Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Google patches

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in June 2018

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in October, 2019 - Featured Image

Published on Jul 6, 2018

The month of June also noted new malware variants, newly detected vulnerabilities, and attack techniques. An ample number of breaches and incidents have been detected by security researchers, affecting popular organizations, major businesses and institutions. Scammers have also been busy designing new fraud techniques aimed at tricking people into downloading malware or sharing their personally identifiable information.

The newly launched malware have focused mostly on cryptocurrency mining. Several threat methods have also been developed in order to steal confidential data. New vulnerabilities, like Crestron flaw are focused towards breaching critical infrastructure and SCADA systems.

We also have good news! Patches and mitigation steps have been released to fix several vulnerabilities and thwart several attack methods. Users are advised to thoroughly patch their systems to keep themselves safe.

Malware

Threat actors behind Necurs rolling out new abilities on a monthly basis

AsiaHitGroup targets Android users with Sonvpay malware in new billing fraud campaign

A new variant of Ursnif Banking Trojan served by the Necurs botnet hits Italy

Hackers found using cryptocurrency-mining bot to target IoT devices via financial scam site

Security Alert: New Spam Campaign Delivers Flawed Ammyy RAT to Infect Victims’ Computers

Thanatos Ransomware: Cisco researchers release free ThanatosDecryptor to save encrypted files

Python-based PBot adware evolves to deliver cryptocurrency miner and ad extensions

Unit 42 Unearths Targeted Attacks in South East Asia Leveraging PLAINTEE and DDKONG Malware Families

Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site

Fmovies, uTorrent and Other Common Ways to Get Infected with Malware

New Satori variant leverages D-Link router vulnerability to ensnare new devices

$50 Kardon beta malware allows customers to build own botnets

?WannaCry ransomware scam extorts victims with frightening emails without actually infecting systems

A new variant of Ursnif Banking Trojan served by the Necurs botnet hits Italy

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

Blackmail Campaign Pretending to be WannaCry Is Really Just WannaSpam

New GZipDe malware spotted serving up Metasploit backdoor

Magento credit card stealer Reinfector allows reinfect sites with malicious code

Satan ransomware raises its head again!

New FormBook malware campaign steals from and spies on victims

New Kardon Loader malware spotted for sale on the dark web for $50

New SamSam variant requires attacker's input before infection

GZipDe: An Encrypted Downloader Serving Metasploit

Mylobot malware comes with rare complexity, dangerous bag of tricks and techniques

Red Alert v2.0: Misadventures in Reversing Android Bot Malware

Operation #OpIcarus2018 has been announced and it encompasses several on-going campaigns

Millions of Streaming Devices Are Vulnerable to a Retro Web Attack

Beware this Android emulator, it's hijacking your GPU to mine cryptocurrency

Olympic Destroyer malware that hit Winter Games now targeting EU biochem threat prevention groups

New FakeSpy Android malware found targeting Korean and Japanese users

Nasty URLZone banking Trojan resurfaces in fresh campaigns targeting Japan

Compromised GitHub Account Spreads Malicious Syscoin Installers

Hackers found selling Android malware HeroRAT for $100 on Telegram

Betabot malware is still alive and kicking with a new multi-stage attack campaign

This sneaky Windows malware delivers adware - and takes screenshots of your desktop

DHS, FBI Share Details of North Korea's 'Typeframe' Malware

Cybercriminal entrepreneurs using a sliding pay scale to sell HeroRat malware

Zacinlo: Sneaky but massive malware spams Windows 10 users with ads, takes screenshots of desktops

Multi-Layered Infection Attack Installs Betabot Malware

MuddyWater trojan campaign adds a few new notes

Bitcoin, Ethereum Copied Addresses Replaced by Crypto Malware to Steal Funds

China-Linked APT15 Develops New 'MirageFox' Malware

ClipboardWalletHijacker miner hijacks your Ether and Bitcoin transaction, over 300,000 computers have been infected

US warns of new North Korea-linked malware TypeFrame days after historic Trump-Kim summit

MysteryBot: New triple threat malware comes with banking Trojan, keylogger and ransomware features

Decryptor Released for the Everbe Ransomware

DBGer Ransomware Uses EternalBlue and Mimikats to Spread Across Networks

New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

New LokiBot-Linked Android Trojan Emerges

Evil Teacher: Code Injection in Moodle

New 'PyRoMineIoT' Malware Spreads via NSA-Linked Exploit

Banco de Chile ‘MBR Killler’ Reveals Hidden Nexus to Buhtrap Malware Kit Used to Target Financial Institutions, Payment

