Exposed Subdomain to Hijacking

Malicious Websites Silently Hacked into iPhones for Years

Ransomware hits hundreds of dentist offices in the US

Oregon Judicial Department hit by phishing attack

Some of Russia's surveillance tech leaked data for more than a year

TGI Fridays Restaurant Chain Suffers Data Breach; Warns Loyalty Reward Program Members of Exposed Data

Company behind Foxit PDF Reader announces security breach

Old-School Thieving Causes Latest University Data Breach

Twitter CEO account hacked, offensive tweets posted

Fraser Email Compromised in Phishing Scheme

Malware

SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits

Clop Ransomware

Decoding the Neapolitan Backdoor Injection

PowerShell Empire Framework Is No Longer Maintained

Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians

DealPly Adware Abuses Microsoft Smartscreen to Boost AV Evasion

LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing

Malware Attack Delays Alabama District's School Year Twice

GermanWiper ransomware hits Germany hard, destroys files, asks for ransom

Say hello to Lord Exploit Kit

Malware Attack Delays Alabama District's School Year Twice

Latest Trickbot Campaign Delivered via Highly Obfuscated JS File

Puzzling Gwmndy Botnet Focuses on Low-Volume Proxy Connections

LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks

Cryptolocking WordPress Plugin Locks Up Blog Posts

New ‘warshipping’ technique gives hackers access to enterprise offices

Smominru Hijacks Half a Million PCs to Mine Cryptocurrency, Steals Access Data for Dark Web Sale

New Windows malware can also brute-force WordPress websites

The Fully Remote Attack Surface of the iPhone

MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play

Crossrider Adware Still Causing Unwanted Mac Browser Redirects

Trojan targets news website with watering hole attack to backdoor your PC

New Saefko Trojan focuses on stealing your credit card details, crypto wallets

New Ursnif Variant Spreads Through Infected Word Documents

Emsisoft released a free decryptor for JSWorm 4.0

Beware of Fake Microsoft Account Unusual Sign-in Activity Emails

Attackers Using Excel 4.0 Macro Dropper to Spread ServHelper Backdoor

Unearthing the Troldesh Ransomware Dropper

Anomali discovers phishing campaign targeting Chinese government agencies

Google flags preinstalled malware as hidden threat on millions of Android phones

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices

Sophisticated Dropper Masqueraded as Fake DHL Invoice to Distribute Ursnif Malware

PsiXBot Continues to Evolve with Updated DNS Infrastructure

Trojanized Apps Containing Ad Fraud Malware Downloaded 102 Million Times

A new malware is affecting cheaters on Fortnite, Apex Legends and CSGO

DanaBot banking trojan hits Germany again, with new targets

Researchers Discover Malware That Can Record the Screen of French Internet User's Watching Porn

This spooky Monero-mining malware waits to be controlled remotely

Hiding malicious code with “Module Stomping”

Cybercom publicly posts malware linked to North Korean hackers

Remcos RAT campaign delivers new variant using AutoIt wrapper

Adware Posing as 85 Photography and Gaming Apps on Google Play Installed Over 8 Million Times

