We are just one-month away from 2019 and as we start the countdown to a brand new year, let's not forget the major cyber threats and incidents that made an impact in the cybersecurity world in the month of November.
The month witnessed the discovery of several new ransomware such as XUY, Argus, DATAWAIT, BlackHat and C3YPT3OR. New variants of prominent malware like Stuxnet, TrickBot and Azorult were also found targeting processes, networks and systems of several organizations.
In the vulnerabilities section, seven new Spectre and Meltdown variants affecting AMD, ARM and Intel CPUs were discovered by academic researchers. Two new flaws dubbed as ‘BleedingBit flaw’ - that could allow attackers to install malicious firmware and gain access to the console port - was uncovered in Bluetooth Low Energy chips. Another new Bluetooth flaw dubbed as CarsBlues was found affecting millions of vehicles and this could allow attackers to steal Personally Identifiable Information (PII) of drivers.
Talking about breaches, an ElasticSearch server exposed 73 GB of data belonging to about 57 million US citizens. The leaked information included first name, last name, employer ID, job title, email address, physical address, state, ZIP code and other sensitive data of residents.
Scammers were observed using simple social engineering techniques to fool both individuals & organizations and steal crucial data. In one such event, fraudsters managed to steal $21.5 million from European-based cinema chain Pathé via phishing email.
Microsoft released security patches to address several issues such as a Windows zero-day exploit, a remote code execution flaw in Outlook 2010 and a Flash Player vulnerability in Windows 10.
Here’s a detailed list of all the breaches, malware, vulnerabilities, scams and patches that were reported in November.