Go to listing page
List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in February 2019
Share Blog Post
Just like the previous month, February too witnessed a volley of cybersecurity-related incidents.
Researchers uncovered the latest versions of several existing malware such as Trickbot trojan, Danabot trojan, Ursnif trojan, Astaroth trojan, Shlayer trojan, Separ info-stealer and KORKERDS cryptominer targeting several organizations, systems, processes and more. Additionally, infamous malware that includes the likes of AdvisorBot, FormBook and IceID made a comeback in different attack campaigns. Security researchers also spotted various new malware such as SpeakUp trojan, Qealler info-stealer, KerrDown malware downloader,B0r0nt0k ransomware and Cayosin botnet affecting several industries in different sectors.
Talking about breaches, data of 14 million Instagram users was found in an unsecured database. In another instance, data of almost 620 million accounts stolen from 16 popular websites was available for sale at a price less than $20,000 on the Dream Market forum. The same hacker had also released two distinct batches of data containing around 127 million account records and 93 million user records on the Dark Web respectively. Dunkin Donuts was attacked for the second time in three months. This resulted in the compromise of some of its customers' accounts.
The month also saw the discovery of several new vulnerabilities such as ZOMBIEPOODLE, GOLDENDOODLE, DIRTY SOCK and Thunderclap.
In patches, Microsoft issued security updated for 77 security flaws found across its multiple products. Other major security updates include fixes for a Container Privilege Escalation Vulnerability in Cisco products, NSS vulnerabilities in Ubuntu 18.10, 18.04 LTS & 16.04 LTS and authentication vulnerability in SAP HANA XSA.
Here is the consolidated list of breaches, malware, vulnerabilities, scams and patches that were reported in February.
Photo-sharing Platform 500px Suffered a Security Breach That Exposed its Users' Data and Profile Information
From Amazon to Emotet: a look at those phishing and malware emails that bypassed email security products
Software executive exploits ATM loophole to steal $1 million; explains his actions as “internal security tests”
POS Systems at Hundreds of Bars, Restaurants, and Coffee Shops All Over the US Infected with Malware
Vulnerabilities in Lifesize enterprise collaboration products could allow attackers to use it as a snooping tool
Reddit User Discovers WhatsApp Vulnerability that Lets You Bypass Face ID or Touch ID Security Feature
WinRAR versions released in the last 19 years impacted by severe security flaw; Over 500 million users at risk
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
Criminal groups are offering $360,000 salaries to accomplices who can help them scam CEOs about their porn-watching habits
LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't
An unpatched directory traversal vulnerability found in WP Cost Estimation plug-in receives a security update
Posted on: March 05, 2019
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.