We use cookies to improve your experience. Do you accept?

Skip to main content

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in January 2019

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in November 2019 - Featured Image

Ryuk ransomware Feb 1, 2019

The January has come and gone, witnessing a lot of turbulence in the cybersecurity landscape. Attackers were as usual at their best, performing more sophisticated and frequent attacks than before.

Several severe and massive data breaches affecting the sensitive data of various organizations were observed this month. The mega Collection#1 data breach exposed nearly 773 million records while on the other hand, a data leak at VOIPO exposed tens of gigabytes of customer data. Security researchers discovered another database named Collection#2-5 leaking around 2.2 billion unique usernames and associated passwords. In other major incident, an unprotected MongoDB database containing almost 200 million CVs of Chinese jobseekers was left publicly accessible for at least one week.

Ryuk ransomware and its evolving activities were the talk of the town last month. Security researchers found the ransomware had updated its attack technique - by adding Emotet and Trickbot trojans - to target high-profile organizations. It raked in $3.7 million in Bitcoin payments within five months of its discovery. Variants of NRSMiner, ServHelper, STOP ransomware, AZORult trojan and Remexi backdoor malware were found targeting organizations, systems, networks and other critical infrastructures.

Two new vulnerabilities dubbed as ‘Fake Stake’ attacks vulnerability and ‘Pantsdown’ vulnerability were found affecting 26 low-end cryptocurrencies and BMC firmware stacks respectively.

Talking about security updates, Oracle issued 248 patches as part of its company’s quarterly security update to address vulnerabilities across multiple products. Microsoft too released security updates to fix 50 vulnerabilities in nine of its products. Apart from these, there were also security updates for flaws in Microsoft Exchange Server, Ubuntu 18.04 operating system, Drupal and Adobe Experience Manager products.

Here’s a look at the major breaches, malware, vulnerabilities, scams and security patches that were reported in January 2019.

Breaches

Hackers Threaten to Dump Insurance Files Related to 9/11 Attacks

Saint John parking payment system breached 'multiple' times since May 2017

Victorian Government employees' details stolen in data breach

Popsugar’s Twinning app was leaking everyone’s uploaded photos

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

FoodPanda Breach Exposed Your Address, Number, And More

Dublin's Luas tram system hit by a ransomware attack

Massive data leak targets German officials including Angela Merkel

Singapore Airlines’ software glitch exposed customer data

Real-time location data for over 11,000 Indian buses left exposed online

Google Emails Users About Private Data Exposed by Google+ API Bug

OXO Discloses MageCart Attack That Targeted Customer Data on Oxo.com

First National 'dealing with authorities' after reported information leak

Hackers Steal Customer Data From Manufacturing Company

Thieves make off with shoppers’ credit card numbers after hacking apparel site for four months

Bridgeport, Conn., schools hit with ransomware

DePaul University group email exposes employees' info

Chinese group swindles $18.5 million from Indian arm of Italian company

Reddit Users Locked Out of Their Accounts for Unusual Activity

Iranian hackers suspected in worldwide DNS hijacking campaign

Unprotected MongoDB Exposes Over 200 Millions Resumes

Third-Party Breach Exposed 31K Patient Records

Del Rio City Hall Forced to Use Paper After Ransomware Attack

Cryptopia Exchange Hacked: 'Significant' Losses Reported

North Korean hackers infiltrate Chile's ATM network after Skype job interview

Voipo database exposed millions of call logs and SMS text messages

Advertising network compromised to deliver credit card stealing code

Triton/Trisis Attack Was More Widespread Than Publicly Known

Click2Gov breach threatens credit card data of Hanover County residents

Hackers breach and steal data from South Korea's Defense Ministry

An Astonishing 773 Million Records Exposed in Monster Breach

Oklahoma data breach may expose 7 years of FBI investigations: Report

West African banks targeted in multi-wave attack | SC Media

Online stores for governments and multinationals hacked via new security flaw

Twitter bug revealed private tweets for some Android users for almost five years

Cyberattack forces Health Sciences North to place systems on downtime at 24 hospitals

BlackRock exposes confidential data on thousands of advisers on iShares site

Over 900,000 affected by Cebuana Lhuillier data breach

ATLAS game taken offline twice after users hack admin account, find server exploit

Online casino group leaks information on 108 million bets, including user details

4M applications for youth org internships exposed

Alaska Notifies 87,000 People After Computer Security Breach

Millions of bank loan and mortgage documents have leaked online

Patient data of 70,000 compromised in Kansas-based Valley Hope Association breach

Report: UiTM system allegedly hacked, 1.16 million students info leaked online

DailyMotion discloses credential stuffing attack

LocalBitcoins blames security breach on forum 'third-party software'

Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses

Discover Card Users Affected by Data Breach, New Credit Cards Issued

Hundreds of Delaware residents among the victims of BenefitMall breach

Credit cards sold on 'dark web' for over a year after Saint John parking system hacked

Airbus reports breach into its systems after cyber attack

Malware

What is Ryuk, the malware believed to have hit the Los Angeles Times?

CA warns of destructive banking virus targeting network systems

Experts analyzed the distribution technique used in a recent Emotet campaign

Vulnerabilities found in hardware cryptocurrency wallets

New unCaptcha automated system bypasses Google reCAPTCHA once again

NRSMiner updates to newer version

Spyware Disguises as Android Applications on Google Play

Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs

Security researcher cracks Google's Widevine DRM (L3 only)

WhatsApp Gold virus: What to do if you receive it

Opera Blacklists Tampermonkey Extension Being Installed by Malware

South Korean journalists receive malicious code-embedded emails; North Korea a prime suspect

14 iPhone apps have been talking to a known malware server

GandCrab Operators Use Vidar Infostealer as a Forerunner

Latest Phishing Technique Uses Fake Fonts to Evade Detection

New hardware-agnostic side-channel attack works against Windows and Linux

Package Tracker ‘Parcels’ Adds Your Device to a Botnet

This old ransomware is using an unpleasant new trick to try and make you pay up

Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users

What we should learn from the 10th anniversary of the Conficker myster

$7,500 Steam Weakness Let Hackers Take Remote Control Of Gamers' PCs

New 'Crypto Dusting' Attack Gives Cash, Takes Reputation

Welcome to 2019: Your Exchange server can be pwned by an email

Shipping Execs Speared with Targeted ‘Whaling’ Attacks

ICEPick-3PM malware steals Android IPs

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

New ServHelper Backdoor and FlawedGrace RAT Pushed by Necurs Botnet

Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor

How Chrome extensions are making organisations vulnerable to attack

New ServHelper Backdoor and FlawedGrace RAT Pushed by Necurs Botnet

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor

Malware found preinstalled on some Alcatel smartphones

A Zebrocy Go Downloader

Ryuk ransomware earns hackers $3.7M in Bitcoin over 5 months

GoDaddy removes JavaScript injection which tracks website performance, but might break it too

Proof-Of-Concept Malware Reveals Smart Building Vulnerabilities Your Business Needs To Deal With

New Ransomware Bundles PayPal Phishing Into Its Ransom Note

Pdfhelp@india.com Pdff ransomware discovered by a researcher

Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles

Hijacking a PLC Using its Own Network Features

Emotet re-emerges after the holidays

Google Chrome extension that steals card numbers still available on Web Store

MS Word Documents Spreading .Net RAT Malware

This cryptocurrency mining malware now disables security software to help remain undetected

Researchers identify malware that can dismantle cloud security protections

New Attacks Target Recent PHP Framework Vulnerability

Attackers Leverage Open Source in New BYOB Attack

Mac Malware OSX.Dok is Back, Actively Infecting Victims

Improved Fallout EK comes back after short hiatus

GandCrab Returns with Friends (Trojans)

Popular WordPress plugin hacked by angry former employee

DarkHydrus adds Google Drive support to its RogueRobin Trojan

Emotet Banking Trojan Resurfaces With New Spam Avoidance Capabilities

Malware, User Privacy Failures Found in Top Free VPN Android Apps

New Rumba STOP Ransomware Being Installed by Software Cracks

New Phobos ransomware exploits weak security to hit targets around the world

Security researchers take down 100,000 malware sites over the last ten months

Rogue Web Apps Can Turn Browser Extensions Into Backdoors

DHS issues security alert about recent DNS hijacking attacks

Sky Go app security failure exposes customers to snooping, data theft

Telegram being used as command and control for malware by threat actors: Forcepoint

Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X

New ransomware strain is locking up Bitcoin mining rigs in China

Redaman Targets Russian Banking Customers with 4-Month Mass Offensive

Massive Adware Campaign Targets Mac Users

Voicemail Phishing Campaign Tricks You Into Verifying Password

Experts Discover Modular “Anatova” Ransomware

Beware of Exit Map Spam Pushing GandCrab v5.1 Ransomware

Spoofing search results and infecting browser extensions: Razy in search of cryptocurrency

New ransomware poses as games and software to trick you into downloading it

Concerns raised about WordPress' new 'White Screen Of Death' protection feature

Attackers Use Steganography to Obfuscate PDF Exploits

Cyberattackers Bait Financial Firms with Google Cloud Platform

New Ursnif Malware Campaign Uses Fileless Infection to Avoid Detection

Business Payroll Compromise – a New Way for Criminals to Steal from Your Company

Hackers Using RDP Are Increasingly Using Network Tunneling to Bypass Protections

Sly criminals package ransomware with malicious ransom note

The Story of Manuel’s Java RAT

Azorult Trojan Steals Passwords While Hiding as Google Update

Fileless Infection Steals Creds with Bank Trojan

Spam Injector Disguised as License Key in WordPress Website

Info-Stealing FormBook Returns in New Campaign

New LockerGoga Ransomware Allegedly Used in Altran Attack

Sofacy’s Zepakab Downloader Spotted In-The-WildSecurity Affairs

Australian web hosts hit with a Manic Menagerie of malware

Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

Analyzing a new stealer written in Golang

DOJ moves to take down Joanap botnet operated by North Korean state hackers

Cookieminer: New malware targets Macs to steal from cryptocurrency wallets

Vulnerabilities

Hope you're over that New Year's hangover – there's an Adobe PDF app patch to install

Google Chrome flaw patched three years after initial report

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

Popular Mac Clean-Up Software Ridden With Flaws That Allow Local Root Access

Serious DoS Flaw Impacts Several Yokogawa Products

US-CERT Warns of Security Flaws in Windows

Tens of thousands of hot tubs are exposed to hack

Twitter's API still spews enough metadata to reveal exactly where you lived, worked

Privilege Escalation Flaws Impact Apple IntelHD5000 Kernel Extension

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

Windows 7 hit with network issues thanks to dodgy Microsoft security fix

Microsoft Office Vulnerability Exposes User Data, Including Passwords

Privilege Escalation Flaws Impact Apple IntelHD5000 Kernel Extension

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

Microsoft Office Vulnerability Exposes User Data, Including Passwords

Report: Critical Vulnerabilities Leaking User Data Found on DX.Exchange, Patched Later

Electric cars: Security flaws could let attackers control charging stations

Mimecast discovers MS Office vulnerability

SCP implementations impacted by 36-years-old security flaws

Unpatched vCard Flaw Could Let Attackers Hack Your Windows PCs

Popular Web-Hosting Platform Bluehost Riddled with Flaws, Researcher Claims

Demonstrating Command Injection and E-Stop Abuse Against Industrial Radio Remote Controllers

Flaws in PremiSys access system could open door for physical intruders

TP-Link TL-R600VPN remote code execution vulnerabilities

CVE-2018-19475: Ghostscript shell command execution in SAFER mode

Telegram Bots Have Got A Major Problem, Security Researchers Warn

Windows Zero-Day Bug that Overwrites Files Gets Interim Fix

Serious Flaws Found in ControlByWeb Industrial Weather Station

WiFi firmware bug affects laptops, smartphones, routers, gaming devices

Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open

MySQL Design Flaw Allows Malicious Servers to Steal Files from Clients

Flaws in Omron HMI Product Exploitable via Malicious Project Files

Critical vulnerability issued for Cisco switches

Major Wi-Fi security flaw discovered

GoDaddy weakness let bomb threat scammers hijack thousands of big-name domains

OpenBMC caught with 'pantsdown' over new security flaw

Security flaws found in 26 low-end cryptocurrencies

NumPy Is Awaiting Fix for Critical Remote Code Execution Bug

Flaws in Moxa IIoT Product Expose ICS to Remote Attacks

Critical "OwnDigo" Vulnerability Discovered in a Leading Antivirus Software

Flaws Expose Phoenix Contact Industrial Switches to Attacks

ThinkPHP Vulnerability Abused by Botnets Hakai and Yowai

Major vulnerability found in Android ES File Explorer app

LabKey Vulnerabilities Threaten Medical Research Data

WordPress sites under attack via zero-day in abandoned plugin

Detailed Analysis of macOS/iOS Vulnerability CVE-2019-6231

Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities

Serious FaceTime bug allows you to listen remotely before anyone answers — Apple to fix ‘later this week’

Security alert for vulnerabilities in Siemens PLCs

Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

Security Alert: Danish E-Shoppers Targeted by Another Wave of Nets.eu Phishing Campaign

New JobCrypter ransomware variant captures screenshots of infected devices

Attackers scanning unpatched Cisco small business routers after exploit code published

Positive Technologies discovers dangerous vulnerabilities in Siemens PLCs

Multiple vulnerabilities in ACD Systems Canvas Draw 5

New security flaw impacts 5G, 4G, and 3G telephony protocols

Scams

Twitter let someone promote an obvious PayPal phishing scam

Apple Phone Phishing Scams Getting Better — Krebs on Security

Thousands Complain About TV License Phishing Emails

NSFAS students warned of online scams following attempted cyber attacks | Cape Argus

SIM Swapping Victims Who Lost Millions Are Pressuring Telcos to Protect Their Customers

Crooks Use Email to Scam St Lawrence College Parents Out of Tuition

Free SuperCounters Widget Serves Unwanted Redirects to Dating Site

Social Security Number scammers are at it again

Phishing Scam Lures Australian Government Contractors Into Disclosing Account Credentials

Singapore Airlines Warns of Phishing Scam

Fortnite is being used by criminals to launder cash through V-Bucks

BEC Scammers Go After Employee Paychecks

Remove "Windows is not activated" Pop-up Scam (Microsoft Scam)

Fake BBC News page used to promote Bitcoin-themed scheme

Phishing Scam Spoofs Canadian eTA and U.S. ESTA Websites To Target Visa-Exempt Foreign Travelers

Ether Cryptocurrency Scammers Made $36 Million In 2018 -- Double Their 2017 Winnings

YouTube stars warn of impersonation scam

Spam Campaign Follows the White Rabbit to NSFW Phishing Scams

What to do if you get this email 'from Netflix'

Beware of complaint scammers on Twitter! They pretend to be big companies and target users’ private data

IoT botnet used in YouTube ad fraud scheme

Patches

Microsoft to Release First 2019 Windows 10 Cumulative Updates Tomorrow

Microsoft January 2019 Patch Tuesday fixes 50 vulnerabilities

Make a SAP decision: Apply these security fixes if you're using German giant's software

Intel Patches High-Severity Privilege-Escalation Bugs

SAP Releases 'Hot News' Security Notes on First Patch Day of 2019

Google Patches Critical Vulnerability in Android

Microsoft spits out patches and plans to gobble up 7GB of storage for future Windows 10 updates

Intel Patches High-Severity Privilege-Escalation Bugs

SAP Releases 'Hot News' Security Notes on First Patch Day of 2019

Google Patches Critical Vulnerability in Android

Microsoft spits out patches and plans to gobble up 7GB of storage for future Windows 10 updates

Windows 7 hit with network issues thanks to dodgy Microsoft security fix

Microsoft Patches Remote Code Execution Vulnerability in Exchange Server

Juniper releases barrage of security fixes for security, networking devices

Cisco patches 18 vulnerabilities including a critical memory corruption DoS bug

Drupal Releases Security Updates

Adobe Patches Information Disclosure Flaws in Experience Manager

Unofficial Patches Released for Three Unfixed Windows Flaws

Plug in your iPhone, iPad, iPod, fire up the App Store: You have new Apple patches to install

Debian & Ubuntu Fix Man-in-the-Middle Attack in APT Package Manager, Update Now

Cisco Patches Flaws in Webex, SD-WAN, Other Products

Debian and PHP PEAR Projects Update for Application Vulnerabilities

Canonical Outs Major Linux Kernel Update for Ubuntu 18.04 LTS to Patch 11 Flaws

Google Chrome 72 removes HPKP, deprecates TLS 1.0 and TLS 1.1

Ubuntu 18.04 needs patching