The January has come and gone, witnessing a lot of turbulence in the cybersecurity landscape. Attackers were as usual at their best, performing more sophisticated and frequent attacks than before.
Several severe and massive data breaches affecting the sensitive data of various organizations were observed this month. The mega Collection#1 data breach exposed nearly 773 million records while on the other hand, a data leak at VOIPO exposed tens of gigabytes of customer data. Security researchers discovered another database named Collection#2-5 leaking around 2.2 billion unique usernames and associated passwords. In other major incident, an unprotected MongoDB database containing almost 200 million CVs of Chinese jobseekers was left publicly accessible for at least one week.
Ryuk ransomware and its evolving activities were the talk of the town last month. Security researchers found the ransomware had updated its attack technique - by adding Emotet and Trickbot trojans - to target high-profile organizations. It raked in $3.7 million in Bitcoin payments within five months of its discovery. Variants of NRSMiner, ServHelper, STOP ransomware, AZORult trojan and Remexi backdoor malware were found targeting organizations, systems, networks and other critical infrastructures.
Two new vulnerabilities dubbed as ‘Fake Stake’ attacks vulnerability and ‘Pantsdown’ vulnerability were found affecting 26 low-end cryptocurrencies and BMC firmware stacks respectively.
Talking about security updates, Oracle issued 248 patches as part of its company’s quarterly security update to address vulnerabilities across multiple products. Microsoft too released security updates to fix 50 vulnerabilities in nine of its products. Apart from these, there were also security updates for flaws in Microsoft Exchange Server, Ubuntu 18.04 operating system, Drupal and Adobe Experience Manager products.
Here’s a look at the major breaches, malware, vulnerabilities, scams and security patches that were reported in January 2019.