ZombieLoad vulnerability
List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in May, 2019
Published on Jun 3, 2019
Just like April, May has also witnessed a volley of cybersecurity-related incidents that affected several organizations, systems, processes and more.
Starting with malware attacks, the past month saw the emergence of new variants of several existing trojans such as Shellbot, Qakbot, Retefe, Gh0stRAT, KPOT, H-Worm, TrickBot and Banload. Apart from this, security experts also came across new variants of GandCrab, Satan and Dharma ransomware affecting several industries in different sectors.
The month of May also saw security researchers releasing decryptors for ZQ, NamPoHyu Virus, JSWorm2.0 and GetCrypt ransomware.
In a major data breach incident, the infamous ‘GnosticPlayers’ hacker made a comeback by carrying out a cyber attack on Canva. GnosticPlayers hacked the graphic design platform and stole data of nearly 139 million users. Misconfigured databases leaking millions of user records also grabbed the attention of security analysts across the world. The affected companies are Pyramid Hotel Group, Amadeus, ApexSMS, Burger King and Freedom Mobile.
HCL and First American Financial Corporation were also under the scanner due to security flaws found in their website portals. While HCL’s security lapse had resulted in the leak of its project details & employee passwords, the security hole in First American’s website had exposed 885 million records related to mortgage deals dating back to more than 16 years.
In the realm of vulnerabilities, security researchers discovered three new and critical vulnerabilities named ZombieLoad, BlueKeep and Thrangrycat. While ZombieLoad impacted all Intel chips created since 2011, BlueKeep affected RDP services in the older versions of Windows systems. Thrangrycat is a flaw in Cisco IOS XE software that could allow an attacker with stolen credentials to execute code on a Cisco networking device with root privileges.
Attackers were also found leveraging known vulnerabilities in Oracle WebLogic Server (CVE-2019-2725) and Atlassian Confluence Server (CVE-2019-3396) to distribute a variety of malware. The exploitation of CVE-2019-2725 resulted in the propagation of XMRig miner and variants of Sodinokibi ransomware & Muhstik botnet. On the other hand, cybercriminals abused CVE-2019-3396 to deploy variants of GandCrab ransomware and AESDDoS trojan.
May also witnessed some major security updates from Cisco and Microsoft. While Cisco released 40 security advisories for vulnerabilities in Nexus data-center switches and Firepower firewalls, Microsoft issued advisories and updates for 79 vulnerabilities. In a different security update incident, Microsoft had also released a security patch for the newly discovered BlueKeep vulnerability.
The following is a consolidated report of all major data breaches, malware, vulnerabilities and scams reported in May 2019.
Breaches
Cartoon Network websites hacked to show Arabic memes and Brazilian male strippers
Netflix Content Compromised in Widevine DRM Hack
Department of Energy: A ‘Cyber Event’ Disrupted the Power Grid in California and Wyoming
Windows Server hosting provider still down a week after ransomware attack
Job recruitment site Ladders exposed 13 million user profiles
‘Denial of service condition’ disrupted US energy company operations
Hackers breach database of UNIFAST
Austrian construction group Porr hit by cyber attack
Hacked German IT Services Company Defies Ransom Demand
AMC Accidentally Exposed Data of 1.6 million Sundance Now and Shudder Subscribers
American Indian Health & Services, Inc. Provides Notice Of Data Security Event
Buena Vista Horace Mann student data compromised
11,000 Bots Slam the Influential Nicaraguan Newspaper La Prensa in 'A Direct Attack'
Popular Online Tutoring Marketplace 'Wyzant' Suffers Data Breach
Freedom Mobile Server Leak Exposes Customer Data; More than 1.5 Million Customers Affected
Burger King's Online Store for Kids Exposes Customers’ Info; Thousands of Customers Impacted
