We use cookies to improve your experience. Do you accept?

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in June, 2019

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in November 2019 - Featured Image

GoldBrute botnet Jul 2, 2019

The month of June witnessed a flurry of new malware, newly discovered vulnerabilities and attack methods used by threat actors. In addition to these, numerous breach incidents were also reported which affected renowned organizations as well as major businesses, and institutions.

New versions of Dridex trojan, Mirai botnet, Sodinokibi ransomware, and FormBook trojan among others were found being used by cybercriminals to execute their malicious and phishing tasks. Apart from new variants, security researchers also discovered new and sophisticated malware like GoldBrute botnet, Silex botnet, ATMJaDi info-stealer, ViceLeaker trojan among others. Conversely, decryptors for two prominent ransomware - GandCrab and pyLocky - were also released to help victims recover encrypted files.

The past month saw cyber attacks on various universities such as University of Chicago Medicine, Australian National University, Shanghai Jiao Tong University, Oregon State University, Graceland University, and Missouri Southern State University. A majority of attacks were carried out through phishing emails, resulting in the loss of personal and financial information of staff, students and parents.

In a major data breach incident reported in June, AMCA’s payment system had affected over 20 million individuals of five different diagnostic firms. The affected diagnostic companies were Quest Diagnostics, LabCorp, BioReference Laboratories, Carecentrix, and Sunrise Laboratories.

A threat actor who goes by the online name of ‘Achilles’ was found selling network access of many high-profile corporations that included UNICEF, Transat, Comodo Group, and Symantec, on online underground forums.

With ransomware attacks creating chaos worldwide, several cities and organizations were forced to pay the ransoms in order to recover their encrypted data and systems. This included N.E.O Urology in Ohio, City council of Riviera Beach & Lake City in Florida, Estes Park Health in Colorado.

Security researchers had also uncovered several cyber espionage campaigns namely, IPStorm, FishWrap, PCASTLE and Bouncing Golf that were launched against multiple firms. Two new attack methods named Tap n’ Ghost and Malboard that could be used against Android phones and computers were also uncovered in June.

Talking about vulnerabilities, a new version of Rowhammer attack called RAMBleed was detected affecting DRAM modules. Two critical remote code execution vulnerabilities were also uncovered in Exim software and Oracle’s Web Logic Server that could let attackers take control of victims’ systems.

In scams, scammers were found duping users into revealing their personal details and swindled money. These separate incidents included a fake Instagram post scam, a tech support scam as well as a cryptocurrency giveaway scam.

The following is a consolidated report of all major data breaches, malware, vulnerabilities and scams reported in June 2019.

Breaches

Pyramid Hotel Group stored systems info on open server

Theta360 leak exposes 11 million photos, user data

Almost 100,000 Australians' private details exposed in attack on Westpac's PayID

Nearly 12M Quest Diagnostics Patients Affected in Collection Agency Breach

100,000 Australians at risk of fraud as hackers attack Westpac's PayID platform

Australian National University Hit by Huge Data Breach; 19 Years of Personal Data Stolen

The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

Jewish dating app JCrush exposed user data and private messages

Medical Center Thwarts Cyberattack, Investigates Data Exposure

FAI assures ticket holders are not affected by latest data breach

Fortune 500 giant Tech Data exposed customer and billing data

Another Hacker Selling Access to Charity, Antivirus Firm Networks

Over 400,000 Opko Health Clients Impacted by AMCA Data Breach

Radisson Rewards may have leaked your data... again

Update: Sock company Bombas fined over data breach

Crooks stole about $10 million from GateHub cryptocurrency wallet service

A Large Chunk of European Mobile Traffic Rerouted Through China For 2 Hours

8.4TB in email metadata exposed in university data leak

CBP Discloses Data Breach Involving Theft of Traveler Photos and License Plate Images

Auburn Food Bank Hit By Ransomware, Needs Your Charity to Rebuild

2,841 patients hit by 'potential' privacy breach at Truro hospital

NSHA suffers privacy breach, nearly 3,000 patients possibly affected

Some sage security advice after Radiohead’s unreleased music hack

Evite e-invite website admits security breach

Telegram Targeted in a Whopper DDoS Attack; Experts Point to China

Ransomware Halts Production For Days at Major Airplane Parts Manufacturer ASCO

Lake City recovering from ransomware attack

Cybersecurity giant Symantec plays down unreported breach of test data

City of Burlington in Canada Falls for $503,000 Phishing Scheme

N.E.O. Urology pays attackers $75,000 after ransomware attack

Millions of Venmo Transactions Scraped in Warning Over Privacy Settings

Mermaids Transgender Charity Data Breach Exposed Confidential Emails

Oregon State University Breach Exposes Student and Family Data

Personal Information of 1.6 Million Job Seekers Exposed in a Database Leak

Patient Data Stolen During Theft at Red Deer Hospital

MTN Nigeria server hit by suspected cyber criminals

EatStreet Food Ordering Service Discloses Security Breach

Two Maryland medical practices notify patients after business associate error exposes patient information

Parliament IT bods' fail sees server's naked OS exposed to world

Facebook's xSocialMedia Ad Agency Exposes 150K Medical Histories

Google Pushes Confidential Android Security Update to Pixel User

A. Duie Pyle knocked offline by ransomware

Specsavers warns customers of privacy breach — but not through hacking

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000

Coinbase detected and blocked attempted attack on user funds

Cybercriminals Break Into Hacking forum 'Social Engineered' and Publish Stolen Data on Rival Site

Three banks hit by cyberattacks

WeTransfer Security Incident Sent Files to the Wrong People

Hackers Hit Global Telcos in Espionage Campaign; Large Amounts of Personal and Corporate Data Stolen

Marin County Community Clinics in California Hit by Ransomware

Cloud provider PCM hacked, customer info likely stolen for gift card scam

FBI Works to Counter the Effects of Virgin Island PD Hack

Indian IT Giant TCS was Hacked for its Clients by China’s Cyberspy Campaign

Ford, TD Bank Files Found Online in Cloud Data Exposure

Malware

Maze Ransomware Says Computer Type Determines Ransom Amount

Hidden Bee: Let’s go down the rabbit hole

Sodinokibi Ransomware Pushed via Foreclosure Warning Spam

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

Threat actors abuse Microsoft Azure to Host Malware and C2 Servers

Researchers Bypass Apple macOS Security Protections with ‘Synthetic’ Clicks

BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner

Gaining Root Access to Host through rkt Container hack

New Iranian hacking tool leaked on Telegram

Tap 'n Ghost Attack Creatively Targets Android Devices

A month later Gamaredon is still active in Eastern Europe

Magecart Skimmers Found on Amazon CloudFront CDN

Hackers Can Now Bypass Two-Factor Authentication With a New Kind of Phishing Scam

Malware spotted doing unspeakable, filthy things to infected Macs – injecting Bing results into Google searches

Hackers can now pose as victims through their keyboards

Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques

440 Million Android Users Plagued By Malicious Pop-Ups

New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website

Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds

The RIG Exploit Kit is Now Pushing the Buran Ransomware

Cryptojacking campaign strikes China with fileless attacks

Germany: Backdoor found in four smartphone models; 20,000 users infected

New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities

Ancient ICEFOG APT malware spotted again in new wave of attacks

New Mirai variant targets new devices for botnet including SD-WAN

Hackers Exploit Critical Oracle WebLogic Server Vulnerability

MuddyWater Updates POWERSTATS Backdoor For Multi-Stage Attacks

New Spam Campaign Controlled by Attackers via DNS TXT Records

Researchers: Hackers can send Push Notifications on Your Phone for Phishing

This unusual Windows malware is controlled via a P2P network

Cryptocurrency hackers sneak malware into Oracle servers to mine Monero

New Version of ShellTea Backdoor Used by FIN8 Hacking Group

Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP

Malware Can Be Hidden in DICOM Medical Imaging Files, DHS Warns

New FormBook Droppers Point to Future Threat

Fishwrap Campaign Sways Social Media Users with Old News

Cheap Android phones came preinstalled with Malware, Confirm google

This data-stealing malware has returned with new attacks and nasty upgraded features

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners

Fish ponds disguised theft of oil field power in cryptocurrency mining scheme

Adware and PUPs families add push notifications as an attack vector

JavaScript Template Attacks expose new browser fingerprinting vectors

pyLocky Decryptor Released by French Authorities

GateHub Releases PSA on Phishing Scam Targeting Its Ripple Wallet Users

Mirai Botnet Malware Offspring Graduates From University, Puts on a Suit, Slips Into Your Enterprise

Dissecting NanoCore Crimeware Attack Chain

New WSH RAT Malware Targets Bank Customers with Keyloggers

AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

Game Over for GandCrab: New free decryption tool allows victims to unlock all versions of this ransomware

Houdini trojan hits banking customers with keylogger

Android Phishing Malware Impersonates Turkish Cryptocurrency Exchange

Researchers Analyze Plurox Modular backdoor

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

Ryuk Ransomware Adds IP and Computer Name Blacklisting

Hackers Disguise New JavaScript-Based Trojan as Game Cheat

Hackers exploit Mozilla Firefox bug reportedly affecting Coinbase users

Cryptominer Uses Cron To Reinfect Linux Host After Removal

Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH

New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux

DanaBot Demands a Ransom Payment

Potent Firefox 0-day used to install undetected backdoors on Macs

Bundled with pirated VST software, LoudMiner malware cryptojacks VMs

Microsoft Warns of Campaign Dropping Flawedammyy RAT in Memory

New LooCipher Ransomware Spreads Its Evil Through Spam

Free proxy service found running on top of 2,600+ hacked WordPress sites

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

Fresh “video games” site welcomes new users with Steam phish

MobOk Malware Hides in Photo Editors on Google Play, Siphons Cash

Botnet Uses SSH and ADB to Create Android Cryptomining Army

Mac Malware Delivered via Firefox Exploits Analyzed

Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising

New Mac malware abuses recently disclosed Gatekeeper zero-day

LokiBot and NanoCore Malware Distributed in ISO Image Files

Riltok mobile Trojan: A banker with global reach

New Silex malware is bricking IoT devices, has scary plans

Stegoware-3PC marks new high in adware sophistication

Trojan Hiding In Attached Microsoft Excel Docs

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East

YouTube Bitcoin Scams Pushing the njRAT Backdoor InfoStealer

GreenFlash Sundown exploit kit expands via large malvertising campaign

Android spyware campaign spreads across the Middle East

Fake jquery campaign leads to malvertising and ad fraud schemes

New Dridex malware strain avoids antivirus software detection

Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign

Massive 1800ForBail WordPress Hacks

Phishing Security Controls Fully Bypassed Using QR Codes

Analysis of the Internet Skimmer Reveals Interesting Insights

Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps

Vulnerabilities

CosmosSDK has a critical security vulnerability; patch coming soon

Unit 42 Discovers Vulnerabilities in Adobe Acrobat and Reader and Foxit Reader, Shares Threat Research at Microsoft BlueHat Shanghai 2019

Zero-Day Flaw in Windows 10 Task Scheduler Gets Micropatch

Nginx nJS will need patches, hotels exposed via security systems, Docker containers dinged, and more

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT

SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video

Critical vulnerability found in WordPress plugin Convert Plus

IoT Attackers Exploit Four Year-Old Router Flaw

Cybersecurity flaws in chips are still taking too long to fix

Closed Source E-commerce Platforms Can Be Compromised

Jenkins Artifactory Plugin information disclosure vulnerability

Privilege Escalation Vulnerability Found in Rapid7 InsightIDR

OS Command Injection in WP-Database-Backup

Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions

Buggy Phishing Kits Allow Criminals to Cannibalize Their Own

Critical Vulnerabilities Lead to Account Takeover in Major IPTV Streamer

New RCE Vulnerability Impacts Nearly Half of the Internet's Email Servers

Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

Android backdoor demonstrates vulnerabilities in the mobile supply chain

RCE Using Caller ID - Multiple Vulnerabilities in FusionPBX

Windows 10 zero-day details published on GitHub

Major HSM vulnerabilities impact banks, cloud providers, governments

Critical RCE affects older Diebold Nixdorf ATMs

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover

WordPress Chat Plugin Bug Lets Hackers Inject Text, Steal Logs

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

Critical Vulnerability Exposes Oil Tank Monitoring Devices to Attacks

SymCrypt Bug Would Let Attacker "Take Down Entire Windows Fleet"

'RAMBleed' Rowhammer Attack Can Now Steal Data, Not Just Alter It

Windows 10 'Crypto' Vulnerability Outed By Google Researcher Before Microsoft Can Fix It

