Google patches
List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in June 2018

Published on Jul 6, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Published on Jul 6, 2018
The month of June also noted new malware variants, newly detected vulnerabilities, and attack techniques. An ample number of breaches and incidents have been detected by security researchers, affecting popular organizations, major businesses and institutions. Scammers have also been busy designing new fraud techniques aimed at tricking people into downloading malware or sharing their personally identifiable information.
The newly launched malware have focused mostly on cryptocurrency mining. Several threat methods have also been developed in order to steal confidential data. New vulnerabilities, like Crestron flaw are focused towards breaching critical infrastructure and SCADA systems.
We also have good news! Patches and mitigation steps have been released to fix several vulnerabilities and thwart several attack methods. Users are advised to thoroughly patch their systems to keep themselves safe.
Malware
Threat actors behind Necurs rolling out new abilities on a monthly basis
AsiaHitGroup targets Android users with Sonvpay malware in new billing fraud campaign
A new variant of Ursnif Banking Trojan served by the Necurs botnet hits Italy
Hackers found using cryptocurrency-mining bot to target IoT devices via financial scam site
Security Alert: New Spam Campaign Delivers Flawed Ammyy RAT to Infect Victims’ Computers
Thanatos Ransomware: Cisco researchers release free ThanatosDecryptor to save encrypted files
Python-based PBot adware evolves to deliver cryptocurrency miner and ad extensions
Unit 42 Unearths Targeted Attacks in South East Asia Leveraging PLAINTEE and DDKONG Malware Families
Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site
Fmovies, uTorrent and Other Common Ways to Get Infected with Malware
New Satori variant leverages D-Link router vulnerability to ensnare new devices
$50 Kardon beta malware allows customers to build own botnets
?WannaCry ransomware scam extorts victims with frightening emails without actually infecting systems
A new variant of Ursnif Banking Trojan served by the Necurs botnet hits Italy
Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about
Blackmail Campaign Pretending to be WannaCry Is Really Just WannaSpam
New GZipDe malware spotted serving up Metasploit backdoor
Magento credit card stealer Reinfector allows reinfect sites with malicious code
Satan ransomware raises its head again!
New FormBook malware campaign steals from and spies on victims
New Kardon Loader malware spotted for sale on the dark web for $50
New SamSam variant requires attacker's input before infection
GZipDe: An Encrypted Downloader Serving Metasploit
Mylobot malware comes with rare complexity, dangerous bag of tricks and techniques
Red Alert v2.0: Misadventures in Reversing Android Bot Malware
Operation #OpIcarus2018 has been announced and it encompasses several on-going campaigns
Millions of Streaming Devices Are Vulnerable to a Retro Web Attack
Beware this Android emulator, it's hijacking your GPU to mine cryptocurrency
Olympic Destroyer malware that hit Winter Games now targeting EU biochem threat prevention groups
New FakeSpy Android malware found targeting Korean and Japanese users
Nasty URLZone banking Trojan resurfaces in fresh campaigns targeting Japan
Compromised GitHub Account Spreads Malicious Syscoin Installers
Hackers found selling Android malware HeroRAT for $100 on Telegram
Betabot malware is still alive and kicking with a new multi-stage attack campaign
This sneaky Windows malware delivers adware - and takes screenshots of your desktop
DHS, FBI Share Details of North Korea's 'Typeframe' Malware
Cybercriminal entrepreneurs using a sliding pay scale to sell HeroRat malware
Zacinlo: Sneaky but massive malware spams Windows 10 users with ads, takes screenshots of desktops
Multi-Layered Infection Attack Installs Betabot Malware
MuddyWater trojan campaign adds a few new notes
Bitcoin, Ethereum Copied Addresses Replaced by Crypto Malware to Steal Funds
China-Linked APT15 Develops New 'MirageFox' Malware
US warns of new North Korea-linked malware TypeFrame days after historic Trump-Kim summit