LulZSec and Anonymous Ita Hackers Published Sensitive Data from 30,000 Roman Lawyers
Samsung Spilled the Highly Sensitive SmartThings App Source Code and Secret Keys
**Hackers Breached 3 US Antivirus Companies, Researchers Reveal **
Indiana Pacers disclose security breach
Over 10 Million People Hit in Single Australian Data Breach
Unsecured Server Exposes Data for 85% of all Panama Citizens
4th US Anti-Virus Company Secrets for Sale as Cybercriminals Sell Source Code
Phishing Email Leads to Oregon State Hospital Data Breach
Hackers Access Data From More Than 460,000 Accounts at Uniqlo's Online Store
Over 460 Million E-Retailer User Accounts Hacked
Single Server Ties Hacked Diplomatic Cables to Chinese Cyberattacks Worldwide
Russian Government Sites Leak Passport and Personal Data for 2.25 Million Users
Singapore Red Cross website hacked, details of over 4,000 potential blood donors leaked
Microsoft Reveals Massive Breach of Emails
Unsecured Survey Database Exposes Info of 8 Million People
Stack Overflow Says Hackers Breached Production Systems
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Chinese cyberspies breached TeamViewer in 2016
Infamous Forum For Instagram Hackers Gets Hacked by Other Hackers
More than 20,000 Linksys routers leak historic record of every device ever connected
Faulty database script brings Salesforce to its knees
AT &T Homepage Mistakenly Warns Users of a Non-Existent Data Breach
Millions of Golfers Land in Privacy Hazard After Cloud Misconfig
TalkTalk data breach customer details found online
Georgia Tech Notifies Community of Security Incident
America's Oldest Professional Theatre Company "The Shubert Organization" Suffers Data Breach
First American Financial Leaked 800-plus Million Sensitive Mortgage Documents
Australian tech unicorn Canva suffers security breach
Researchers Find GitHub Access Tokens for Various Companies Inside Travis CI Build Logs
Flipboard Hack Prompts Password Reset for Millions of Users
Widespread Campaigns Infects 50k Servers with Cryptomining Malware
Events planning company database exposes more than 200,000 records
Leaky Chinese Database Exposes 42.5 Million Records From Data Apps
Unsecured Database Exposes 85GB in Security Logs of Major Hotel Chains
North Korean Hackers Target Crypto Exchange UpBit’s South Korean Users
GozNym Malware Attack Hits Two Law Firms for Over $117K in Losses
After Baltimore Cyberattack Forces System Shutdown in Luzerne County
Police investigate University of South Wales data breach
Malware
Sodinokibi Ransomware Exploits WebLogic Server Vulnerability
Dark web crime markets targeted by recurring DDoS attacks
Muhstik Botnet Exploits the Latest WebLogic Vulnerability for Cryptomining and DDoS Attacks
Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
Malvertising scam abuses Yandex.Direct, targets Russian accountants
Emotet Trojan Is the Most Prevalent Threat in Healthcare Systems
Shellbot malware evolves to spread and shuts down other cryptominers
A decryptor tool for ZQ ransomware is now available for free
JavaScript card sniffing attacks spread to other e-commerce platforms
Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords
Qakbot Assembles Itself from Encrypted Halves to Evade Detection
TinyPOS: Handcrafted Malware in Assembly Code
Retefe Revisited: Banking trojan reemerges, adopts new set of tools
Reversing Gh0stRAT: The DDOS-ening
Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code
Researchers Discover Malware that Scans the Internet for Vulnerabilities
Scranos Rootkit Operation Turns Global; Enterprises to Improve Security Posture
Replica Spam on Poorly Maintained ASP Site
Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
Surge of MegaCortex ransomware attacks detected
Evil Clippy Makes Malicious Office Docs that Dodge Detection
GandCrab Ransomware Detected Targeting Manufacturing Firm
Malicious Actors Exploit Confluence Vulnerability to Deliver Cryptocurrency Miner With Rootkit
Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims
Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites
New KPOT V2.0 Stealer Brings Zero Persistence and In-Memory Features to Silently Steal Credentials
Jokeroo Ransomware as a Service Pulls an Exit Scam
An unsecured SMS spam operation doxxed its owners
US government releases new report on ELECTRICFISH malware linked to North Korean threat actors
‘Unhackable’ EyeDisk Flash Drive Exposes Passwords in Clear Text
Site Promoting KeePass Password Manager Pushes Malware
Fake Pirate Chick VPN Pushed AZORult Info Stealing Trojan
Two years after WannaCry, a million computers remain at risk
Linksys Smart Wi-Fi Routers Leak Info of Connected Devices
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
North Korean cyberspies deploy new malware that harvests Bluetooth data
Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor
Hackers Add Security Software Removal to Banload Banking Malware
Keyloggers Injected in Web Trust Seal Supply Chain Attack
The Latest Techniques Hackers are Using to Compromise Office 365
FBI Flash: Ryuk Ransomware Continues to Attack U.S. Businesses
Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injector
New Trickbot Variant Uses URL Redirection to Spread
W97M/Downloader Malware Dropper Served from Compromised Websites
GandCrab Ransomware Gets Distributed via Fake Shipping Notification Written in Korean
Phishing Kit 16Shop Targets Apple Users
Satan Ransomware Expands Portfolio of Exploits
Skimmer acts as payment service provider via rogue iframe
Root account misconfigurations found in 20% of top 1,000 Docker containers
Attack Combines Phishing, Steganography, PowerShell to Deliver Malware
Phishing Campaign Delivers Multi-Feature, Open-Source Babylon RAT
Android and iOS devices impacted by new sensor calibration attack
CrySIS, aka Dharma ransomware, causing a crisis for businesses
Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement
Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada
GetCrypt Ransomware Brute Forces Credentials, Decryptor Released
New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices
Carders Prefer Audio Skimmers over Less Efficient Flash Skimmers
Hackers are scanning for MySQL servers to deploy GandCrab ransomware
Malspam Campaigns Use HawkEye Keylogger to Target Businesses
Canadian firms targeted with increasingly sophisticated phishing techniques
Sodinokibi Ransomware Fixes Scaling Issues, Targets Large Enterprises
New HiddenWasp malware found targeting Linux systems
Healthcare and Manufacturing Industries Still Threatened by WannaCry
Phishing Email States Your Office 365 Account Will Be Deleted
Vulnerabilities
Two Vulnerabilities Expose Rockwell Controllers to DoS Attacks
Many Vulnerabilities Found in Wireless Presentation Devices
Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws
Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released
Researchers Find Vulnerabilities in Over 100 Jenkins Plugins
Gas Station Software Vulnerable To Hacking
Researchers discover serious software flaws in IBM API Connect
TRON suffered from a critical bug that could’ve crashed its entire blockchain
Several Vulnerabilities Found in GE Power Meter Software
WordPress WP Live Chat Plugin Re-Patches Upload Hole
Mirai Kill Switch: A Bug in Mirai Code Allows Crashing C2 Servers
UC Browser for Android Vulnerable to URL Spoofing Attacks
Researchers Discover Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability
Move Over Drupalgeddon; Serious Phar Flaw Could Allow Arbitrary Code Execution on Drupal
Sqlite3 Window Function Remote Code Execution Vulnerability
Microsoft SharePoint Vulnerability Allows Hackers to Sift Through Servers, Saudi Authorities Warn
Flaws in a popular GPS tracker leak real-time locations and can remotely activate its microphone
Heap Buffer Overflow Vulnerability found in Kaspersky Antivirus Engine
Nvidia Warns Windows Gamers on GPU Driver Flaws
Over 100 Flaws Expose Buildings to Hacker Attacks
Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution
A Cisco Router Bug Has Massive Global Implications
Cisco IOS XE Software Web UI Command Injection Vulnerability
Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs
WordPress Plugin Give – Stored XSS for Donors
Persistent Cross-site Scripting in WP Live Chat Support Plugin
Google Starts Tracking Zero-Days Exploited in the Wild
MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading
A large chunk of Ethereum clients remain unpatched
Chrome Bug Causing Address Bar to Show Searches Over Site History
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
Windows 10 zero-day exploit code released online
Flaw Exposes Mitsubishi PLCs to Remote DoS Attacks
Thousands of vulnerable TP-Link routers at risk of remote hijack
Critical Vulnerabilities Plague South Korean ActiveX Controls
Angry Techie Publishes Three Zero-Days Targeting Windows & IE11
Thangrycat: A Deadly Cisco Vulnerability Named After an Emoji
Slimstart WordPress plugin vulnerability allows arbitary JavaScript code injection
Deutsche Discovers AML Software Glitch
.htaccess Injector on Joomla and WordPress Websites
Computer Researcher Finds Wallet Vulnerability That Gave Same Key to Multiple Users
Siemens Medical Products Affected by Wormable Windows Flaw
Researchers Disclose Vulnerabilities In Popular Smart Home Apps From Eaton and BlueCats
DuckDuckGo Android Browser Vulnerable to URL Spoofing Attacks
Google white hat hacker found code execution flaw in Notepad
WordPress Slick Popup plugin could leave backdoor open to hackers
Hackers actively exploit WordPress plugin flaw to send visitors to bad sites
Docker Vulnerability Opens Servers to Container Code
Scams
Scammers Create Google Search Ads to Lure PayPal, Amazon Clients
TV licence email scam: More than 5,000 complaints in three months
New Extortion Email Scam Threatens to Release Your Sex Tape
U.S. Federal Communications Commission Warns Consumers Against One-Ring Phone Scams
Attackers Add a New Spin to Old Scams
Scammers Try to Trick YouTubers Into Giving Up Password
YOU could be the next target of scams pretending to be from 'Big Banks'
'Collaboration is key' to tackling fraud, NYPD detective says
Airbnb users getting scammed with fake rentals, account closures
UK warns over online trading scams
Crypto-currency investment scams triple in the UK, bagging £28 million
ANZ customers get scam email warning of a scam
Email scam warning for Ministry for Primary Industries customers
Tech-Support Scammers Cheat Elder of $136,000, Risk Decades in Jail
North Korean hackers use phishing to target users of South Korean cryptocurrency exchange UPbit
Patches
Stable Channel Update for Desktop
Sophos UTM 9.602 Released That Fixes 3 Vulnerabilities
Cisco issues critical security warning for Nexus data-center switches
Ad Server Patched to Stop Possible Malware Distribution
Cisco tackles critical vulnerability in switch software, 41 other bugs
Google Patches Remotely Exploitable Vulnerabilities in Android
Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products
Jenkins Vulnerability Exploited to Deliver 'Kerberods' Malware
Critical Adobe Flash Player, Acrobat and Reader Flaws Fixed
Canonical Releases Ubuntu Updates to Mitigate New MDS Security Vulnerabilities
Microsoft's May 2019 Patch Tuesday Fixes 79 Vulnerabilities
Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws
Microsoft Patches RDS Vulnerability Allowing WannaCry-Like Attacks
Debian Patches New Intel MDS Security Vulnerabilities in Debian Linux Stretch
SAP Patches Multiple Missing Authorization Checks
Nokia 8 and Nokia 6 start receiving May 2019 Android security update
Windows 10's May patches are borking McAfee and Sophos software
Mozilla fires up another Firefox update, patching 24 vulnerabilities
You Need to Patch the BlueKeep RDP Vulnerability (CVE-2019-0708)
GitHub Rolls Out Automatic Security Updates for Vulnerable Open Source Code
Nokia 1 update rolling out with May 2019 Android security patch
Apple Releases Firmware Security Updates for AirPort Base Stations
Nvidia Fixes High-Severity Flaws in GeForce Experience for Gamers
