Just like the previous month, February too witnessed a volley of cybersecurity-related incidents.
Researchers uncovered the latest versions of several existing malware such as Trickbot trojan, Danabot trojan, Ursnif trojan, Astaroth trojan, Shlayer trojan, Separ info-stealer and KORKERDS cryptominer targeting several organizations, systems, processes and more. Additionally, infamous malware that includes the likes of AdvisorBot, FormBook and IceID made a comeback in different attack campaigns. Security researchers also spotted various new malware such as SpeakUp trojan, Qealler info-stealer, KerrDown malware downloader,B0r0nt0k ransomware and Cayosin botnet affecting several industries in different sectors.
Talking about breaches, data of 14 million Instagram users was found in an unsecured database. In another instance, data of almost 620 million accounts stolen from 16 popular websites was available for sale at a price less than $20,000 on the Dream Market forum. The same hacker had also released two distinct batches of data containing around 127 million account records and 93 million user records on the Dark Web respectively. Dunkin Donuts was attacked for the second time in three months. This resulted in the compromise of some of its customers' accounts.
The month also saw the discovery of several new vulnerabilities such as ZOMBIEPOODLE, GOLDENDOODLE, DIRTY SOCK and Thunderclap.
In patches, Microsoft issued security updated for 77 security flaws found across its multiple products. Other major security updates include fixes for a Container Privilege Escalation Vulnerability in Cisco products, NSS vulnerabilities in Ubuntu 18.10, 18.04 LTS & 16.04 LTS and authentication vulnerability in SAP HANA XSA.
Here is the consolidated list of breaches, malware, vulnerabilities, scams and patches that were reported in February.