Products
Cyber Fusion Center

Stay ahead of threats with our cyber fusion solutions for threat intelligence sharing and analysis, threat response, and security automation.
Learn More

Threat Intelligence Platforms (TIP)

Intel Exchange

Intel Exchange Lite

Collaborate
Security Orchestration and Automation (SOAR)

Respond

Orchestrate
Threat Intelligence Ecosystem

Solutions for ISACs, ISAOs, and CERTs

Solutions for ISAC, ISAO, and CERT Members

Intel Exchange Spoke

Cyware Browser Extension
Partners

Partners & Integrations

Learn how our solutions seamlessly connect with other tools and technology partners to fit your security needs.

Channel Partners

MSSPs

Technology Alliances

Open APIs

MISP

Register a Deal

CywareOne Login
Resources

Resources Library

Stay updated on the cyber threat landscape with free daily alerts, the latest industry reports, security trends, and more.

Resource Library

Cyware Labs: Research & Threat Briefings

Security Guides

Free Threat Intel Feeds

Webinars & Videos

Community Resources

Cyware Academy
Company

Contact Us

Get in touch with our team to learn more about our solutions and how they can help your organization.

Get in Touch

Leadership

Careers
We’re Hiring

Cyware in the News

Press Releases

Compliance

Login

Go to listing page

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in September, 2019

Threat Actor
Breach, Incident
Vulnerability
Malware

List of Data Breaches, Malware, Vulnerabilities, Scams, and Issued Patches in September, 2019

Share Blog Post

October is finally here and as we look forward to it, let’s take a quick look at the prominent breaches, malware attacks, vulnerabilities, and scams that made a major impact in September.

Talking about malware, several nefarious malware such as Sodinokibi ransomware, Emotet trojan, Nemty ransomware, Astaroth trojan, and Trickbot trojan made a comeback in different cyberespionage campaigns targeting individuals and organizations. The month also witnessed the discovery of various new malware. This includes WiryJMPer malware downloader, Ordinypt wiper, Skidmap backdoor, MobiHok RAT, Dtrack trojan, Gucci botnet, and TFlower ransomware among others.

The month of September also witnessed several instances of attacks due to malicious apps. Roughly 172 harmful apps were removed from Google’s Play Store following the discovery of their involvement in different revenue generation scams. A majority of these apps were disguised as cameras, keyboards, antivirus solutions, and health apps.

Cybercriminals were found leveraging new techniques like Microsoft documents, fake updates and fake SSO signs to bypass email security gateways and conduct phishing attacks. Threat actor groups - Magecart 5, Cobalt Dickens, and Fancy Bear - also managed to pull off some massive cyber-espionage campaigns that caused widespread destructions during September.

In the realm of bugs, threat actors exploited authentication bypass vulnerability, remote code execution vulnerability and other critical security flaws to gain access to systems, servers, and networks of organizations. Various new vulnerabilities such as NetCAT and SACK Panic were also discovered affecting Intel CPUs and Siemens products respectively.

Coming to security fixes and patches, Microsoft had addressed 93 security issues found across its multiple products, while Chrome 77 was released with fixes for 55 security issues.

The following is a consolidated report of all major data breaches, malware, vulnerabilities and scams reported in September.

Breaches

Flight booking platform Option Way exposes customer and internal data

Cracked Passwords for Poshmark Accounts Being Sold Online

Data of 90K Mastercard Priceless Specials Members Shared Online

Teletext Holidays Left 200k Customer Call Recordings Exposed in S3 Bucket

German Bank Loses $1.64 Million in Mysterious Cashout of EMV Cards

XKCD Forum Goes Offline After Discovery of Data Leak Affecting 562K Members

Russel Stover Chocolates Issues Notice of Payment Card Security Incident

122,000 Providence Health Plan customers may be affected by data breach

Hackers Release "Ride Buses For Free" Code After Stealing Private Keys of a Bus Company's QR Code Ticketing App

A Huge Database of Facebook Users’ Phone Numbers Found Online

DK-Lok Data Breach Exposes Global Enterprise Client Data, Internal Emails

Today's data whoopsie is brought to you by CircleCI: Source safe, but look out for phishers

Thousands of Servers Infected with New Lilocked (Lilu) Ransomware

Massive Data Leak Impacts Millions of People and Big Swedish Companies Including Volvo, SAS, Ericsson, Husqvarna, and SKF

Meridian Community College Provides Notice of Data Incident

Job-Seeker Data Exposed in Monster File Leak

Hackers Get $4.2M from Oklahoma Pension for Retired Police

Schools in Arizona's Flagstaff closed for second day due to cyberattack

World Of Warcraft Classic Is Currently Facing DDoS Attacks And Is Down For Many Players

Wikipedia Knocked Offline in Europe after 'Malicious DDoS Attack'

North Carolina Boy Scouts PII compromised

Secret Service Investigates Breach at U.S. Govt IT Contractor

Over 50,000 Australian University Students Using 'Get' App Impacted by a Data Breach

UNICEF data leak reveals personal info of 8,000 online learners

Hackers Target Wakulla Schools, Shut Down District-wide Emails in Ransomware Attack

198 Million Car-Buyer Records Exposed Online for All to See

Credit card data from Russell Stover breach shows up for sale on the dark web

Souderton Area School District Contending With Ransomware Cyberattack

Insecure Database Containing 17 Million Email Addresses Exposed a Massive Fraud Scheme Impacting Vendors like Groupon, TicketMaster

Ransomware Attack on Premier Family Medical Reportedly Impacts Records of 320K Patients

Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers

Radio Broadcaster Entercom Hit with Ransomware Attack

Garmin SA Shopping Portal Breach Leads to Theft of Payment Data

School System in Connecticut Victimized by Second Ransomware Attack in Months

Salamanca schools among 13,000 districts affected by data breach

Data On Almost Every Ecuadorian Citizen Leaked

Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak

Swindon College staff and students warned over cyber attack

Hacked government contractor shares breach details as investigation continues

Data of 24.3 Million Lumin PDF Users Shared on Hacking Forum

Millions of Lion Air Passenger Records Exposed and Exchanged on Forums

Robstown police evidence, reports lost during data breach

Webcam Security Snafus Expose 15,000 Devices

Blue and White website goes down in cyber attack three hours before polls close

Millions of Americans' Medical Records are Out in the Open on the Internet

Two computers stolen from Atlanta polling site contain statewide voter data

Malaysia's Malindo Air Confirms Passenger Data Breach; Around 30 Million Passengers Impacted

Credit Card Stealing Malware Strikes Websites Of Two International Hotel Chains

Customers of Commercial Food Service Wholesaler Restaurant Depot Targeted with Phishing Emails

Scotiabank slammed for 'muppet-grade security' after internal source code and credentials spill onto open internet

US veterans and service members targeted by foreign entities online, report finds

WeWork Is Exposing an 'Astronomical Amount' of Data on Poorly Protected Wifi Network

Two years later, hackers are still breaching local government payment portals

Thinkful Confirms Data Breach Just Days after Chegg Acquisition

Mattress Company Leaks Data Records of 387K Customers

Tesco Parking App Hauled Offline After Exposing 10s of Millions of Automatic Number Plate Recognition Images

TalkTalk Hacker Also Breached EtherDelta Cryptocurrency Exchange

Wyoming hospital curtails services amid hacker attack

New Attacks Found Targeting United States’ Utilities Sector

Several months after the fact, CafePress finally acknowledges huge data theft to its customers

Cyberattacks Vandalized Kansas County Websites in August

Ransomware attack disrupts Campbell County Health

'Carpet-Bombing' DDoS Attack Takes Down South African ISP for an Entire Day

City of Woodstock Hit by a Cyber Attack

Heyyo Dating App Suffers Data Breach; Leaks Users' Personal Data, Photos, Location, and More

Airbus Hit by Series of Cyberattacks on Suppliers

Vodafone's Mobile App Briefly Exposed Customer Information

Shares in Rheinmetall drop after company discloses malware attack

DoorDash Suffered a Data Breach that Affected 4.9 Million People

Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data

Cyber-Attacks Hit Defense Contractors in Europe and North America

Tomo Drug Testing Facility Issues Notification of Security Incident

Rural Southwestern Ontario Hospitals Struck by Cyberattack

Hacker Steals Sensitive Customer Details of Fragrance Direct without Leaving a Whiff of Smell

Driver's License Thefts Spur ADOT to Boost Online Safeguards

Malware

Sodinokibi Ransomware Spreads via Fake Forums on Hacked Sites

Astaroth Trojan Uses Cloudflare Workers to Bypass AV Software

Fake BleachBit Website Built to Distribute AZORult Info Stealer

Cyber criminals tap into web social engineering toolkit

Hacked SharePoint Sites Used to Bypass Secure Email Gateways

Zyxel Devices Can Be Hacked via DNS Requests, Hardcoded Credentials

JSWorm: The 4th Version of the Infamous RansomwareSecurity Affairs

Newly discovered Domen toolkit leverages fake browser and software update alerts to spread malware

