Just like April, May has also witnessed a volley of cybersecurity-related incidents that affected several organizations, systems, processes and more.
Starting with malware attacks, the past month saw the emergence of new variants of several existing trojans such as Shellbot, Qakbot, Retefe, Gh0stRAT, KPOT, H-Worm, TrickBot and Banload. Apart from this, security experts also came across new variants of GandCrab, Satan and Dharma ransomware affecting several industries in different sectors.
The month of May also saw security researchers releasing decryptors for ZQ, NamPoHyu Virus, JSWorm2.0 and GetCrypt ransomware.
In a major data breach incident, the infamous ‘GnosticPlayers’ hacker made a comeback by carrying out a cyber attack on Canva. GnosticPlayers hacked the graphic design platform and stole data of nearly 139 million users. Misconfigured databases leaking millions of user records also grabbed the attention of security analysts across the world. The affected companies are Pyramid Hotel Group, Amadeus, ApexSMS, Burger King and Freedom Mobile.
HCL and First American Financial Corporation were also under the scanner due to security flaws found in their website portals. While HCL’s security lapse had resulted in the leak of its project details & employee passwords, the security hole in First American’s website had exposed 885 million records related to mortgage deals dating back to more than 16 years.
In the realm of vulnerabilities, security researchers discovered three new and critical vulnerabilities named ZombieLoad, BlueKeep and Thrangrycat. While ZombieLoad impacted all Intel chips created since 2011, BlueKeep affected RDP services in the older versions of Windows systems. Thrangrycat is a flaw in Cisco IOS XE software that could allow an attacker with stolen credentials to execute code on a Cisco networking device with root privileges.
Attackers were also found leveraging known vulnerabilities in Oracle WebLogic Server (CVE-2019-2725) and Atlassian Confluence Server (CVE-2019-3396) to distribute a variety of malware. The exploitation of CVE-2019-2725 resulted in the propagation of XMRig miner and variants of Sodinokibi ransomware & Muhstik botnet. On the other hand, cybercriminals abused CVE-2019-3396 to deploy variants of GandCrab ransomware and AESDDoS trojan.
May also witnessed some major security updates from Cisco and Microsoft. While Cisco released 40 security advisories for vulnerabilities in Nexus data-center switches and Firepower firewalls, Microsoft issued advisories and updates for 79 vulnerabilities. In a different security update incident, Microsoft had also released a security patch for the newly discovered BlueKeep vulnerability.
The following is a consolidated report of all major data breaches, malware, vulnerabilities and scams reported in May 2019.