Microsoft Voicemail Notifications Used As Bait in Phishing Campaign

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

Organizations Expose Sensitive Data via Malware Analysis Sandboxes

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

Hackers Use Fake NordVPN Website to Deliver Banking Trojan

Backdoor found in Webmin, a popular web-based utility for managing Unix servers

Google Nest Security Cam Bugs Allow Device Takeover

Open Source-Based Ransomware Targets Fortnite Players

Backdoor code found in 11 Ruby libraries

Newly Registered Domains: Malicious Abuse by Bad Actors

NSA exploits used by worm-cryptominer combo to move laterally and attack systems

Phishing Attacks Scrape Branded Microsoft 365 Login Pages

npm Pulls Malicious Package that Stole Login Passwords

Google Android Warning As Devious Spyware Hits The Play Store

A botnet has been cannibalizing other hackers' web shells for more than a year

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

Majority of Malicious Job Attacks on Microsoft SQL Server Target Asia

Emotet Botnet Is Back, Servers Active Across the World

IRS Warns Taxpayers of New Scam Campaign Distributing Malware

The evasive Baldr malware may hit back in new forms, warns SophosLabs

Mobile Menace: Android Trojan raises xHelper

WordPress plugins attacked by malicious redirect campaign

Trojan Dropper Malware Found in Android App With 100M Downloads

WannaCry Remains No. 1 Ransomware Weapon

Dridex Operator Updates Tactics and Targets

'China Chopper' web shell makes a comeback in Lebanon, other Asian countries

French Police Dismantles Malware Botnet Ring that Infected 850,000 Computers

A new IOT botnet is infecting Android-based set-top boxes

Attackers Target Govt and Financial Orgs With Orcus, Revenge RATs

TrickBot, today's top trojan, adds feature to aid SIM swapping attacks

Fake Windows Game Booster Spreads Password Stealing Malware

Another Android Fraud Warning: 1.5M Users Are Being Forced To Click Malicious Ads

BRATA Android RAT Used to Infect and Spy on Brazilian Users

TimThumb Attacks: The Scale of Legacy Malware Infections

Newly discovered ‘Heatstroke’ phishing campaign targets victims to steal PayPal credentials and credit card information

A Look Inside the Highly Profitable Sodinokibi Ransomware Business

New Credential-Theft Attack Weaponizes DNS

WordPress sites under attack as hacker group tries to create rogue admin accounts

Vulnerabilities

Critical Vulnerabilities Found in Prima FlexAir Access Control System

Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks

Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger

Apple’s AirDrop and password sharing features can leak iPhone numbers

Critical Bug in Android Antivirus Exposes Address Books

QualPwn Vulnerabilities in Qualcomm Chips Allow Hackers to Compromise Android Devices

Industrial Giants Respond to 'Urgent/11' Vulnerabilities

Unpatched KDE vulnerability disclosed on Twitter

Clever Amazon Phishing Scam Creates Login Prompts in PDF Docs

New Echobot Botnet Variant Uses Over 50 Exploits to Propagate

Security bugs in popular Cisco switch brand allow hackers to take over devices

New Windows Hack Warning: Patch Intel Systems Now to Block SWAPGS Attack Exploits

SQL Injection Vulnerability Exposed Starbucks Financial Records

WhatsApp Protocol Decryption for Chat Manipulation and More

Researchers Discovered a Big Security Flaw In This Important Microsoft Product

Researchers uncover over 35 vulnerabilities in six leading enterprise printers

Vulnerability in Kubernetes Allows Access to Custom Resources

Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware

Steam Zero-Day Vulnerability Affects Over 100 Million Users

Microsoft warns against BlueKeep vulnerability, advises users to update systems

LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script

Hidden Algorithm Flaws Expose Websites to DoS Attacks

How Apple Pay Buttons Can Make Websites Less Safe

Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc

13-Year-Old Encryption Bugs Still Haunt Apps and IoT

Researchers find security flaws in 40 kernel drivers from 20 vendors

Apple's iOS Contacts app claimed to be vulnerable to SQLite hack

ZTE 4G hotspots gateways to malicious websites: Report

Warning Issued For Apple's 1.4 Billion iPad And iPhone Users

Say Cheese: Researchers Leverage WiFi Connectivity to Infect Modern DSLR Cameras with Ransomware

Zero-day flaw found in building control system

ASD releases warning of BlueKeep vulnerability

Google’s Project Zero Hackers Found 10 Ways to Break Into an iPhone

BACnet IoT building automation devices vulnerable to attack

Cerberus: A New Android 'Banking Malware For Rent' Emerges

New Critical Security Flaws Affect All Windows Versions, Millions Of Users At Risk