Android malware is infecting Amazon Fire TVs and Fire Sticks

CryptoCurrency Miner Plays Hide-and-seek with Popular Games and Tools

New RedEye ransomware destroys victims' files, rewrites MBR if they fail to pay up

BabaYaga malware found updating and reinstalling WordPress sites, removing competing malware

Cryptocurrency-stealing malware are making a big splash on the dark web

New KillDisk malware variant caught targeting financial institutions in Latin America

Malspam Campaigns Using IQY Attachments to Bypass AV Filters and Install RATs

Powerful InvisiMole malware can spy on victims by turning infected computers into a video camera

That Russian Router Malware Is More Dangerous Than We Thought

Backdoor Uses Socket.io for Bi-directional Communication

Operation Prowli infects over 40000 servers, modems and IoT devices across industries worldwide

Vulnerabilities

LTE Mobile Telephony Standard Found Vulnerable to Hacking; Multiple Security Gaps Identified

Sophos SafeGuard anything but – thanks to 7 serious security bugs

RAMpage: Nearly every Android device released since 2012 likely impacted by new vulnerability

Unpatched WordPress core vulnerability could allow hackers to execute malicious code, delete files

How a 40-Year-Old Mobile Security Flaw Puts Consumers at Risk

Critical Cisco ASA and Firepower flaw already exploited in DoS attacks

Windows Settings Shortcuts Can Be Abused for Code Execution on Windows 10

Drupal Exploit on Linux - SentinelOne Detection and Response Case Study

Misconfiguration of Java web server component Jolokia puts orgs at risk

Microsoft Edge bug allows attackers to read emails and Facebook feed

"Wavethrough" Bug in Microsoft Edge Leaks Sensitive Information

New industrial switch flaws could allow hackers to remotely disconnect critical devices

Hackers Exploit Drupal Flaw for Monero Mining

Cracking Cortana: The Dangers of Flawed Voice Assistants

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

Hackers are now exploiting the Drupal vulnerability to serve up Monero-mining malware

New variant of HospitalGown vulnerability spotted in scores of Android and iOS apps

Wavethrough: Critical Microsoft Edge bug could let a malicious website retrieve content from other sites

New vulnerabilities in Phoenix Contact switches endanger industrial networks

Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware

Cisco Meeting Server Web Admin Interface Denial of Service Vulnerability

Google Developer Discovers a Critical Bug in Modern Web Browsers

Nearly 400 Axis camera models found riddled with bugs that could give attackers full control

CVE-2018-4990 Acrobat Reader DC Double-Free Vulnerability

Google to Fix Location Data Leak in Google Home, Chromecast — Krebs on Security

A bug in macOS' "Quick Look" feature leaks encrypted data, researchers find

Another Tapplock security flaw lets hackers pull smart lock’s location, other sensitive data from API server

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

Decades-old PGP bug allowed hackers to spoof just about anyone’s signature

Apple to Close iPhone Security Hole That Law Enforcement Uses to Crack Devices

Fingerprint-verified Tapplock One smart lock can be hacked in just seconds, researchers find

Thousands of Android devices still being shipped with debug ports exposed

Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability

Microsoft Windows Code Integrity Module CVE-2018-1040 Denial of Service Vulnerability

Why 50,000 ships are so vulnerable to cyberattacks

Third-party macOS security tool bug allowed malware to pass off as Apple software for over 10 years

Microsoft Windows Device Guard CVE-2018-8215 Local Security Bypass Vulnerability

Crestron flaw can be used to gain root-level access, control commands being executed

Critical Flaws Expose ABB Door Communication Systems to Attacks

15-Year-Old Mac Security Flaw Left Millions of Apple Customers Vulnerable to Hackers

For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks

Password reset flaw at internet giant Frontier allowed account takeovers

Frontier Communications password reset bug could allow hackers to bypass 2FA, take over accounts

OnePlus 6 security flaw lets anyone bypass its locked bootloader, but a fix is on the way

Frontier Communications' password bug lets anyone into your account

Flash zero-day shows up in Qatar amid geopolitical struggles

Firmware Vulnerabilities Disclosed in Supermicro Server Products

Malicious Google Chrome extension Desbloquear Conteudo targets Brazilian online banking customers

