Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

CHAINSHOT malware

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in September 2018

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in September 2018 - Featured Image

Published on Oct 2, 2018

September has come to an end and before we move ahead, let's have a quick look at the prominent breaches, malware attacks, vulnerabilities and scams that made a major impact in the cyber security world.

Talking about malware, security researchers uncovered various new malware such as CroniX, Fallout exploit kit, CryptoNar, Hakai botnet and Chainshot targeting various business entities, systems and processes. In addition, a new attack method named 'SonarSnoop' that could allow cybercriminals to steal victims' phone unlock pattern was also discovered by researchers.

Hackers were found exploiting authentication bypass vulnerability, remote code execution vulnerability and other critical security flaws to gain access to systems, servers and networks of an organization. Various new vulnerabilities such as 'Peekaboo flaw', 'EternalBlue flaw' and 'FragmentSmack vulnerability' were also discovered affecting various devices, systems and processes.

Coming to breaches, the month witnessed data leak of millions of customers in several breach incidents. While unsecured database at Veeam data management firm exposed around 445 million customer records, a security flaw on GovPayNow payment site resulted in the revelation of sensitive data of more than 14 million users.

Scammers were as usual at their best in tricking users, especially the senior citizens, into revealing their personal data by sending phishing emails or by tech-support scams.

Breaches

South Africa: Self-Confessed Hacker Strikes Again, Targets Labor Dept

Government transparency site revealed Social Security numbers, other personal info

C &A suffers data leak in Brazil

Cracked Logins of 570,000 Mortal Online Players Sold On Forums

Parental control spyware app Family Orbit hacked, pictures of hundreds of monitored children were exposed

Public IP Addresses of Tor Sites Exposed via SSL Certificates

Google paid million dollars to track offline purchases using Mastercard Data

First Wasaga Beach, now Midland hit by cyber-attack

Fraud cartel controlled 300 Irish bank accounts and stole $17 million

British Airways hacked as 380,000 customers have bank card details stolen

For the 2nd time in 3 years, mSpy leaks personal data of millions of customers

Over 50,000 customers' information exposed in Orrstown Bank cyber attack

Hacker exploits EOS betting platform to ‘win’ jackpot 24 times in a row

More than 5,000 affected by Park by Phone data breach

Broker Received Passwords from Westpac Employee

Veeam server lapse leaks over 440 million email addresses

Indian Food delivery app FreshMenu concealed 2016 data breach of 110k users

Apple leaks iPhone XS, XS Max, and XR names on its own website

TV Licencing urges thousands of viewers to check bank statements after data breach

Feedify becomes latest victim of the Magecart malware campaign

Whisky business: Uni of Edinburgh servers Irn-Scru'd by cyber-attack

Files With 42 Million Emails and Passwords Found On Free Hosting Service

Honolulu-based Fetal Diagnostic Institute of the Pacific hit with ransomware

Hacker exploits EOS smart contract to steal $200K from gambling app

Colorado firm claims ransomware attack behind closure

EOSBet Gambling application hacked, crooks stole $200,000 worth of EOS

Cyber attack at Bristol Airport makes screens go blank

GovPayNow.com Leaked More than 14 Million Customer Records Dating Back At Least Six Years

MongoDB server leaks 11 million user records from e-marketing service

Broadcaster ABS-CBN customer data stolen, sent to Russian servers

Blue Cross and Blue Shield of Rhode Island and Independence Blue Cross report breaches

Hackers stole customer credit cards in Newegg data breach

Hackers Pillage Zaif Cryptocurrency Exchange and Steal $60 Million

Canadian retailer's servers storing 15 years of user data sold on Craigslist

AdGuard resets all user passwords after credential stuffing attack

Arran Brewery hit by ransomware attack

Thousands of stolen frequent flyer miles of top airlines sold on Dark Web

Zoho pulled offline after phishing complaints, CEO says

SHEIN Fashion Retailer Announces Breach Affecting 6.42 Million Users

United Nations WordPress Site Exposes Thousands of Resumes

NewsNow has spilt a bunch of 'encrypted' passwords

Malware hits Freelancers at Fiverr and Freelancer.com

Aspire Health hacked by phishing scheme, loses some patients' protected health information

50 Million Facebook Accounts Affected in Massive Security Breach

Malware

CryptoNar Ransomware Discovered and Quickly Decrypted

Barack Obama's Blackmail Virus Ransomware Only Encrypts .EXE Files

New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers

Windows utility used by malware in new information theft campaigns

This malware disguises itself as bank security to raid your account

Malicious Emails Use New AdvisorsBot to Compromise Telecommunications and Hospitality Companies

Thousands of Compromised MikroTik Routers Send Traffic to Attackers

Thousands of misconfigured 3D printers on interwebz run risk of sabotage

Former NSA privacy expert: Here's how likely it is that your Amazon Echo will be hacked

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

I am invisible – Monero (XMR) Miner

WordPress Database Upgrade Phishing Campaign

MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys

Almost 400k websites risk hacking, data theft via open .git repos, researcher warns

Android System Broadcasts Expose Device Information

Malicious MDM: Let's Hide This App

Security Researcher Shows How Remote macOS Exploit Hoodwinks Safari Users With Custom URL Schemes

CroniX CryptoMiner Kills Rivals to Reign Supreme

Necurs Spews 780,000 Emails With Weaponized IQY Files

New Chainshot Malware Found By Cracking 512-Bit RSA Key

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

Malware Targeting Bitcoin ATMs Goes on Sale for $25,000

Domestic Kitten APT Operates in Silence Since 2016

Mass phishing emails sent to UNT students Tuesday evening

Malware may ‘hear’ your smartphone passcode one day

Keybase Browser Extension Could Allow Sites to See Messages

Tens of iOS apps caught collecting and selling location data

Palestinian, Middle East Targets Hit with New Surveillance Attacks

Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits

Iranians targeted by smartphone surveillance operation: Report

Researcher finds new malware persistence method leveraging Microsoft UWP apps

Ransomware campaign targets businesses with fake invoice message

Alert: 'Ryuk' Ransomware Attacks the Latest Threat

Researchers hack a Tesla car in seconds using only $600 worth of equipment

'Father of Zeus' Kronos malware exploits Office bug to hijack your bank account

Mongo Lock Attack Ransoming Deleted MongoDB Databases

Apple removes anti-malware apps that harvested browser data

Banking Trojan attacks increase, large scale Ramnit campaign impacts organizations worldwide

Cybercriminals Go Phishing For Jaxx Wallet Users

Attackers using PowerShell obfuscation tools to smuggle malware past scan tools

DanaBot's Anti-VM Update Shows How Quickly Financial Cyberthreats Evolve

Trend Micro Admits That Its Mac Apps Collect User Data

Iran tricked ISIS supporters into downloading wallpaper that spied on them, report says

Modular Malware Brings Stealthy Attacks to Former Soviet States

New Python-based Ransomware Poses as Locky

Creators of Tools for Building Malicious Office Docs Ditch Old Exploits

Beware of Hiddad Malware on Google Play Store!

Osiris Banking Trojan Displays Modern Malware Innovation

Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software

Windows and Linux Kodi users infected with cryptomining malware

Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader

New Tsunami/Kaiten Variant: Propagation Status

PowerShell Obfuscation Ups the Ante on Antivirus

One Year Later, Over 2 Billion Devices Still Exposed to BlueBorne Attacks

Microsoft Macros Remain Top Vector for Malware Delivery

Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program

Fallout Exploit Kit Pushing the SAVEfiles Ransomware

New GandCrab ransomware variant hammers Florida school district

Researcher devised a new CSS & HTML attack that causes iPhone reboot or freezes Macs

Hackers secretly ran cryptocurrency mining malware on Indian government sites

Two New Monero Malware Attacks Target Windows and Android Users

Researchers Found New Worm with Botnet, Ransomware, and Coinmining Abilities

Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns

New Botnet Hides in Blockchain DNS Mist and Removes Cryptominer

Spam Campaigns Using IQY Files Infect Japanese Users With BEBLOH and URSNIF Malware

"Lawful intercept" Pegasus spyware found deployed in 45 countries

Expandable ads can be entry points for site hacks

A vigilante botnet is taking out crypto-jacking malware

Paste Site Used as Hosting Service for FilesMan Backdoor

Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows

Researchers find new financial malware targeting banking customers in Brazil

Bug in Bitcoin code also opens smaller cryptocurrencies to attacks

Dissecting the first Gafgyt bot implementing the “Non Un-Packable” NUP technique

This Windows file may be secretly hoarding your passwords and emails

JPG Malware Attachment Campaign Strikes Again

Cobalt Gang Using CobInt Downloader to Install Malware on Systems of Interest

This Russian botnet mimics your click to prevent Android device factory resets

NSO malware accessed executive's iPhone within minutes

Increased Use of a Delphi Packer to Evade Malware Classification

New ransomware can turn your computer into a hacker's tool

Multiple Malware Threats for Visitors to Pirate Websites

First Publicly Known Malicious Crypto-Mining Campaign Launched Via Kodi

Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week

Self-Propagating Emotet Banking Trojan Making a Comeback

Researchers warn of iTranslator man-in-the-middle malware

Adwind Dodges AV via DDE

GandCrab V5 Released With Random Extensions and New HTML Ransom Note

With USB-C, even plugging in can set you up to be hacked

DanaBot trojan sets sights on Europe, new features

Stealthy cryptomining apps still on Google Play

Victims of Turla Backdoor More Numerous Than Originally Thought

Research: One Emotet Infection Leads to Three Follow-up Malware Infections

Mobile Websites Can Tap Into Your Phone's Sensors Without Asking

Android spyware in development plunders WhatsApp data, private conversations

Android Banking Trojan with 10K Installs Can Bypass Two-Factor Authentication

Password managers can be tricked into believing that malicious Android apps are legitimate

How The Dridex Gang Makes Millions From Bespoke Ransomware

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

Hide and seek Iot botnet updates include new Android ADB exploit

New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai

Phorpiex worm pivots to infect the enterprise with GandCrab ransomware

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

FBI solves mystery surrounding 15-year-old Fruitfly Mac malware

New Malware-as-a-Service Threat Targets Android Phones

Cryptojacking Android Apps Continue To Plague Google Play Store

Users Clicking Through Warnings, Leading to RAT Infections

Vulnerabilities

Windows 0-Day ALPC Bug Exploit Patched By Third Party Ahead Of Microsoft's Official Update

?Linus Torvalds talks frankly about Intel security bugs

Compromising Proxy Call Session Control Function (P-CSCF) using VoLTE

Phillips plugs security flaws in e-Alert tool

Multiple Vulnerabilities Found in Opsview Monitor

Python Package Installation Can Trigger Malicious Code

Cryptojacking campaign exploiting Apache Struts 2 flaw kills off the competition

Cisco Releases 16 Security Alerts Rated Critical and High

Schneider Electric Modicon vulnerability impacts ICS operation in industrial settings

Vulnerabilities found in the remote management interface of Supermicro servers

Do you really think crims would do that? Just go on the 'net and exploit a Windows zero-day?

ERPNext SQL Injection Vulnerabilities

Cisco warns customers of critical security flaws, advisory includes Apache Struts

Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 – Multi-provider VPN Client Privilege Escalation Vulnerabilities

User Impersonation Vulnerability found in ownCloud v0.1.2

OAuth Exploit Allowed Researcher to Takeover Periscope TV Account

Misconfigured Tor servers revealing owners

Popular VPNs contained code execution security flaws, despite patches

Advantech WebAccess RCE flaw still exploitable, exploit code available

Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

Exploit vendor drops Tor Browser zero-day on Twitter

New Zero-Day Vulnerability for Windows Tweeted, Immediately Exploited

When is a patch not a patch? When it's for this McAfee password bug

Safari for iOS URL spoofing exploit revealed, with no documented fix

Imaginary patch? SCADA software company reportedly never actually fixed RCE bug despite issuing update

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Flaws Found in Fuji Electric Tool That Links Corporate PCs to ICS

Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug

Security flaw can leak Intel ME encryption keys

Outdated Duplicator Plugin RCE Abused

FragmentSmack vulnerability also affects Windows, but Microsoft patched it

Unpatched systems at big companies continue to fall to WannaMine worm

Google's Android Team Finds Serious Flaw in Honeywell Devices

RDP Access to Hacked Servers Still a Thriving Business on Deep & Dark Web

Hackers hijack surveillance camera footage with 'Peekaboo' zero-day vulnerability

Old WordPress Plugin Being Exploited in RCE Attacks

Apple iOS 12 security update tackles Safari spoofing, data leaks, kernel memory flaws

