List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in July, 2019

See All
The month of July witnessed a flurry of new malware, newly discovered vulnerabilities and attack methods used by threat actors. In addition to these, numerous large-scale data breaches were also reported which affected renowned organizations as well as government institutions. 

New versions of Trickbot trojan, Miori botnet, Watchbog trojan, Pegasus spyware and Ratsnif trojan among others were found being used by cybercriminals to execute their malicious and phishing tasks. Apart from new variants, security researchers also discovered new, unique malware such as EvilGnome backdoor, Topinambour malware dropper, Okrum backdoor, ERIS ransomware among others. On the other hand, decryptors for two ransomware - Ims00rry and LooCipher - were also released to help victims recover encrypted files from attacks that had this ransomware. 

The past month witnessed a major cyber attack at 62 universities in the US after hackers exploited a weakness in a popular admission and enrollment banner software made by Ellucian. The hackers stole student data and later used it to create thousands of fake accounts. Likewise, several healthcare providers across the world had to bear the brunt of cyberattacks. A majority of the attacks were carried out via phishing emails, resulting in the loss of personal and financial information of staff, students and parents. 

In a major update to AMCA’s data breach, a few more diagnostic centers in the US were found to be impacted by the incident. The new companies included American Esoteric Laboratories, Laboratory Medicine Consultants, South Texas Dermatopathology, Austin Pathology Associates, and Pathology Solutions. 

Multiple data leak incidents due to misconfigured databases were also reported last month. The major victim organizations due to this were AavGo, K12, YouHodler, Orvibo, Jiangsu Provincial Public Security Department, Pipl and LexisNexis. Researchers had also found a massive data leak named DataSpii that occurred due to eight Chrome and Firefox browser extensions. The leak had affected close to 4.1 million users. 

As a consequence of ransomware infection, several cities and organizations were forced to pay the ransom in order to recover their encrypted data and systems. This included LaPorte County in Indiana and Park DuValle Community Health Center in Louisville. 

Two new attack methods named Spearphone attack and CTRL-ALT-LED that could be used against Android phones and computers were also uncovered in July. 

Talking about vulnerabilities, Instagram, LinkedIn, WhatsApp and Telegram contained serious vulnerabilities that could put users’ data at risk. In addition, a critical vulnerability detected in Lenovo Iomega NAS devices had exposed 36TB of 3 million files.

Coming to security fixes and patches, Oracle had released a series of updates to fix 322 flaws, while Microsoft had addressed 77 security issues found across its multiple products.  

In scams, scammers were found duping users into revealing their personal details and swindled money. These separate incidents included a WhatsApp scam, a BEC scam as well as a fake invoice scam.   

The following is a consolidated report of all major data breaches, malware, vulnerabilities and scams reported in the last month.

Breaches

Malware

Vulnerabilities

Scams

Patches




  • Share this blog:
Previous
Next
Building Cyber Fusion Center the Right Way
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.