Over 110,000 Drupal sites still vulnerable to Drupalgeddon 2 despite patches released months ago

Critical Zip Slip vulnerability affects thousands of projects including ones from HP, Amazon, Oracle and more

Breaches

Appthority Data Breach: Careless App Developers Leave Millions of Sensitive Medical and Financial Records Exposed

Typeform Announces Breach After Hacker Grabs Backup File

Significant DDoS Attack on ProtonMail Blamed on Russia-Linked Group

Nametests: Facebook quiz app publicly exposed personal data of 120 million users for years

Adidas data breach: Contact details, encrypted customers of 'few million' customers compromised

Gentoo GitHub mirror hacked and considered compromised

HMRC accused of storing voices of over 5.1 Million British taxpayers without their consent

Marketing firm Exactis may have exposed huge database with 340 million records of people, businesses

BetVictor accidentally exposed its own internal systems passwords on its website

Red Hen website suffers SEO spam compromise

Music fans' payment details stolen in cyber attack on Ticketmaster UK

Online Betting Site Left Employees' Logins and Passwords Open to Hackers

New Zealand's Z Energy suffers breach, customers' personal data, vehicle types exposed

HealthEngine may be in breach of privacy law in sharing patient data

Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider

Fast food chain PDQ suffers data breach, customers’ personal and credit card data stolen

Michigan Medicine says over 800 patients' health data exposed after employee's laptop stolen

FireEye denies 'hack back' against Chinese government cyberespionage group

A huge spreadsheet naming ICE employees gets yanked from GitHub and Medium

Oregon.gov domain gets blacklisted after another government employee falls for phishing email

Med Associates suffers data breach compromising 270,000 patient records

Thousands of Mobile Apps Leak Data from Firebase Databases

Popular flight tracker Flightradar24 hacked, users' email addresses and hashed passwords compromised

Bithumb hacked: Cybercriminals steal $32 million from South Korean cryptocurrency exchange

Researchers Find 21,000 Exposed Container Orchestration Systems

Elon Musk: Tesla employee changed internal code, exfiltrated sensitive data in 'damaging sabotage'

MD Anderson Cancer Centre ordered to pay $4.3 million HIPAA fine over use of unencrypted devices

Google to fix Chromecast and Google Home bug that revealed your location 'with astonishing accuracy'

Hackers target Syscoin by injecting malware into its GitHub account

South African insurer Liberty hacked, refused to pay ransom demand

HealthEquity hit by data breach affecting 23,000 employees and customers

AI startup Clarifai hacked by Russian operatives during Pentagon Maven project, lawsuit claims

Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years

Docker Hub removes 17 backdoored images that earned cryptomining cybercriminals over $90,000

Blackmailed: Firm locked out of its computers in £120,000 ransom attack

Ethereum 'giveaway' scams on social media dupe victims out of $4.3 million

Trik Spam Botnet Leaks 43 Million Email Addresses

Phishing theft of $93G at clean energy agency went unreported for months

Dixons Carphone Falls Victim to Huge Data Breach: Attackers Accessed 5.9 Million Customer Card Details

Dignity Health accidentally exposes nearly 56,000 patients' data in email gaffe

Hackers Stole Over $20 Million in Ethereum from Insecurely Configured Clients

Chinese hackers reportedly stole 614GB of sensitive undersea warfare data from US Navy contractor

Hackers Raid South Korean Bitcoin Exchange Coinrail; Steal Cryptocurrency Worth $40 Million

Chile’s biggest bank hit with disk-wiping malware, over 9000 computers crash in attempted SWIFT hack

Facebook privacy-setting bug caused 14 million users’ posts to be shared publicly

Australia’s Commonwealth Bank leaks data of 10,000 customers over domain misspelling

Syndicate Wallet hacked; $10 million dollars stolen

Over 1 million computers in Vietnam infected with destructive W32.XFileUSB virus via USB drives

Transamerica hacked: Nearly 45,000 retirees' personal and sensitive details stolen

Crypto Exchange Bitfinex Suspects It's Being Attacked Again

Hacked: 92 Million Account Details for DNA Testing Service MyHeritage

Ticketfly hacked: Personal data, email addresses of more than 26 million users compromised

Sensitive internal data of over 10,000 firms likely leaked due to Google Groups misconfiguration

Hardcoded Credentials Expose Yokogawa Controllers to Attacks

Commonwealth Bank of Australia accidentally sends over 650 emails containing customer data to wrong address