Just An SMS Could Let Remote Attackers Access All Your Emails, Experts Warn

TrickBot Makes Heavy Use of Evasion in Recent Attacks

Ransomware Adopts DoppelPaymer Name Given by Researchers

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

FunkyBot Malware Intercepts Android Texts, 2FA Codes

Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Campaign

GootKit Malware Bypasses Windows Defender by Setting Path Exclusions

Cyber Command's biggest VirusTotal upload looks to expose North Korean-linked malware

Fake PayPal Site Spreads Nemty Ransomware

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group

‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

Exploit Kits Target Windows Users with Ransomware and Trojans

PsiXBot Adds PornModule, Google DNS Service to Its Arsenal

Microsoft Phishing Page Uses Captcha to Bypass Automated Detection

Windows RDP server access peddled to anyone with pocket change

Dissecting the 10k Lines of the new TrickBot Dropper

Virtual Disk Attachments Can Bypass Gmail and Chrome Security

Back-to-School Scams Target Students with Library-Themed Emails

Ryuk Related Malware Steals Confidential Military, Financial Files

WatchBog Crypto-Mining Botnet Relies on Pastebin for C&C

Facebook, YouTube used in Brazilian phishing scheme

New WiryJMPer Dropper Hides Netwire RAT Payloads in Plain Sight

The new target that enables ransomware hackers to paralyze dozens of towns and businesses at once

Android Flashlight Apps Request up to 77 Permissions

Simjacker attack exploited in the wild to track users for at least two years

Destructive Ordinypt Malware Hitting Germany in New Spam Campaign

New Linux malware mines crypto after installing backdoor with secret master password

Emotet is back: botnet springs back to life with new spam campaign

Gootkit malware crew left their database exposed online without a password

TFlower Ransomware - The Latest Attack Targeting Businesses

The Legend of Adwind: A Commodity RAT Saga

Google Calendar Settings Gaffes Exposes Users' Meetings, Company Details

New ransomware strain uses ‘overkill’ encryption to lock down your PC

Ramnit Malware Makes a Return with New Tricks

Smominru Mining Botnet In Cyber Turf War With Rival Malware

Microsoft Phishing Page Sends Stolen Logins Using JavaScript

CookieMiner malware targets Macs, steals passwords and mines for cryptocurrency

Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads

Attackers abuse security feature to deliver malicious content via video ads

Old Magecart web domains resurrected for fraudulent ad schemes

Fake SSO Used In Multi-Email Provider Phishing

Selfie Android Apps with 1.5M+ Installs Push Ads, Can Record Audio

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website

xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations

Hello! My name is Dtrack

New North Korean malware targeting ATMs spotted in India

Free Decryptors Released for Two Ransomware Families

‘Narrator’ Windows Utility Trojanized to Gain Full System Control

Microsoft Phishing Attack Uses Google Redirects to Evade Detection

Emsisoft Releases Bug Fix for Bitcoin-Ransoming Malware WannaCryFake

More Hidden App Malware Found on Google Play with over 2.1 Million Downloads

Tracking the Chameleon Spam Campaign

Percentage-Based URL Encoding Used by Phishers to Evade Detection

"Fileless" NodeJS Malware Burrows Deep Within the Host

Who IsErIk: A Resurface of an Advanced Persistent Adware?

Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme

Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault

Credit card skimmers target shopping websites popular with Singaporeans, 1,700 cards for sale on Dark Web

Notorious GandCrab hacker group 'returns from retirement’

Fake Employment Site Created to Target Veterans With Malware

Adobe and Google Open Redirects Abused by Phishing Campaigns

Researchers Disclose Another SIM Card Attack Possibly Impacting Millions

Fake Apps Sneak Gambling Into iOS and Android App Stores

Arcane Stealer V Takes Aim at the Low End of the Dark Web

New Masad Stealer Malware Exfiltrates Crypto Wallets via Telegram

New WhiteShadow Downloader Uses MSSQL Servers for Malware Delivery

Researchers Spot Clever New Malware That Turns Computers Into Cybercrime Accomplices

New PDFex attack can exfiltrate data from encrypted PDF files

New 'Gucci' IoT Botnet Targets Europe

Vulnerabilities

USBAnywhere Vulnerabilities Found on Supermicro Servers Could Allow Hackers to Exploit Them Remotely

WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

Code Execution Flaws Found in EZAutomation PLC, HMI Software

Android Zero-Day Bug Does Not Make It on Google’s 'Fix' List

Zero-day disclosed in Android OS

Tackling Joomla GoogleMaps Plugin SEO Spam Injection

Multiple Code Execution Flaws Found In PHP Programming Language

Metasploit team releases BlueKeep exploit

Critical Exim TLS Flaw Lets Attackers Remotely Execute Commands as Root

Telnet Backdoor Vulnerabilities Impact Over a Million IoT Radio Devices

Several Vulnerabilities Found in Red Lion HMI Software

Microsoft Teams Can Be Used To Execute Arbitrary Payloads

Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext

Intel server-grade CPUs impacted by new NetCAT attack

ForAllSecure Uncovers Vulnerability in Netflix DIAL Software

Security vulnerabilities found in Bitcoin’s Lightning Network were exploited

Apps vulnerable to SQL injection via virtual assistant verbal commands

Uber Bug Allowed Hackers to Order Cabs and Food From Your Account

Google discloses vulnerability in Chrome OS 'built-in security key' feature

Five years later, Heartbleed vulnerability still unpatched

iOS 13 Passcode Bypass Lets You View Contacts on Locked Devices

Security issues and vulnerabilities across popular IoT devices have almost doubled in last 5 years

Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

Misuse of WordPress update_option() function Leads to Website Infections

AMD Radeon Driver Flaw Leads to VM Escape

Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)

Code Execution Vulnerabilities Found in Aspose PDF Processing Product

Kaspersky Unveils ICS Vulnerabilities Database

Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks

Flaw Gives Hackers Remote Access to Files Stored on D-Link DNS-320 Devices

Microsoft releases out-of-band security update to fix IE zero-day & Defender bug

Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites

Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin

Bug fixes abound in Microsoft's freshly Cascadia fonted Windows Terminal

Cisco routers have major security flaw

Cisco Routers Running IOS Found with 9.9/10-Severity Security Flaw

Tridium Niagara Affected by BlackBerry QNX Vulnerabilities

Scams

Fraudsters Make Away With $243,000 by Impersonating Company CEO in New Voice Phishing Attack

Phishers Use SCA Checks to Trick Banking Customers

Over $37 Million Lost by Toyota Boshoku Subsidiary in BEC Scam

Dubai police warn residents against fake calls and anonymous people to avert financial scams

Hackers Push iPhone Giveaway Scam From Hacked Instagram Account of Robert Downey Jr.

IRS impostors are using fake emails to trick you: How to spot a scam

Business Email Compromise Is a $26 Billion Scam Says the FBI

Scammers Go Phishing With Deepfakes

Ireland Hit by Pedophile Sextortion Email Scam

Vermont Town Working With Police, Feds After Email Scam

New Amazon phishing scam stealing credit card data

French SMS scam targets online shoppers

Huge Fake IT Support Scam ‘Made $10 Million From 7,500 Victims’

Celebrity Instagram Accounts Being Hacked to Push Scams

Chinese students in UK ripe target for scammers exploiting visa concerns

Don't fall for this Instagram phishing attack

‘Delete immediately’: Convincing Netflix scam takes your card details

Scammers using Google Alerts to spread malware, fraud

Banks Add to Confusion as Scammers Vish Thomas Cook Customers

Patches

Microsoft Releases September 2019 Office Updates With Fixes, Improvements

WordPress 5.2.3 Released with Security and Bug Fixes

Critical vulnerabilities uncovered in Danfoss SCADA product, patch now!

Android Zero-Day Bug Does Not Make It on Google’s 'Fix' List

Supermicro fixes BMC flaws that expose servers to virtual USB attacks

Mozilla, Cisco and Samba issue security updates

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

WordPress update fixes an assortment of XSS flaws

Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

Telegram Fixes Privacy Bug Caused by Improperly Deleted Messages\

Siemens Issues Advisories for DejaBlue, SACK Panic Vulnerabilities

SAP Patches Critical Vulnerability in NetWeaver

Microsoft plasters over two zero flaws in latest Patch Tuesday release

Chrome 77 Released with 52 Security Fixes

SAP September 2019 Security Patch Day addresses four Security Notes rated as Hot News

Researchers Have Issued A Serious Bitcoin Security Warning

DoS Vulnerabilities Patched in NETGEAR N300 Routers

Cisco Extends Patch for IPv6 DoS Vulnerability

Patches issued for VMware’s vSphere ESXi, VMware vCenter Server

Update Google Chrome Browser to Patch New Critical Security Flaws

Adobe patches two critical issues with Cold Fusion

Apple to Fix iOS Bug Granting Full Access to 3rd Party Keyboards

Second macOS 10.14.6 Supplemental Update plugs malware hole

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

Tags

ordinypt wiper ransomware

skidmap backdoor

sodinokibi ransomware

dtrack trojan

tflower ransomware

mobihok rat

Posted on: October 04, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite

Explore Solutions

Capabilities

Resource Library

Use Cases