List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in January 2019

The January has come and gone, witnessing a lot of turbulence in the cybersecurity landscape. Attackers were as usual at their best, performing more sophisticated and frequent attacks than before.

Several severe and massive data breaches affecting the sensitive data of various organizations were observed this month. The mega Collection#1 data breach exposed nearly 773 million records while on the other hand, a data leak at VOIPO exposed tens of gigabytes of customer data. Security researchers discovered another database named Collection#2-5 leaking around 2.2 billion unique usernames and associated passwords. In other major incident, an unprotected MongoDB database containing almost 200 million CVs of Chinese jobseekers was left publicly accessible for at least one week. 

Ryuk ransomware and its evolving activities were the talk of the town last month. Security researchers found the ransomware had updated its attack technique - by adding Emotet and Trickbot trojans - to target high-profile organizations. It raked in $3.7 million in Bitcoin payments within five months of its discovery. Variants of NRSMiner, ServHelper, STOP ransomware, AZORult trojan and Remexi backdoor malware were found targeting organizations, systems, networks and other critical infrastructures.

Two new vulnerabilities dubbed as ‘Fake Stake’ attacks vulnerability and ‘Pantsdown’ vulnerability were found affecting 26 low-end cryptocurrencies and BMC firmware stacks respectively.

Talking about security updates, Oracle issued 248 patches as part of its company’s quarterly security update to address vulnerabilities across multiple products. Microsoft too released security updates to fix 50 vulnerabilities in nine of its products. Apart from these, there were also security updates for flaws in Microsoft Exchange Server, Ubuntu 18.04 operating system, Drupal and Adobe Experience Manager products.

Here’s a look at the major breaches, malware, vulnerabilities, scams and security patches that were reported in January 2019.

Breaches


Malware


Vulnerabilities

 
Scams


Patches






  • Share this blog:
Previous
Deciphering Incident Response: Part I (Process)
Next
Deciphering the ATT&CK Navigator: Part 1 - What and why ATT&CK?
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.