Scams

New iOS 12 Feature Risks Exposing Users to Online Banking Fraud

Army investigators issue warning about ‘virtual kidnapping’ scam

People are discovering that scammers are controlling their Apple accounts using a feature for families to share apps (AAPL)

Scammers abuse multilingual domain names

Fortnite: Inside the "free V-Bucks" scams spreading across social media

Stakeholders should act swiftly on card cloning scams

Secure Phishing: Netflix Phishing Goes TLS

Watch out for fakes on virtual shopping sites

Appian Asset Management fined €443,000 after client hit by cyber fraud

Adidas phishing campaign promises free shoes, offers $50 subscription instead

Sophisticated scammers now targeting homebuyers by posing as brokers

Ethereum "Giveaway" Scammers Have Tricked People Out of $4.3 Million

Operation Wire Wire: FBI busts massive global email fraud ring, 74 scammers arrested

Tech support scams are still going strong

Fraudsters Are Posing As Retailers And Trying To Friend You: How To Stop It

Chip-card cloning: Woman doesn’t share PIN, still loses Rs40,000

SIM Swap Fraud Offers Account Takeover Opportunities for Cybercriminals

Wi-Fi phishing attacks discovered around Atlanta City Hall

$1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do

Five Florida residents admit to fraud charges involving gas station skimmers

Fraudsters ran up a £16,000 bill – but they still get sent more credit cards

Tech Support Scammers Use Victims' Webcams to Secretly Record 'Testimonials' for YouTube

Cyber scam: ‘Telecallers’ use e-wallets to wire money

Scammers Targeting Booking.com Users with Phishing Messages

IRS continues warning on impersonation scams; Reminds people to remain alert to other scams, schemes this summer

The FIFA World Cup kicks off this month and fraudsters are warming up

Patches

Mozilla Patches 18 Flaws in Firefox 61, Adds Tab Warming Feature

Cisco: Patch now, attackers are exploiting ASA DoS flaw to take down security

This month's Windows and Office security patches: Bugs and solutions

Sophos Patches Privilege Escalation Flaws in SafeGuard Products

NSA Exploit "DoublePulsar" Patched to Work on Windows IoT Systems

Oracle's latest Linux fixes: New Spectre, Lazy FPU patches beef up defenses

Cisco patches 34 vulnerabilities, five critical

Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors

Oracle Patches New Spectre, Meltdown Vulnerabilities

Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless

Canonical issues Spectre v2 fix for all Ubuntu systems with AMD chips

Cisco patches critical Nexus flaws: Are your switches vulnerable?

Cisco passes around antidotes to noxious NX-OS code execution bugs

Vendor Patches Seven Vulnerabilities Across 392 Camera Models

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch

Microsoft Patches Code Execution Vulnerability in wimgapi Library

Siemens Patches Vulnerabilities in SCALANCE, Other Devices

Xen Project patches Intel’s Lazy FPU flaw

OxygenOS 5.1.7 OTA update for OnePlus 6 now available, fixes bootloader security issue

Critical Flaws Patched in Schneider Building Automation Software

Why big companies ignore SAP security patches — and how that’s about to bite them, big time

Two Bugs in Wordpress Tooltipy Plugin Patched

Microsoft patches Cortana exploit that could have allowed anyone to hack locked Windows 10 PCs

Apple patched a USB vulnerability to keep hackers (or police) out of your iPhone

SAP Releases Critical Updates for Two Security Notes

Microsoft Fixes Faulty Debian Package That Messed With Users' Settings

Microsoft Releases Mitigations for Spectre-Like 'Variant 4' Attack

VMware plugs RCE hole in remote management agent

Microsoft June 2018 Patch Tuesday Fixes 50 Security Issues

GnuPG patched to thwart 'fake filename'

Mozilla patches heap buffer overflow in Firefox browsers

Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets

F-Secure Fixes Serious Vulnerability in Antivirus Products

Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets

Adobe issues emergency patch for new, critical zero-day Flash flaw

Patched Cisco ACS flaw lets attackers perform MITM attacks, steal admin credentials

Patches Available for Dangerous Bugs in Popular Brand of IP Cameras

Adobe Patches Flash Zero-Day

Update Google Chrome Immediately to Patch a High Severity Vulnerability

Google Patches 11 Critical Android Bugs in June Update

Related Blogs

No related blogs found, but here are some other blogs you might like: