Last Updated on June 11, 2019

Here’s the second timeline of May covering the main events occurred in the second fortnight of May (part I here). I am glad to announce that this timeline confirms the decreasing trend in the number of events (61 vs. 69 reported in the first timeline, and 74 in the second timeline of April).

So where do we want to start from? For sure there have been multiple high-profile targets that have disclosed breaches in this period. The list includes: Stack Overflow (attackers accessed production systems), TeamViewer (the attack happened in 2016!), Computacenter UK Ltd. (victim of a phishing attack), and Canva (139 million records leaked by the infamous Gnosticplayers).

With regards to Cyber Espionage, new and well-known actors continue to make the headlines: MuddyWater, APT10, Emissary Panda, Turla, and TA505 are just a few examples of state-sponsored actors that appear in this timeline.

And, last but not least the social networks are becoming the new battleground of cyberwar, this fortnight has also seen the discovery of two campaigns spreading misinformation via social media and fake websites.

As usual it’s impossible to summarize everything in few lines, so feel free to browse the timeline, share it, and spread the verb of security awareness throughout the community. And also do not forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1116/05/2019?Stack OverflowIn a short announcement, Stack Overflow informs that it was the target of an attack that resulted in hackers accessing its production systems. The breach occurred on May 5.Website VulnerabilityJ Information and communicationCCUSStack Overflow
2216/05/2019?OGUSERSOGUSERS, a forum where hackers and cybercriminals trade stolen Instagram and Twitter accounts is apparently hacked.Plugin vulnerabilityU Activities of extraterritorial organizations and bodiesCCN/AOGUSERS
3316/05/2019Archimedes GroupFacebook UsersFacebook removes 265 Facebook and Instagram accounts, pages, groups and events involved in inauthentic behavior. The activity originated in Israel and focused on Nigeria, Senegal, Togo, Angola, Niger, Tunisia, Latin America and South East Asia.Fake Social Networks AccountsX IndividualCW>1Facebook, Instagram, Archimedes Group, Nigeria, Senegal, Togo, Angola, Niger, Tunisia, Latin America, Southeast Asia
4416/05/2019?Singapore Red CrossThe Singapore Red Cross says its website has been hacked and the personal data of more than 4,000 potential blood donors compromised.UnknownU Activities of extraterritorial organizations and bodiesCCSGSingapore Red Cross
5516/05/2019/The Shubert OrganizationTheater company The Shubert Organization discloses a data breach. An authorized party had accessed certain Shubert employees’ email accounts, which contained customer information.Account HijackingR Arts entertainment and recreationCCUSThe Shubert Organization
6617/05/2019Attackers from ChinaTeamViewerTeamViewer confirms today that it has been the victim of a cyber attack which was discovered during the autumn of 2016, but was never disclosed. This attack is thought to be of Chinese origins and utilized the Winnti backdoor.Targeted AttackM Professional scientific and technical activitiesCEDETeamViewer, Chinese, Winnti
7717/05/2019UnistellarUnsecured MongoDBOver 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored.MisconfigurationY Multiple IndustriesCC>1MongoDB, Unistellar
8817/05/2019?Oregon Construction Contractors BoardThe Oregon Construction Contractors Board says it has discovered a breach involving 8,013 accounts. Unauthorized individuals gained access to some contractors’ usernames and passwords between Oct. 27 and Oct. 29, 2018, and was discovered on April 12, 2019UnknownO Public administration and defence, compulsory social securityCCUSOregon Construction Contractors Board
9917/05/2019?Cancer Treatment Centers of AmericaCancer Treatment Centers of America sends notification letters to patients whose protected health information was in an employee email account compromised by a phishing attack.Account HijackingQ Human health and social work activitiesCCUSCancer Treatment Centers of America
101018/05/2019?LibertyBusPasswords and log-in details for hundreds of LibertyBus customers are obtained by attackers, who used a spoof website to divert those wanting to top up their pre-paid cards.Account HijackingH Transportation and storageCCUSLibertyBus
IDDateAttackTarget ClassAttack ClassCountryTags

This Post Has One Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.