The first timeline of February is finally here… Bringing us a trove of megabreaches and millions of accounts leaked and published in the dark web.
All this thanks (??) to a malicious actor with the moniker of Gnosticplayers has (or have) put on sale on the dark web a couple of leaks of respectively 617 and 126 million records stolen from dozens of websites (spoiler alert: the leak does not end here…) including: MyFitnessPal, MyHeritage, ShareThis, Houzz, Ixigo, etc.
The crypto landscape continues to be quite troubled with two novelties this fortnight: the first example of a clipboard hijacker found in the Google Play Store in disguise of MetaMask, a legitimate app, and also the first example of miners found in the Microsoft Store (this is really democracy!).
Other interesting events include another breach to Dunkin’ Donuts, the compromise of North Country Business Products, a PoS solution provider (leading to the exposure of payment information for clients at 137 restaurants).
But at this point I bet you are more interested in browsing the timeline rather than reading my comments, so feel free to read it all, share it, and spread the verb of security awareness throughout the community. And obviously and don’t forget to follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
29/01/2019
?
Vulnerable Ubiquiti Networks devices
Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), reveals that threat actors are targeting nearly 500,000 Ubiquiti devices exposed online via a discovery service accessible on UDP port 10001.
Ubiquiti Networks devices vulnerability
Y Multiple Industries
CC
>1
Jim Troutman, Northern New England Neutral Internet Exchange, NNENIX), UDP, 10001
2
2
31/01/2019
?
Metro Bank
Metro Bank falls victim of an SS7 attack.
SS7 Attack
K Financial and insurance activities
CC
UK
Metro Bank, SS7
3
3
31/01/2019
?
Multiple Industries
Researchers from GreatHorn discover a widespread phishing campaign, targeting executives across a number of industries with messages pretending to be from the CEO, and asking to reschedule a board meeting.
Account Hijacking
Y Multiple Industries
CC
>1
GreatHorn
4
4
31/01/2019
?
Centinela Valley Union High School District
Centinela Valley Union High School District notifies employees of a W-2 phishing incident.
Account Hijacking
P Education
CC
US
Centinela Valley Union High School District
5
5
01/02/2019
?
Huddle House
Fast food restaurant chain Huddle House discloses that they were affected by a data breach in the point of sale system at some locations that allowed attackers to steal payment information.
PoS Malware
I Accommodation and food service activities
CC
US
Huddle House
6
6
01/02/2019
OceanLotus
Targets in Vietnam
Researchers from Palo Alto Networks' Unit 42 discover a new campaign carried out by the Vietnamese APT OceanLotus using a new Kerrdown downloader.
Targeted Attack
Y Multiple Industries
CE
VN
Palo Alto Networks, Unit 42 discover a new, Kerrdown
7
7
01/02/2019
?
Reproductive Medicine and Infertility Associates
Reproductive Medicine and Infertility Associates announces that it was the target of a malware attack in December that may have exposed the personal information of its clients.
Malware
Q Human health and social work activities
CC
US
Reproductive Medicine and Infertility Associates
8
8
02/02/2019
?
Olympia Financial Group Inc.
Olympia Financial Group Inc. announces that it was subject to a ransomware cyber attack on its information technology systems.
Malware
K Financial and insurance activities
CC
US
Olympia Financial Group Inc., ransomware
9
9
02/02/2019
?
Single Individuals
A new sextortion scam emerges, stating that the popular adult site Xvideos.com was hacked and recorded a visitor through their webcam. The scam emails states that this script was able to connect back to the visitors computer to steal their data.
Spam
X Individual
CC
>1
Xvideos.com
10
10
04/02/2019
?
Eskom Group
South African energy supplier Eskom Group is hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan.
Malware
D Electricity gas steam and air conditioning supply