Siemens SCALANCE X Switches Vulnerable to DoS Attacks

Lenovo Warns of ThinkPad Bugs, One Unpatched

Notepad has a major security flaw that leaves Windows PCs vulnerable to hackers

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

Coinbase Reveals Password Glitch Affecting 3,500 Customers

iPhone Alert: Apple Accidentally Introduced A Critical Security Vulnerability In New iOS 12.4

VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk

Unpatchable Security Flaw Found in Popular SoC Boards

Flaw in New Facebook Design Allowed Removal of Profile Photos

Severe Flaws in Kubernetes Expose All Servers to DoS Attacks

Exposed Sphinx Servers Are No Challenge for Hackers

Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program

BitDefender Antivirus Free 2020 found vulnerable

Cisco Warns of Public Exploit Code for Critical Switch Flaws

Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products

Remote Code Execution Flaws Impact Aspose APIs

Unpatched Squid Servers Exposed to DoS, Code Execution Attacks

Four new RDP vulnerabilities in Windows

Lenovo High-Severity Bug Found in Pre-Installed Software

WordPress Plugins Exploited in Active Attack Redirecting Traffic

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

This Apple iMessage Hack Let Google Access iPhone Photos

VM escape flaw in QEMU allows for arbitrary code execution, denial of service

Hacker Finds Instagram Account Takeover Flaw Worth $10,000

Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems

Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU

Check Point vulnerability allowed hackers to escalate privileges and run code

Bitcoin’s Lightning Network found to have security vulnerabilities

Hiding in Plain Text: Jenkins Plugin Vulnerabilities

SingCert urges Chrome users to update Web browsers after 'critical vulnerability' found

Scams

Equifax settlement claims: The FTC says watch out for fake websites trying to scam you

France warned over fine payment website scam

Beware of Emails Asking You to "Confirm Your Unsubscribe" Request

Scammers increasingly hide behind legitimate company websites to spawn phishing mails

OPP Norfolk warn residents about porn extortion scam

Phishers trick users in new email scam disguised as Suspicious Sign-In alerts for Microsoft accounts

Beware of the mystery shopper job scam

Beware of Tax Scam Emails and Phone Calls, IRS Warns

Don’t fall for sextortion scams in UAE, warn police

Canadian city loses big money in phishing scam

$11M Email Scam at Caterpillar Sales Office Pinned to Nigerian Man

The anatomy of a sextortion spam campaign

Cyber crooks scam $184,000 from Collier County

IRAS warns of scam email, image circulating on WhatsApp

The lucrative business of Bitcoin sextortion scams

Blockbuster Indictment Against 80 Fraud Suspects Details a Complex Global Scam Operation

The new mobile phone scam delivering a problem

US charges two Canadian fraudsters over $230k Bitcoin theft

SP Group warns against e-mail impersonation scam asking for personal details

FBI warns of scammers impersonating agents

Patches

Fix LibreOffice now to thwart silent macro viruses

NVIDIA Patches High Severity Flaws in Windows GPU Display Driver

New Dragonblood vulnerabilities found in WiFi WPA3 standard

Cylance Protect AV vulnerability patched

Adobe Patches 118 Vulnerabilities Across Eight Products

Microsoft August 2019 Patch Tuesday fixes 93 security bugs

SAP Patches Highest Number of Critical Flaws Since 2014

Trend Micro Patches Privilege Escalation Bug in its Password Manager

Vulnerability Patched in Firefox Password Manager

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again

Microsoft Patches Vulnerable Android Remote Desktop App

Widely Popular VLC Player Found Infested with Dozens of Security Vulnerabilities; Patch Available

Apple Issues 3 Emergency Security Fixes To Block Hackers From Taking Over iPhones, Macs, Apple TVs

Facebook Patches Second Account-Takeover Flaw in Instagram

Apple issues supplemental security updates

Google updates Chrome to fix high-severity Blink engine flaw

Telsa Rolls Out Key Fob Update For Model S To Counter Security Flaw