We use cookies to improve your experience. Do you accept?

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in November 2018

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in November 2018 - Featured Image

C3YPT3OR Dec 3, 2018

We are just one-month away from 2019 and as we start the countdown to a brand new year, let's not forget the major cyber threats and incidents that made an impact in the cybersecurity world in the month of November.

The month witnessed the discovery of several new ransomware such as XUY, Argus, DATAWAIT, BlackHat and C3YPT3OR. New variants of prominent malware like Stuxnet, TrickBot and Azorult were also found targeting processes, networks and systems of several organizations.

In the vulnerabilities section, seven new Spectre and Meltdown variants affecting AMD, ARM and Intel CPUs were discovered by academic researchers. Two new flaws dubbed as ‘BleedingBit flaw’ - that could allow attackers to install malicious firmware and gain access to the console port - was uncovered in Bluetooth Low Energy chips. Another new Bluetooth flaw dubbed as CarsBlues was found affecting millions of vehicles and this could allow attackers to steal Personally Identifiable Information (PII) of drivers.

Talking about breaches, an ElasticSearch server exposed 73 GB of data belonging to about 57 million US citizens. The leaked information included first name, last name, employer ID, job title, email address, physical address, state, ZIP code and other sensitive data of residents.

Scammers were observed using simple social engineering techniques to fool both individuals & organizations and steal crucial data. In one such event, fraudsters managed to steal $21.5 million from European-based cinema chain Pathé via phishing email.

Microsoft released security patches to address several issues such as a Windows zero-day exploit, a remote code execution flaw in Outlook 2010 and a Flash Player vulnerability in Windows 10.

Here’s a detailed list of all the breaches, malware, vulnerabilities, scams and patches that were reported in November.

Breaches

Nigerian airline Arik Air may have leaked customer data

Social Security Numbers, PII Stolen in NorthBay Healthcare Data Breach

Austal says hacker steals some data at its Australia business

Players affected as online game ‘Final Fantasy XIV’ hit by ‘unprecedented’ cyberattacks

Private messages from 81,000 hacked Facebook accounts for sale

Cyber attack exposes sensitive data about a nuclear power plant in France

Chicago, Galloway Township (N.J.) schools hit with cyberattacks

Four million Aussies were affected in Under Armour data breach

HSBC Bank Breached Again, Suspends Online Access to Affected Accounts

Creative Technology deems hacking of its support forum a minor incident but cyber-security expert sounds warning

Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange

Cryptojacking Attack Forces Canadian University to Shut Down Entire Network

AMEX blunder left thousands of Indian customers’ personal info unsecured

Cambodia's ISPs hit by some of the biggest DDoS attacks in the country's history

Canada Post leaked personal data, orders of thousands of cannabis smokers

Security breach at Nordstrom exposed sensitive employee data

Florida Department of Health data breach could affect Escambia, Santa Rosa patients

Huntsville Hospital in Alabama notifies job applicants of data breach

India: IRCTC wakes up after 2 years to fix its security bug

Cybercriminals Found Selling Over a Million Online Dating Profiles for Just $153

An IP Address Vulnerability Took Down Some Google Services for 1 Hour

Malaysian media group hit by ransomware attack: Report

21K Donors Had Their Personal Info Leaked Following Kars4Kids Data Breach

BEC scammers stole €19m from film company Pathé

Security Lapse Exposes Massive Database Containing Millions of Text Messages, Passwords and 2FA Codes

Amarillo City workers PII compromised

Major security breach as hackers obtain people’s personal info from York council phone app

6,500+ sites deleted after Dark Web hosting provider Daniel’s Hosting hack

Business email compromise scam costs Pathé $21.5 million

OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised

Amazon suffers data breach days before Black Friday

Facebook, Instagram, and WhatsApp Suffer an Outage

Email Addresses and Phone Numbers of More than 60 Million Users Exposed by USPS

Amazon's data breach to impact Indian customers, say experts

Brazil's largest professional association suffers massive data leak

Someone may have hacked Drake's 'Fortnite' account

Venmo lost millions from fake payments this year

Ransomware Attack Forced Ohio Hospital System to Divert ER Patients

Urban Massage exposed a huge customer database, including sensitive comments on its clients

Atrium Health Patient Database Breached; 2.65 Million Patients Impacted

Elasticsearch server exposed the personal data of over 57 million US citizens

Dell.com resets all customer passwords after cyber attack

Dunkin' Donuts accounts may have been hacked in credential stuffing attack

Marriott says data breach compromised info of up to 500 million guests

CommBank Brandjacked In Phishing Email Scam

Moscow's new cable car closed by cyberattack

Malware

CamuBot Banking Malware Stands out for Its Ability to Bypass Biometric Authentication

Report: New Stuxnet Variant Strikes Iran

Perl-Based Shellbot Looks to Target Organizations via C&C

Cyberespionage group uses popular messenger’s brand for targeted attacks

Thousands of Android Users Infected With Banking Malware From 29 Bogus Apps

Trickbot Shows Off New Trick: Password Grabber Module

0x20k of Ghost Squad Hackers Releases ODay Exploit Targeting Apache Hadoop

Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives

New techniques expose your browsing history to attackers

Giant ransomware bundle threatens to make malware attacks easier for crooks

LoJax: the malware that can survive operating systems being reinstalled

Xnore spyware app's poor security lets you see other customers' texts and call logs

Spam campaign targets Exodus Mac Users

Google Play app caught phishing for cryptocurrency exchange login details

New Ransomware using DiskCryptor With Custom Ransom Message

Two botnets are fighting over control of thousands of unsecured Android devices

Inside SearchPageInstaller: macOS Malware Deploys a MITM Attack

Threat Actors Combine Windows Utilities in Malware Campaign Targeting Users in Brazil

U-Boot's Trusted Boot Validation Bypassed

Phishing extortion campaign using new, more effective methods

Microsoft Releases Info on Protecting BitLocker From DMA Attacks

Hackers hide cryptocurrency mining malware in Windows installation files

Chrome 71 Will Warn Users about Deceptive Mobile Billing Pages

Linux CryptoMiners Are Now Using Rootkits to Stay Hidden

Emotet distributed in a major new large-scale spam campaign

Linux Cryptocurrency miner leverages rootkit to avoid detection

Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos

New Cobalt Gang PDF Attack Avoids Traditional Static Analysis Tools

App Containing Trojan Stayed on Google Play For a Year

New Ransomware Strain Evades Detection by All but One Antivirus Engine

Pakistan military hit by Operation Shaheen malware

Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants

Cryptojacking On The Rise: WebCobra Malware Uses Victims' Computers to Mine Cryptocurrency

Card skimming malware removed from Infowars online store

HookAds Malvertising Installing Malware via the Fallout Exploit Kit

Microsoft's super-secure Edge browser can be pwned eight different ways by a web page

Mylobot botnet delivers one-two punch with Khalesi malware

TrickBot takes over as top business threat

Understanding Evil Twin AP Attacks and How to Prevent Them

'DarkGate' miner, password-stealer could open up world of hurt for Windows users

This remote access trojan just popped up on malware's most wanted list

Four Fake Cryptocurrency Wallets Found on Google Play Store

Misconfigured Docker Services Actively Exploited in Cryptojacking Operation

tRat: New modular RAT appears in multiple email campaigns

Researchers spotted a new variant of the APT28 Lojax rootkitSecurity Affairs

The Week in Ransomware - November 16th 2018 - Mostly Small Variants Released

GandCrab: The most popular multi-million dollar ransomware of 2018

Hacking Gmail’s UX with from fields for phishing attacks

TrickBot Banking Trojan Starts Stealing Windows Problem History

500,000 Duped Into Downloading Android Malware Posing As Driving Games On Google Play

IRS Failed to Track 11,000 Breached Social Security Numbers for Tax Fraud

Malvertising in Apple Pay Targets iPhone Users

Ukraine detects new Pterodo backdoor malware, warns of Russian cyberattack

New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit

Two Attack Campaigns Infect Brazilian Financial Institution Customers With Banking Trojans

13 Malware-Laden Fake Apps on Google Play

Mirai Evolves From IoT Devices to Linux Servers

Aurora / Zorro Ransomware Actively Being Distributed

How Dropbox's red team discovered an Apple zero-day exploit chain by accident

Rowhammer attacks can now bypass ECC memory protections

Ukrainian police arrest hacker who infected over 2,000 users with DarkComet RAT

Black Friday special by Emotet: Filling inboxes with infected XML macros

New Linux crypto-miner steals your root password and disables your antivirus

Very trivial Spotify phishing campaign uncovered by experts

Hacker backdoors popular JavaScript library to steal Bitcoin funds

Researchers Use Smart Bulb for Data Exfiltration

US iOS users targeted by massive malvertising campaign

AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor

Fake Voice Apps on Google Play, Botnet Likely in Development

8 Popular Android Apps Caught Up In Million-Dollar Ad Fraud Scheme

The SLoad Powershell malspam is expanding to Italy

DNSpionage Campaign Targets Middle East

The Looming Rise of AI-Powered Malware

macOS Spyware: The Dangers of a Fake CryptoWallet Keylogger

DOJ and Tech Industry take collaborative action to annihilate a massive criminal ad fraud enterprise responsible for millions of dollars in losses

Microsoft issues warning against two apps that leaked private keys after installing root certificates

Android adware has plagued the Google Play Store in the past two months

Hackers are using leaked NSA hacking tools to quietly hijack thousands of computers

Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices

Brazilian-made bank trojan

Malicious developer creates wormable, fileless variant of njRAT

Hackers are opening SMB ports on routers so they can infect PCs with NSA malware

KingMiner malware hijacks the full power of Windows Server CPUs

Hackers are stealthily spreading brute-force Butter attack

New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools

Brand New Bag? TrickBot Malware Adds POS Data Collection Module

Vulnerabilities

Multiple Vulnerabilities in Yi Technology Home Camera

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability

Security Code AutoFill Flaw Exposes iOS, macOS Users to Banking Fraud Attacks

Facebook Business accounts were vulnerable to being hijacked by anyone

A pair of new Bluetooth security flaws expose wireless access points to attack

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

Windows Defender Bug Needs a Restart, Not Shutdown, To Enable Sandbox

Mozilla exorcises five bugs on Halloween

Cisco zero-day exploited in the wild to crash and reload devices

Intel CPUs impacted by new PortSmash side-channel vulnerability

New Microsoft Edge Browser Zero-Day RCE Exploit in the Works

Critical 'Bleedingbit' flaws found in microcontrollers used by Wi-Fi access points

ICS Devices Vulnerable to Side-Channel Attacks: Researcher

Inception Attackers Target Europe with Year-old Office Vulnerability

Security researchers have busted the encryption in several popular Crucial and Samsung SSDs

IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities

Online Radio Stations at Risk from Icecast Flaw

WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover

VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available

Microsoft, Google apps feature in the top 20 vulnerabilities in enterprise environments

Spammers hack 100,000 home routers via UPnP vulnerabilities to craft email-flinging botnet

Flaws in Roche Medical Devices Can Put Patients at Risk

Cisco Meeting Server Information Disclosure Vulnerability

IBM Network Performance Insight (CVE-2018-11771) - IBM PSIRT Blog

Researcher Bypasses Windows UAC by Spoofing Trusted Directory

The Intel Microcode Boot Loader Protects Older CPUs From Spectre

Researchers Unearth a 100,000-router botnet feeding on a 5-year-old UPnP bug in Broadcom chips

Another Facebook vulnerability could have exposed information about users and their friends

Unpatched Android OS Flaw Allows Adversaries to Track User Location

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

GPUs are vulnerable to side-channel attacks

A new exploit for zero-day vulnerability CVE-2018-8589

Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)