MysteryBot: New triple threat malware comes with banking Trojan, keylogger and ransomware features
Decryptor Released for the Everbe Ransomware
DBGer Ransomware Uses EternalBlue and Mimikats to Spread Across Networks
New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware
New LokiBot-Linked Android Trojan Emerges
Evil Teacher: Code Injection in Moodle
New 'PyRoMineIoT' Malware Spreads via NSA-Linked Exploit
Android malware is infecting Amazon Fire TVs and Fire Sticks
CryptoCurrency Miner Plays Hide-and-seek with Popular Games and Tools
New RedEye ransomware destroys victims' files, rewrites MBR if they fail to pay up
BabaYaga malware found updating and reinstalling WordPress sites, removing competing malware
Cryptocurrency-stealing malware are making a big splash on the dark web
New KillDisk malware variant caught targeting financial institutions in Latin America
Malspam Campaigns Using IQY Attachments to Bypass AV Filters and Install RATs
Powerful InvisiMole malware can spy on victims by turning infected computers into a video camera
That Russian Router Malware Is More Dangerous Than We Thought
Backdoor Uses Socket.io for Bi-directional Communication
Operation Prowli infects over 40000 servers, modems and IoT devices across industries worldwide
Vulnerabilities
LTE Mobile Telephony Standard Found Vulnerable to Hacking; Multiple Security Gaps Identified
Sophos SafeGuard anything but – thanks to 7 serious security bugs
RAMpage: Nearly every Android device released since 2012 likely impacted by new vulnerability
Unpatched WordPress core vulnerability could allow hackers to execute malicious code, delete files
How a 40-Year-Old Mobile Security Flaw Puts Consumers at Risk
Critical Cisco ASA and Firepower flaw already exploited in DoS attacks
Windows Settings Shortcuts Can Be Abused for Code Execution on Windows 10
Drupal Exploit on Linux - SentinelOne Detection and Response Case Study
Misconfiguration of Java web server component Jolokia puts orgs at risk
Microsoft Edge bug allows attackers to read emails and Facebook feed
"Wavethrough" Bug in Microsoft Edge Leaks Sensitive Information
New industrial switch flaws could allow hackers to remotely disconnect critical devices
Hackers Exploit Drupal Flaw for Monero Mining
Cracking Cortana: The Dangers of Flawed Voice Assistants
Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about
Hackers are now exploiting the Drupal vulnerability to serve up Monero-mining malware
New variant of HospitalGown vulnerability spotted in scores of Android and iOS apps
New vulnerabilities in Phoenix Contact switches endanger industrial networks
Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware
Cisco Meeting Server Web Admin Interface Denial of Service Vulnerability
Google Developer Discovers a Critical Bug in Modern Web Browsers
Nearly 400 Axis camera models found riddled with bugs that could give attackers full control
CVE-2018-4990 Acrobat Reader DC Double-Free Vulnerability
Google to Fix Location Data Leak in Google Home, Chromecast — Krebs on Security
A bug in macOS' "Quick Look" feature leaks encrypted data, researchers find
Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure
Decades-old PGP bug allowed hackers to spoof just about anyone’s signature
Apple to Close iPhone Security Hole That Law Enforcement Uses to Crack Devices
Fingerprint-verified Tapplock One smart lock can be hacked in just seconds, researchers find
Thousands of Android devices still being shipped with debug ports exposed
Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability
Microsoft Windows Code Integrity Module CVE-2018-1040 Denial of Service Vulnerability
Why 50,000 ships are so vulnerable to cyberattacks
Third-party macOS security tool bug allowed malware to pass off as Apple software for over 10 years
Microsoft Windows Device Guard CVE-2018-8215 Local Security Bypass Vulnerability
Crestron flaw can be used to gain root-level access, control commands being executed
Critical Flaws Expose ABB Door Communication Systems to Attacks
15-Year-Old Mac Security Flaw Left Millions of Apple Customers Vulnerable to Hackers
For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks
Password reset flaw at internet giant Frontier allowed account takeovers
Frontier Communications password reset bug could allow hackers to bypass 2FA, take over accounts
OnePlus 6 security flaw lets anyone bypass its locked bootloader, but a fix is on the way
Frontier Communications' password bug lets anyone into your account
Flash zero-day shows up in Qatar amid geopolitical struggles
Firmware Vulnerabilities Disclosed in Supermicro Server Products
Malicious Google Chrome extension Desbloquear Conteudo targets Brazilian online banking customers
Over 110,000 Drupal sites still vulnerable to Drupalgeddon 2 despite patches released months ago
Breaches
Typeform Announces Breach After Hacker Grabs Backup File
Significant DDoS Attack on ProtonMail Blamed on Russia-Linked Group
Nametests: Facebook quiz app publicly exposed personal data of 120 million users for years
Adidas data breach: Contact details, encrypted customers of 'few million' customers compromised
Gentoo GitHub mirror hacked and considered compromised
HMRC accused of storing voices of over 5.1 Million British taxpayers without their consent
Marketing firm Exactis may have exposed huge database with 340 million records of people, businesses
BetVictor accidentally exposed its own internal systems passwords on its website
Red Hen website suffers SEO spam compromise
Music fans' payment details stolen in cyber attack on Ticketmaster UK
Online Betting Site Left Employees' Logins and Passwords Open to Hackers
New Zealand's Z Energy suffers breach, customers' personal data, vehicle types exposed
HealthEngine may be in breach of privacy law in sharing patient data
Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider
Fast food chain PDQ suffers data breach, customers’ personal and credit card data stolen
Michigan Medicine says over 800 patients' health data exposed after employee's laptop stolen
FireEye denies 'hack back' against Chinese government cyberespionage group
A huge spreadsheet naming ICE employees gets yanked from GitHub and Medium
Oregon.gov domain gets blacklisted after another government employee falls for phishing email
Med Associates suffers data breach compromising 270,000 patient records
Thousands of Mobile Apps Leak Data from Firebase Databases
Popular flight tracker Flightradar24 hacked, users' email addresses and hashed passwords compromised
Bithumb hacked: Cybercriminals steal $32 million from South Korean cryptocurrency exchange
Researchers Find 21,000 Exposed Container Orchestration Systems
Elon Musk: Tesla employee changed internal code, exfiltrated sensitive data in 'damaging sabotage'
MD Anderson Cancer Centre ordered to pay $4.3 million HIPAA fine over use of unencrypted devices
Google to fix Chromecast and Google Home bug that revealed your location 'with astonishing accuracy'
Hackers target Syscoin by injecting malware into its GitHub account
South African insurer Liberty hacked, refused to pay ransom demand
HealthEquity hit by data breach affecting 23,000 employees and customers
AI startup Clarifai hacked by Russian operatives during Pentagon Maven project, lawsuit claims
Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years
Docker Hub removes 17 backdoored images that earned cryptomining cybercriminals over $90,000
Blackmailed: Firm locked out of its computers in £120,000 ransom attack
Ethereum 'giveaway' scams on social media dupe victims out of $4.3 million
Trik Spam Botnet Leaks 43 Million Email Addresses
Phishing theft of $93G at clean energy agency went unreported for months
Dignity Health accidentally exposes nearly 56,000 patients' data in email gaffe
Hackers Stole Over $20 Million in Ethereum from Insecurely Configured Clients
Chinese hackers reportedly stole 614GB of sensitive undersea warfare data from US Navy contractor
Hackers Raid South Korean Bitcoin Exchange Coinrail; Steal Cryptocurrency Worth $40 Million
Chile’s biggest bank hit with disk-wiping malware, over 9000 computers crash in attempted SWIFT hack
Facebook privacy-setting bug caused 14 million users’ posts to be shared publicly
Australia’s Commonwealth Bank leaks data of 10,000 customers over domain misspelling
Syndicate Wallet hacked; $10 million dollars stolen
Over 1 million computers in Vietnam infected with destructive W32.XFileUSB virus via USB drives
Transamerica hacked: Nearly 45,000 retirees' personal and sensitive details stolen
Crypto Exchange Bitfinex Suspects It's Being Attacked Again
