Last Updated on March 12, 2019

The first timeline of February is finally here… Bringing us a trove of megabreaches and millions of accounts leaked and published in the dark web.

All this thanks (??) to a malicious actor with the moniker of Gnosticplayers has (or have) put on sale on the dark web a couple of leaks of respectively 617 and 126 million records stolen from dozens of websites (spoiler alert: the leak does not end here…) including: MyFitnessPal, MyHeritage, ShareThis, Houzz, Ixigo, etc.

The crypto landscape continues to be quite troubled with two novelties this fortnight: the first example of a clipboard hijacker found in the Google Play Store in disguise of MetaMask, a legitimate app, and also the first example of miners found in the Microsoft Store (this is really democracy!).

Other interesting events include another breach to Dunkin’ Donuts, the compromise of North Country Business Products, a PoS solution provider (leading to the exposure of payment information for clients at 137 restaurants).

But at this point I bet you are more interested in browsing the timeline rather than reading my comments, so feel free to read it all, share it, and spread the verb of security awareness throughout the community. And obviously and don’t forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1129/01/2019?Vulnerable Ubiquiti Networks devicesJim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), reveals that threat actors are targeting nearly 500,000 Ubiquiti devices exposed online via a discovery service accessible on UDP port 10001.Ubiquiti Networks devices vulnerabilityY Multiple IndustriesCC>1Jim Troutman, Northern New England Neutral Internet Exchange, NNENIX), UDP, 10001
2231/01/2019?Metro BankMetro Bank falls victim of an SS7 attack.SS7 AttackK Financial and insurance activitiesCCUKMetro Bank, SS7
3331/01/2019?Multiple IndustriesResearchers from GreatHorn discover a widespread phishing campaign, targeting executives across a number of industries with messages pretending to be from the CEO, and asking to reschedule a board meeting.Account HijackingY Multiple IndustriesCC>1GreatHorn
4431/01/2019?Centinela Valley Union High School DistrictCentinela Valley Union High School District notifies employees of a W-2 phishing incident.Account HijackingP EducationCCUSCentinela Valley Union High School District
5501/02/2019?Huddle HouseFast food restaurant chain Huddle House discloses that they were affected by a data breach in the point of sale system at some locations that allowed attackers to steal payment information.PoS MalwareI Accommodation and food service activitiesCCUSHuddle House
6601/02/2019OceanLotusTargets in VietnamResearchers from Palo Alto Networks' Unit 42 discover a new campaign carried out by the Vietnamese APT OceanLotus using a new Kerrdown downloader.Targeted AttackY Multiple IndustriesCEVNPalo Alto Networks, Unit 42 discover a new, Kerrdown
7701/02/2019?Reproductive Medicine and Infertility AssociatesReproductive Medicine and Infertility Associates announces that it was the target of a malware attack in December that may have exposed the personal information of its clients.MalwareQ Human health and social work activitiesCCUSReproductive Medicine and Infertility Associates
8802/02/2019?Olympia Financial Group Inc.Olympia Financial Group Inc. announces that it was subject to a ransomware cyber attack on its information technology systems.MalwareK Financial and insurance activitiesCCUSOlympia Financial Group Inc., ransomware
9902/02/2019?Single IndividualsA new sextortion scam emerges, stating that the popular adult site Xvideos.com was hacked and recorded a visitor through their webcam. The scam emails states that this script was able to connect back to the visitors computer to steal their data.SpamX IndividualCC>1Xvideos.com
101004/02/2019?Eskom GroupSouth African energy supplier Eskom Group is hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan.MalwareD Electricity gas steam and air conditioning supplyCCZAEskom Group, Azolrut
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.