The game of ‘naming and shaming’ victims continues! Now the operators of Sodinokibi ransomware have threatened to publish the stolen data of a German automotive supplier, GEDIA Automotive Group after the company did not respond to the ransom demand. The attackers have managed to steal more than 50GB including drawings, data of employees and customers.
The past 24 hours also saw a Magecart attack on sites belonging to a reseller of tickets for the Euro Cup and the Tokyo Summer Olympics. The purpose of the attack was to steal customers’ payment card details from the checkout pages of the sites.
Top Breaches Reported in the Last 24 Hours
30,000 Cannabis users exposed
An unsecured Amazon S3 bucket belonging to THSuite had exposed over 85,000 files including more than 30,000 records with PII. The incident had affected three clients: Amedicanna Dispensary, Bloom Medicinals, and Colorado Grow Company. The exposed PII included names, home and email addresses, dates of birth, phone numbers, medical ID numbers, and much more.
Top Malware Reported in the Last 24 Hours
Sodinokibi ransomware threatens
Operators of Sodinokibi ransomware are now threatening to publish data stolen from GEDIA Automotive Group after they failed to comply with their ransom demand. Following the attack, the ransomware had encrypted all computers on the company's network.
A hacking campaign that involves the use of PupyRAT is suspected to be used against the European energy sector to gather sensitive information. The malware can infiltrate Windows, Linux, OSX, and Android to give hackers access to the victim's system, including usernames, passwords, and sensitive information across the network.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable Apple Inc’s Safari
Google has uncovered multiple security flaws in Apple Inc’s Safari web browser that allowed the tracking of users’ browsing behavior. Apple has fixed the flaws since the disclosure.
Samba issues patches
Samba has released security updates for three flaws tracked as CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344. The flaws can allow attackers to take control of systems.
Cisco patches Firepower Management Center
Cisco is urging its customers to update its Firepower Management Center software after it found a critical bug that attackers could exploit over the internet. The bug has a severity rating of 9.8 out of 10. The vulnerability is caused by a glitch in the way Cisco's software handles Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server.
Eight vulnerabilities discovered in ConnectWise’s software for Managed Service Providers (MSPs) can allow attackers to silently execute code on any desktop managed by the application. One of these vulnerabilities has been identified as a Cross-Site Request Forgery (CSRF) flaw. It is believed that an attack chain for these vulnerabilities has similarities to the August attack on Texas local and state agencies.
Vulnerable AMD Radeon graphics cards patched
A total of four security vulnerabilities discovered in some AMD ATI Radeon graphics cards have been patched recently. Three of these flaws are out-of-bound flaws and the fourth one is type confusion issue. The three vulnerabilities are tracked as CVE-2019-5124, CVE-2019-5146, and CVE-2019-5147.
Honeywell’s MAXPRO flaws fixed
Some of Honeywell’s MAXPRO video surveillance systems are affected by serious vulnerabilities. These flaws can be exploited by hackers to take complete control of the system. The two flaws are CVE-20206959 and CVE-2020-6960. The vendor has released patches for the vulnerabilities in September 2019.
Top Scams Reported in the Last 24 Hours
Posted on: January 23, 2020
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.