Hacked: 92 Million Account Details for DNA Testing Service MyHeritage
Ticketfly hacked: Personal data, email addresses of more than 26 million users compromised
Sensitive internal data of over 10,000 firms likely leaked due to Google Groups misconfiguration
Hardcoded Credentials Expose Yokogawa Controllers to Attacks
Scams
New iOS 12 Feature Risks Exposing Users to Online Banking Fraud
Army investigators issue warning about ‘virtual kidnapping’ scam
Scammers abuse multilingual domain names
Fortnite: Inside the "free V-Bucks" scams spreading across social media
Stakeholders should act swiftly on card cloning scams
Secure Phishing: Netflix Phishing Goes TLS
Watch out for fakes on virtual shopping sites
Appian Asset Management fined €443,000 after client hit by cyber fraud
Adidas phishing campaign promises free shoes, offers $50 subscription instead
Sophisticated scammers now targeting homebuyers by posing as brokers
Ethereum "Giveaway" Scammers Have Tricked People Out of $4.3 Million
Operation Wire Wire: FBI busts massive global email fraud ring, 74 scammers arrested
Tech support scams are still going strong
Fraudsters Are Posing As Retailers And Trying To Friend You: How To Stop It
Chip-card cloning: Woman doesn’t share PIN, still loses Rs40,000
SIM Swap Fraud Offers Account Takeover Opportunities for Cybercriminals
Wi-Fi phishing attacks discovered around Atlanta City Hall
$1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do
Five Florida residents admit to fraud charges involving gas station skimmers
Fraudsters ran up a £16,000 bill – but they still get sent more credit cards
Tech Support Scammers Use Victims' Webcams to Secretly Record 'Testimonials' for YouTube
Cyber scam: ‘Telecallers’ use e-wallets to wire money
Scammers Targeting Booking.com Users with Phishing Messages
The FIFA World Cup kicks off this month and fraudsters are warming up
Patches
Mozilla Patches 18 Flaws in Firefox 61, Adds Tab Warming Feature
Cisco: Patch now, attackers are exploiting ASA DoS flaw to take down security
This month's Windows and Office security patches: Bugs and solutions
Sophos Patches Privilege Escalation Flaws in SafeGuard Products
NSA Exploit "DoublePulsar" Patched to Work on Windows IoT Systems
Oracle's latest Linux fixes: New Spectre, Lazy FPU patches beef up defenses
Cisco patches 34 vulnerabilities, five critical
Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors
Oracle Patches New Spectre, Meltdown Vulnerabilities
Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless
Canonical issues Spectre v2 fix for all Ubuntu systems with AMD chips
Cisco patches critical Nexus flaws: Are your switches vulnerable?
Cisco passes around antidotes to noxious NX-OS code execution bugs
Vendor Patches Seven Vulnerabilities Across 392 Camera Models
“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch
Microsoft Patches Code Execution Vulnerability in wimgapi Library
Siemens Patches Vulnerabilities in SCALANCE, Other Devices
Xen Project patches Intel’s Lazy FPU flaw
OxygenOS 5.1.7 OTA update for OnePlus 6 now available, fixes bootloader security issue
Critical Flaws Patched in Schneider Building Automation Software
Why big companies ignore SAP security patches — and how that’s about to bite them, big time
Two Bugs in Wordpress Tooltipy Plugin Patched
Microsoft patches Cortana exploit that could have allowed anyone to hack locked Windows 10 PCs
Apple patched a USB vulnerability to keep hackers (or police) out of your iPhone
SAP Releases Critical Updates for Two Security Notes
Microsoft Fixes Faulty Debian Package That Messed With Users' Settings
Microsoft Releases Mitigations for Spectre-Like 'Variant 4' Attack
VMware plugs RCE hole in remote management agent
Microsoft June 2018 Patch Tuesday Fixes 50 Security Issues
GnuPG patched to thwart 'fake filename'
Mozilla patches heap buffer overflow in Firefox browsers
Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets
F-Secure Fixes Serious Vulnerability in Antivirus Products
Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets
Adobe issues emergency patch for new, critical zero-day Flash flaw
Patched Cisco ACS flaw lets attackers perform MITM attacks, steal admin credentials
Patches Available for Dangerous Bugs in Popular Brand of IP Cameras
Update Google Chrome Immediately to Patch a High Severity Vulnerability