Happy 2019 to everyone with more opportunities than challenges.
As we step into the new year with more optimism and vigor, let’s not forget the major cybersecurity events that occurred in December 2018.
The month December witnessed the discovery of several new malware and vulnerabilities. Researchers uncovered 21 new Linux malware families that operated as trojanized versions of the OpenSSH client. Prolific threat actor groups were found leveraging several new and sophisticated cyber espionage campaigns such as Pied Piper, Operation Sharpshooter and Stolen Pencil to infect systems and spread malware across different organizations worldwide.
A critical security flaw was unearthed in Kubernetes, the popular cloud container orchestration system that could allow attackers to gain elevated access to the computers. The flaw scored a rating of 9.8 on the severity scale.
In breaches, Quora exposed sensitive data of about 100 million users after hackers gained unauthorized access to the systems. Facebook came under fire again for a faulty Photo API bug that exposed private photos of around 6.8 million users to third-party apps. NASA disclosed a data breach that impacted the personal data of former and current employees.
Amidst all these threats and breaches, Microsoft unleashed security updates to fix 38 vulnerabilities across a large set of its products. Nine of these vulnerabilities were rated ‘Critical’.
Talking about scams, a new bomb threat scam was found doing the rounds in the US. The scammers sent threatening emails, asking the recipients to transfer $20,000 in bitcoins or be a victim of a bomb explosion.
Here is an aggregated list of breaches, malware, vulnerabilities, scams and patches that were reported in December 2018.