Guardio Discovers Major Vulnerability in Evernote's Chrome Extension

Critical Vulnerabilities Found in WAGO Industrial Switches

Some YubiKey FIPS Keys Allow Attackers to Reconstruct Private Keys

Critical vulnerabilities in Alaris Gateway Workstation allow attackers to alter drug dose in infusion pumps

Vulnerabilities in Thunderbird Email Client Allow Code Execution

Security Bug Would Have Allowed Hackers Access to Google's Internal Network

Tendermint Says Last Month’s Cosmos Vulnerability Exposed Security Loophole

This Critical Oracle Vulnerability is Being Exploited in the Wild

Unit 42 Discovers 10 New Microsoft Vulnerabilities

SafeBreach Identifies Serious Vulnerability In PC-Doctor Software

CVE-2019-10149: “Return of the WiZard” Vulnerability: Crooks Start Hitting

Flaws in Phoenix Contact Automationworx Allow Code Execution via Malicious Files

Critical vulnerabilities in VLC Media Player could allow an attacker to perform arbitrary code execution

BlueStacks Flaw Lets Attackers Remotely Control Android Emulator

SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform

Report Claims Huawei More Vulnerable To Security Hacks Than Rivals

Security firms demonstrate subdomain hijack exploit vs. EA/Origin

FDA Warns of Cybersecurity Risk to Certain Medtronic Insulin Pumps

Cirque du Soleil app gives attackers same admin rights as operators

Scams

“WHAT HAPPENED????” How a remote tech writing gig proved to be an old-school scam

Warning: These fake job ads want you to help cyber criminals launder money

OIG Issues Alert to Warn of ‘Free’ Genetic Testing Scams Seeking to Steal Information

Criminals Find Vulnerabilities In iPhone Scam

Microsoft Warns Against Bypassing Office 365 Spam Filters

Phishing Email Warns: Add Recovery Number or Account Deleted

Phishing Campaign Impersonates Mexico, Peru, Uruguay Government’s e-Procurement Systems

Google Search Ads Infiltrated Again by Tech Support Scams

CIA sextortion — an old scam with a new twist

Microsoft warns about email spam campaign abusing Office vulnerability

Email blackmailer threatens to have your website blocked forever

Weekend SIM-swapping blitz targets US cryptocurrency holders

Never used Zelle? Scammers can still use it to drain your bank account

Criminals Try to Schedule Spam in Google Calendar

Phishing Scam Asks You to Login to Read Encrypted Message

Online bank fraud in Dubai: How an Indian expat lost money to hackers

Beware of Fake John McAfee and Tesla Cryptocurrency Giveaways

NZ Post reviews and changes security processes after online credit fraud leaves $600K debt

Phishing Scam Says You Won $2.5M For Using Google's Services

Tech Support Scammers Target Search Ads on ISP Start Pages

Fake Ads that Lock Browsers Target Elders

Scammers Prey on Instagram Vanity and 'Verified Account' Status

Phone scam: Hundreds of victims as thousands of dollars posted offshore

Patches

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)

VLC 3.0.7 Released With the fix for 43 Security Vulnerabilities

Intel Updates NUC BIOS, Raid Soft To Patch High Severity Bugs

Microsoft Releases June 2019 Office Updates With Security Fixes

Open source PHP forum software myBB fixes a Stored XSS vulnerability in the private messaging and post modules

Cisco Releases Security Update for Cisco IOS XE

Microsoft Releases Windows 10 Update to Fix Privacy Settings Bug

Nokia 8 and Nokia 8 Sirocco get June Android security update | BGR India

Dell quietly patched a SupportAssist vulnerability that affected millions of users

Google reportedly fixes Nest Cam smart home security bug

Mozilla fixes second Firefox zero-day exploited in the wild

Canonical Outs New Linux Kernel Live Patch for Ubuntu 18.04 LTS and 16.04 LTS

OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed

Apple releases eight updates for AirPort Base Station bugs

Apache advisory addresses incomplete Tomcat update

Canonical Releases Linux Kernel Security Patch for 64-Bit PowerPC Ubuntu Systems

Incomplete Fix Leads to New Kubernetes Bug

ABB Patches Many Vulnerabilities in HMI Products

Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic

Google Chrome OS 75 Released with ZombieLoad MDS Mitigations