7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs

Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)

Multiple remote vulnerabilities in TP-Link TL-R600VPN

Infamous DirtyCOW is back in backdoor attack targeting Drupal Web Servers

3 New Code Execution Flaws Discovered in Atlantis Word Processor

Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you're visiting

German eID card system vulnerable to online identity spoofing

Bitcoin Cash ABC update exposes potentially catastrophic vulnerability

Hackers Exploit Flaw in GDPR Compliance Plugin for WordPress

Steam bug allowed unlimited free downloads

Apache Hadoop spins cracking code injection vulnerability YARN

Old Printer Vulnerabilities Die Hard

DoS Vulnerabilities Impact Linux Kernel

Siemens Warns of Linux, GNU Flaws in Controller Platform

Sennheiser’s flawed headphone software is a Trojan horse hackers could exploit

Sennheiser’s flawed headphone software is a Trojan horse hackers could exploit

Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)

Hackers can exploit this bug in surveillance cameras to tamper with footage

This is how Docker containers can be exploited to mine for cryptocurrency

Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)

Scams

Scammers Target Fortnite Players

FBI Pittsburgh warns of Tree of Life Synagogue Shooting scams soliciting money and information

‘Aaron Smith’ Sextortion scam campaigns hit tens of thousands of individuals

New .republican and .democrat Domains Offer New Ways to Fake Out Voters

John Oliver promoted Vote411 to get out the vote. Then scammers made a fake version

Warning: Macau Scam operators have new targets, and they could be your parents

Watch Out for the "Programmer Who Cracked Your Email" Bitcoin Scam

Elon Musk Bitcoin Scammers Hijack Verified Status Accounts

Crooks Arrested After Stealing $80K Worth of Crypto Using Sim Swapping

Smishing: A New Security Threat The Targets Smartphones By Text Message

ATO spoofed: Scammers use cloned tax office phone number to trick victims

Scammers Use Facebook Sharer Page to Push Tech Support Scams

FBI Warns of Cyber Scammers Targeting Holiday Shoppers

Beware of Black Friday Scams

IRS Issues Urgent Warning On Tax Transcript Scam

SIM-swapping 21-year-old scores $1 million by hijacking a phone

GDPR Related Scams Are Here

Beware 'Cyber Monday' deals on must-have toys, police warn shoppers

MoneyGram Warns Consumers to Stay Alert for Three Common Scams on Cyber Monday

Fraudsters changing contact details of banks on Google Maps to scam users

Watchdog issue warning over TV licence fraud after more than 2,500 complaints

New BEC Scams Take Advantage of the California Wildfires

Cyber-criminals invent a new “no talk” scam to trick you

Tech Support Scams Using Multiple Obfuscation Methods to Bypass Detection

Indian Police Break Up International Computer Virus Scam

Tech support scammers are using this new trick to bypass security software

Patches

It’s time to install the October Windows and Office patches — and maybe tweak your settings

Sauter Quickly Patches Flaw in Building Automation Software

Evernote for Windows patch resolves stored XSS vulnerability

Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP

How to Fix the BitLocker Hardware Encryption Bug in Windows 10

Several Vulnerabilities Patched in nginx

VMware Patches VM Escape Flaw Disclosed at Chinese Hacking Contest

Microsoft patches Windows zero-day used by multiple cyber-espionage groups

SAP Patches Critical Vulnerability in HANA Streaming Analytics

Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities

Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

First beta of Red Hat Enterprise Linux 8 now available with security updates, new features

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

Canonical Outs New Kernel Security Updates for All Supported Ubuntu Releases

Heads up: A ‘critical’ Win7/Server 2008 patch coming in February/March that’s really critical

Microsoft Releases Windows 10 Update KB4477029 to Fix Flash Player Vulnerability

Microsoft: Crash-causing Outlook 2010 security patches are now fixed

VMware issues critical security update for Workstation and Fusion products

Cisco Patches Critical Bug in License Management Tool

Related Blogs

No related blogs found, but here are some other blogs you might like: