CHAINSHOT malware
List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in September 2018

Published on Oct 2, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Published on Oct 2, 2018
September has come to an end and before we move ahead, let's have a quick look at the prominent breaches, malware attacks, vulnerabilities and scams that made a major impact in the cyber security world.
Talking about malware, security researchers uncovered various new malware such as CroniX, Fallout exploit kit, CryptoNar, Hakai botnet and Chainshot targeting various business entities, systems and processes. In addition, a new attack method named 'SonarSnoop' that could allow cybercriminals to steal victims' phone unlock pattern was also discovered by researchers.
Hackers were found exploiting authentication bypass vulnerability, remote code execution vulnerability and other critical security flaws to gain access to systems, servers and networks of an organization. Various new vulnerabilities such as 'Peekaboo flaw', 'EternalBlue flaw' and 'FragmentSmack vulnerability' were also discovered affecting various devices, systems and processes.
Coming to breaches, the month witnessed data leak of millions of customers in several breach incidents. While unsecured database at Veeam data management firm exposed around 445 million customer records, a security flaw on GovPayNow payment site resulted in the revelation of sensitive data of more than 14 million users.
Scammers were as usual at their best in tricking users, especially the senior citizens, into revealing their personal data by sending phishing emails or by tech-support scams.
Breaches
South Africa: Self-Confessed Hacker Strikes Again, Targets Labor Dept
Government transparency site revealed Social Security numbers, other personal info
C &A suffers data leak in Brazil
Cracked Logins of 570,000 Mortal Online Players Sold On Forums
Public IP Addresses of Tor Sites Exposed via SSL Certificates
Google paid million dollars to track offline purchases using Mastercard Data
First Wasaga Beach, now Midland hit by cyber-attack
Fraud cartel controlled 300 Irish bank accounts and stole $17 million
British Airways hacked as 380,000 customers have bank card details stolen
For the 2nd time in 3 years, mSpy leaks personal data of millions of customers
Over 50,000 customers' information exposed in Orrstown Bank cyber attack
Hacker exploits EOS betting platform to ‘win’ jackpot 24 times in a row
More than 5,000 affected by Park by Phone data breach
Broker Received Passwords from Westpac Employee
Veeam server lapse leaks over 440 million email addresses
Indian Food delivery app FreshMenu concealed 2016 data breach of 110k users
Apple leaks iPhone XS, XS Max, and XR names on its own website
TV Licencing urges thousands of viewers to check bank statements after data breach
Feedify becomes latest victim of the Magecart malware campaign
Whisky business: Uni of Edinburgh servers Irn-Scru'd by cyber-attack
Files With 42 Million Emails and Passwords Found On Free Hosting Service
Honolulu-based Fetal Diagnostic Institute of the Pacific hit with ransomware
Hacker exploits EOS smart contract to steal $200K from gambling app
Colorado firm claims ransomware attack behind closure
EOSBet Gambling application hacked, crooks stole $200,000 worth of EOS
Cyber attack at Bristol Airport makes screens go blank
GovPayNow.com Leaked More than 14 Million Customer Records Dating Back At Least Six Years
MongoDB server leaks 11 million user records from e-marketing service
Broadcaster ABS-CBN customer data stolen, sent to Russian servers
Blue Cross and Blue Shield of Rhode Island and Independence Blue Cross report breaches
Hackers stole customer credit cards in Newegg data breach
Hackers Pillage Zaif Cryptocurrency Exchange and Steal $60 Million
Canadian retailer's servers storing 15 years of user data sold on Craigslist
AdGuard resets all user passwords after credential stuffing attack
Arran Brewery hit by ransomware attack
Thousands of stolen frequent flyer miles of top airlines sold on Dark Web
Zoho pulled offline after phishing complaints, CEO says
SHEIN Fashion Retailer Announces Breach Affecting 6.42 Million Users
United Nations WordPress Site Exposes Thousands of Resumes
NewsNow has spilt a bunch of 'encrypted' passwords
Malware hits Freelancers at Fiverr and Freelancer.com
Aspire Health hacked by phishing scheme, loses some patients' protected health information
50 Million Facebook Accounts Affected in Massive Security Breach
Malware
CryptoNar Ransomware Discovered and Quickly Decrypted
Barack Obama's Blackmail Virus Ransomware Only Encrypts .EXE Files
New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers
Windows utility used by malware in new information theft campaigns
This malware disguises itself as bank security to raid your account
Malicious Emails Use New AdvisorsBot to Compromise Telecommunications and Hospitality Companies
Thousands of Compromised MikroTik Routers Send Traffic to Attackers
Thousands of misconfigured 3D printers on interwebz run risk of sabotage
Former NSA privacy expert: Here's how likely it is that your Amazon Echo will be hacked
Kaspersky warns of a new Loki Bot campaign target corporate mailboxes
I am invisible – Monero (XMR) Miner
WordPress Database Upgrade Phishing Campaign
MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys
Almost 400k websites risk hacking, data theft via open .git repos, researcher warns
Android System Broadcasts Expose Device Information
Malicious MDM: Let's Hide This App
Security Researcher Shows How Remote macOS Exploit Hoodwinks Safari Users With Custom URL Schemes
CroniX CryptoMiner Kills Rivals to Reign Supreme
Necurs Spews 780,000 Emails With Weaponized IQY Files
New Chainshot Malware Found By Cracking 512-Bit RSA Key
New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs
Malware Targeting Bitcoin ATMs Goes on Sale for $25,000
Domestic Kitten APT Operates in Silence Since 2016
Mass phishing emails sent to UNT students Tuesday evening
Malware may ‘hear’ your smartphone passcode one day
Keybase Browser Extension Could Allow Sites to See Messages
Tens of iOS apps caught collecting and selling location data
Palestinian, Middle East Targets Hit with New Surveillance Attacks
Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits
Iranians targeted by smartphone surveillance operation: Report
Researcher finds new malware persistence method leveraging Microsoft UWP apps
Ransomware campaign targets businesses with fake invoice message
Alert: 'Ryuk' Ransomware Attacks the Latest Threat
Researchers hack a Tesla car in seconds using only $600 worth of equipment
'Father of Zeus' Kronos malware exploits Office bug to hijack your bank account
Mongo Lock Attack Ransoming Deleted MongoDB Databases
Apple removes anti-malware apps that harvested browser data
Banking Trojan attacks increase, large scale Ramnit campaign impacts organizations worldwide
Cybercriminals Go Phishing For Jaxx Wallet Users
Attackers using PowerShell obfuscation tools to smuggle malware past scan tools
DanaBot's Anti-VM Update Shows How Quickly Financial Cyberthreats Evolve
Trend Micro Admits That Its Mac Apps Collect User Data
Iran tricked ISIS supporters into downloading wallpaper that spied on them, report says
Modular Malware Brings Stealthy Attacks to Former Soviet States
New Python-based Ransomware Poses as Locky
Creators of Tools for Building Malicious Office Docs Ditch Old Exploits
Beware of Hiddad Malware on Google Play Store!
Osiris Banking Trojan Displays Modern Malware Innovation
Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software
Windows and Linux Kodi users infected with cryptomining malware
Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
New Tsunami/Kaiten Variant: Propagation Status
PowerShell Obfuscation Ups the Ante on Antivirus
One Year Later, Over 2 Billion Devices Still Exposed to BlueBorne Attacks
Microsoft Macros Remain Top Vector for Malware Delivery
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
Fallout Exploit Kit Pushing the SAVEfiles Ransomware
New GandCrab ransomware variant hammers Florida school district
Researcher devised a new CSS & HTML attack that causes iPhone reboot or freezes Macs
Hackers secretly ran cryptocurrency mining malware on Indian government sites
Two New Monero Malware Attacks Target Windows and Android Users
Researchers Found New Worm with Botnet, Ransomware, and Coinmining Abilities
Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
New Botnet Hides in Blockchain DNS Mist and Removes Cryptominer
Spam Campaigns Using IQY Files Infect Japanese Users With BEBLOH and URSNIF Malware
"Lawful intercept" Pegasus spyware found deployed in 45 countries
Expandable ads can be entry points for site hacks
A vigilante botnet is taking out crypto-jacking malware
Paste Site Used as Hosting Service for FilesMan Backdoor
Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
Researchers find new financial malware targeting banking customers in Brazil
Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
Dissecting the first Gafgyt bot implementing the “Non Un-Packable” NUP technique
This Windows file may be secretly hoarding your passwords and emails
JPG Malware Attachment Campaign Strikes Again
Cobalt Gang Using CobInt Downloader to Install Malware on Systems of Interest
This Russian botnet mimics your click to prevent Android device factory resets
NSO malware accessed executive's iPhone within minutes
Increased Use of a Delphi Packer to Evade Malware Classification
New ransomware can turn your computer into a hacker's tool
Multiple Malware Threats for Visitors to Pirate Websites
First Publicly Known Malicious Crypto-Mining Campaign Launched Via Kodi
Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
Self-Propagating Emotet Banking Trojan Making a Comeback
Researchers warn of iTranslator man-in-the-middle malware
GandCrab V5 Released With Random Extensions and New HTML Ransom Note
With USB-C, even plugging in can set you up to be hacked
DanaBot trojan sets sights on Europe, new features
Stealthy cryptomining apps still on Google Play
Victims of Turla Backdoor More Numerous Than Originally Thought
Research: One Emotet Infection Leads to Three Follow-up Malware Infections
Mobile Websites Can Tap Into Your Phone's Sensors Without Asking
Android spyware in development plunders WhatsApp data, private conversations
Android Banking Trojan with 10K Installs Can Bypass Two-Factor Authentication
Password managers can be tricked into believing that malicious Android apps are legitimate
How The Dridex Gang Makes Millions From Bespoke Ransomware
Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT
Hide and seek Iot botnet updates include new Android ADB exploit
New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai
Phorpiex worm pivots to infect the enterprise with GandCrab ransomware
Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks
FBI solves mystery surrounding 15-year-old Fruitfly Mac malware
New Malware-as-a-Service Threat Targets Android Phones
Cryptojacking Android Apps Continue To Plague Google Play Store
Users Clicking Through Warnings, Leading to RAT Infections
Vulnerabilities
Windows 0-Day ALPC Bug Exploit Patched By Third Party Ahead Of Microsoft's Official Update
?Linus Torvalds talks frankly about Intel security bugs
Compromising Proxy Call Session Control Function (P-CSCF) using VoLTE
Phillips plugs security flaws in e-Alert tool
Multiple Vulnerabilities Found in Opsview Monitor
Python Package Installation Can Trigger Malicious Code
Cryptojacking campaign exploiting Apache Struts 2 flaw kills off the competition
Cisco Releases 16 Security Alerts Rated Critical and High
Schneider Electric Modicon vulnerability impacts ICS operation in industrial settings
Vulnerabilities found in the remote management interface of Supermicro servers
Do you really think crims would do that? Just go on the 'net and exploit a Windows zero-day?
ERPNext SQL Injection Vulnerabilities
Cisco warns customers of critical security flaws, advisory includes Apache Struts
User Impersonation Vulnerability found in ownCloud v0.1.2
OAuth Exploit Allowed Researcher to Takeover Periscope TV Account
Misconfigured Tor servers revealing owners
Popular VPNs contained code execution security flaws, despite patches
Advantech WebAccess RCE flaw still exploitable, exploit code available
Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed
Exploit vendor drops Tor Browser zero-day on Twitter
New Zero-Day Vulnerability for Windows Tweeted, Immediately Exploited
When is a patch not a patch? When it's for this McAfee password bug
Safari for iOS URL spoofing exploit revealed, with no documented fix
Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data
Flaws Found in Fuji Electric Tool That Links Corporate PCs to ICS
Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug
Security flaw can leak Intel ME encryption keys
Outdated Duplicator Plugin RCE Abused
FragmentSmack vulnerability also affects Windows, but Microsoft patched it
Unpatched systems at big companies continue to fall to WannaMine worm
Google's Android Team Finds Serious Flaw in Honeywell Devices
RDP Access to Hacked Servers Still a Thriving Business on Deep & Dark Web
Hackers hijack surveillance camera footage with 'Peekaboo' zero-day vulnerability
Old WordPress Plugin Being Exploited in RCE Attacks
Apple iOS 12 security update tackles Safari spoofing, data leaks, kernel memory flaws
A flaw in Alpine Linux could allow executing arbitrary code
Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw
Crippling DDoS vulnerability put the entire Bitcoin market at risk
Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE
Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites
Bitcoin devs warn of possible chainsplit following severe DDoS vulnerability
Off-Path TCP Exploit Allows Attackers to Steal Data via Unencrypted Connections
Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
Google secretly logs users into Chrome whenever they log into a Google site
Report: Microsoft misses disclosure deadline to patch RCE bug in JET
Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
Firefox bug crashes your browser and sometimes your PC
New CVE-2018-8373 Exploit Spotted in the Wild
100 channels and nothing on, except TV Licensing phishes
Mojave’s security “hardening” | User protections could be bypassed
New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros
Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password
Monero bug could have allowed hackers to steal massive amounts of cryptocurrency
Over 80 Cisco Products Affected by FragmentSmack DoS Bug
Epee Levin Packet Deserialization Code Execution Vulnerability
New CVE-2018-8373 Exploit Spotted
Apple 'Security Loophole' Exposes Business Wi-Fi Passwords To Hackers
'Mutagen Astronomy' Linux kernel vulnerability sighted
Apple's Device Enrollment Program has a flaw that lets you into iPhones and MacBooks
Google Project Zero to Linux distros: Your sluggish kernel patching puts users at risk
No Patches for Critical Flaws in Fuji Electric Servo System, Drives
Easy-to-prevent Apple flaw may threaten enterprise security
Google Project Zero Discloses New Linux Kernel Flaw
Privacy commissioner calling on wireless networks to plug security gap
Android App Verification Issues Pave Way For Phishing Attacks
iPhone XS Passcode Bypass Hack Exposes Contacts, Photos
Cisco posts 23 security alerts
Scams
Scammers are tricking people out of enormous payments as they're about to close on a house
Scammers pose as CNN's Wolf Blitzer, target security professionals
Tiny Island Atoll's Domain Used in Widespread Ad Fraud
Phishing scam on 2020 Tokyo Olympics tickets detected
FTC Seizes Army.com, Other Phony Military Recruitment Sites
Phone scam targets grandparents, New York officials warn
New WordPress Phishing Campaigns Target User Credentials
DSI sounds the alert over online scams
Tech support scammers find a home on Microsoft TechNet pages
Revenue says email offering tax refunds is a scam
Love Scam syndicate targeting 1,500 people from different countries busted by police
Windows support scam uses evil cursor attack to hijack Google Chrome sessions
Watch out for Hurricane Florence phishing scams
Partnerstroka tech support scammers creatively lock up users' browsers
Cyber criminals try swiping email logins and bank data in single HRMC phishing scam
BEC Scheme Run From Australian Detention Center
Blackmail Scam Demands Payment in Cryptocurrency
Watch out for the Netflix email scam, says Action Fraud
As Florence Clean-Up Begins, IRS Warns Taxpayers To Be Alert For Scams
CBA, ANZ caught in fake banking apps scam
Mass WordPress compromises redirect to tech support scams
Beware of CRA scam making the rounds, Dryden police warn
Tax Refund Phishing Cases Resurface in Scheme Targeting UK Users
Partnerstroka Tech Support Scam Preyed on Users With New Browser-Locking Tactic
Patches
Google Pixel, Nexus smartphones updated with September 2018 Android Security patch
Samsung Pulls Galaxy Note 5, S6 edge+ from Monthly Security Update List
Latest Version of Chrome Improves Password Management, Patches 40 Flaws
High-Severity Flaws in Cisco Secure Internet Gateway Service Patched
Symantec-secured website shutdown coming soon
Android September 2018 Patches Fix Critical Flaws
Traps Prevents In-The-Wild VBScript Zero-Day Exploit in Internet Explorer
Canonical Releases Linux Kernel Security Patch for Ubuntu 18.04 LTS, Update Now
Adobe Patches Six Critical Flaws in ColdFusion
Microsoft patches recent ALPC zero-day in September 2018 Patch Tuesday updates
Microsoft Patches Windows Zero-Day Disclosed via Twitter
Critical Out-of-Band Patch Issued for Adobe Acrobat Reader
Microsoft Announces Cumulative Updates for .NET Framework for Windows 10
Rockwell Automation Patches Severe Flaws in Communications Software
Windows update problems: Microsoft reveals why recent patches broke some PCs
Cisco: We've killed another critical hard-coded root password bug, patch urgently
Micropatch Released by 0patch for Windows Zero-Day
Third-Party Patch Available for Microsoft JET Database Zero-Day