Just like the previous month, March too witnessed a volley of cybersecurity-related incidents.
Researchers uncovered the latest versions of several existing malware such as Emotet trojan, Ursnif trojan, Mirai botnet, GarrantyDecrypt ransomware, CryptoMix Clop ransomware and STOP ransomware targeting several organizations, systems, processes and more. Additionally, some infamous malware that includes the name of Adwind RAT, DMSniff and H-Worm made a comeback in different attack campaigns. Security researchers also spotted various new malware such as Pirate Matryoshka, StealthWorker, SLUB backdoor, Yatron ransomware, GlitchPoS and Gustuff affecting several industries in different sectors.
Talking about data breaches, ‘GnosticPlayers’ hacker came up with the fourth set of massive data (around 26 million user records) stolen from six different companies. The data was put up for sale at a price of $4.940 or 1.2431 bitcoin on a dark web forum. Also, two new unique sets of databases containing a total of 69,186 stolen Pakistani banks’ cards were put up for sale on the infamous Joker’s Stash market forum.
The month also saw the discovery of several new vulnerabilities in different products, the prominent one being the ‘SPOILER ATTACK’ vulnerability in Intel’s CPUs and the ‘Evil Cursor’ bug in Google’s Chrome browser.
In patches, Apple rolled out security updates for 51 security flaws found across its multiple products that use iOS 12.2. The flaws impacted the 6th generation iPods and the latest versions of iPhone 5s & iPad Air. Other major security updates include fixes for Cross-Site Scripting vulnerability in WordPress 5.1.1, three critical flaws in Ubuntu 18.04 LTS operating system and a serious ‘Denial-of-Service’ bug in Facebook Fizz.
Here is the aggregated list of breaches, malware, vulnerabilities, scams and patches that were reported in March.
Update: New research suggests that marketing email database breach impacts more than 2 Billion contact records
Dozens of High-Profile Box Accounts Found Leaking Sensitive Data; Major Tech Companies and Corporate Giants Impacted
Passwords and usernames of staff from MOH, MOE and other agencies stolen and put up for sale by hackers
Spear Phishing Scheme Dupes Nine Staff Members at Oregon DHS Compromising PHI of 350,000 in Over 2M Emails
Earl Enterprises Suffers Data Breach; Several Restaurant Brands like Buca di Beppo, Planet Hollywood and Earl of Sandwich Impacted
Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers
“Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution
Newly discovered vulnerability could allow attackers to take full control of Windows IoT Core devices
Vulnerability in Windows Deployment Services could allow attackers to hijack Windows server installations
Google and Facebook got tricked out of $123 million by a scam that costs small businesses billions every year
Posted on: April 01, 2019
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.