A flaw in Alpine Linux could allow executing arbitrary code

Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw

Crippling DDoS vulnerability put the entire Bitcoin market at risk

Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE

Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

Bitcoin devs warn of possible chainsplit following severe DDoS vulnerability

Off-Path TCP Exploit Allows Attackers to Steal Data via Unencrypted Connections

Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability

Google secretly logs users into Chrome whenever they log into a Google site

Report: Microsoft misses disclosure deadline to patch RCE bug in JET

Apple MacOS Mojave zero-day privacy bypass vulnerability revealed

Firefox bug crashes your browser and sometimes your PC

New CVE-2018-8373 Exploit Spotted in the Wild

100 channels and nothing on, except TV Licensing phishes

Mojave’s security “hardening” | User protections could be bypassed

New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros

Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password

Monero bug could have allowed hackers to steal massive amounts of cryptocurrency

Over 80 Cisco Products Affected by FragmentSmack DoS Bug

Epee Levin Packet Deserialization Code Execution Vulnerability

New CVE-2018-8373 Exploit Spotted

Apple 'Security Loophole' Exposes Business Wi-Fi Passwords To Hackers

'Mutagen Astronomy' Linux kernel vulnerability sighted

Apple's Device Enrollment Program has a flaw that lets you into iPhones and MacBooks

Google Project Zero to Linux distros: Your sluggish kernel patching puts users at risk

No Patches for Critical Flaws in Fuji Electric Servo System, Drives

Easy-to-prevent Apple flaw may threaten enterprise security

Google Project Zero Discloses New Linux Kernel Flaw

Privacy commissioner calling on wireless networks to plug security gap

Android App Verification Issues Pave Way For Phishing Attacks

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos

Cisco posts 23 security alerts

Scams

Scammers are tricking people out of enormous payments as they're about to close on a house

Scammers pose as CNN's Wolf Blitzer, target security professionals

Tiny Island Atoll's Domain Used in Widespread Ad Fraud

Phishing scam on 2020 Tokyo Olympics tickets detected

NASA scammer allegedly tricked women into revealing their password reset answers, stole their private selfies

FTC Seizes Army.com, Other Phony Military Recruitment Sites

Phone scam targets grandparents, New York officials warn

New WordPress Phishing Campaigns Target User Credentials

DSI sounds the alert over online scams

Tech support scammers find a home on Microsoft TechNet pages

Revenue says email offering tax refunds is a scam

Love Scam syndicate targeting 1,500 people from different countries busted by police

Windows support scam uses evil cursor attack to hijack Google Chrome sessions

Watch out for Hurricane Florence phishing scams

Partnerstroka tech support scammers creatively lock up users' browsers

Cyber criminals try swiping email logins and bank data in single HRMC phishing scam

BEC Scheme Run From Australian Detention Center

Blackmail Scam Demands Payment in Cryptocurrency

Watch out for the Netflix email scam, says Action Fraud

As Florence Clean-Up Begins, IRS Warns Taxpayers To Be Alert For Scams

CBA, ANZ caught in fake banking apps scam

Mass WordPress compromises redirect to tech support scams

Beware of CRA scam making the rounds, Dryden police warn

Tax Refund Phishing Cases Resurface in Scheme Targeting UK Users

Car leasing social media scam

Partnerstroka Tech Support Scam Preyed on Users With New Browser-Locking Tactic

Patches

Google Pixel, Nexus smartphones updated with September 2018 Android Security patch

Samsung Pulls Galaxy Note 5, S6 edge+ from Monthly Security Update List

Latest Version of Chrome Improves Password Management, Patches 40 Flaws

High-Severity Flaws in Cisco Secure Internet Gateway Service Patched

Symantec-secured website shutdown coming soon

Android September 2018 Patches Fix Critical Flaws

Traps Prevents In-The-Wild VBScript Zero-Day Exploit in Internet Explorer

Canonical Releases Linux Kernel Security Patch for Ubuntu 18.04 LTS, Update Now

Adobe Patches Six Critical Flaws in ColdFusion

Microsoft patches recent ALPC zero-day in September 2018 Patch Tuesday updates

Microsoft Patches Windows Zero-Day Disclosed via Twitter

Critical Out-of-Band Patch Issued for Adobe Acrobat Reader

Microsoft Announces Cumulative Updates for .NET Framework for Windows 10

Rockwell Automation Patches Severe Flaws in Communications Software

Windows update problems: Microsoft reveals why recent patches broke some PCs

Cisco: We've killed another critical hard-coded root password bug, patch urgently

Micropatch Released by 0patch for Windows Zero-Day

Third-Party Patch Available for Microsoft JET Database Zero-Day

Related Blogs

No related blogs found, but here are some other blogs you might like: