We are just one month away from 2020 and as we set the countdown to a brand new year, let's not forget the major cyber threats and incidents that made an impact in the cybersecurity world in November.
The month witnessed the discovery of several new ransomware such as PureLocker, AnteFrigus, NextCry, DeathRansom, and Cyborg. New variants of prominent malware like Gafgyt botnet, Ryuk ransomware, Megacortex ransomware, Trickbot trojan, and Emotet trojan were also found targeting processes, networks, and systems of several organizations. Multiple new threat actor groups like RedCurlz, RevengeHotels and ProCC to name a few, were also found targeting organizations in various sectors across the globe.
In the vulnerabilities section, a new variant of ZombieLoad was uncovered affecting all Intel CPU microarchitectures since 2013. Besides this, a team of academics also discovered two vulnerabilities collectively known as TPM-Fail impacting TPM chips. The flaws could allow an attacker to retrieve cryptographic keys stored inside the Trusted Platform Module (TPM) of a processor.
Talking about breaches, an Elasticsearch server exposed over 4 Terabytes of data on over 1.2 billion individuals. The leaked information included email addresses, employer status, locations, job titles, names, phone numbers, and social media profiles.
Scammers were observed using simple social engineering techniques to fool organizations into making fraudulent wire transfers. In one such event, fraudsters managed to steal $29 million from a Japan-based media giant Nikkei via a phishing email. Scamsters also swindled $2.1 million and $742,000 from Waterloo Brewing and Ocala city respectively in two different BEC attacks.
Among the security patches, Microsoft addressed a total of 74 vulnerabilities spotted across its products. On the other hand, Google fixed 40 security flaws affecting its platform and system components.
Here’s a detailed list of all the breaches, malware, vulnerabilities, scams, and patches that were reported in November.