It is November now, and it means it has been 10 months since 2019 starts. In the past 10 months, the world has experienced a large number of hacks and vulnerabilities. It is time to review the scariest security incidents, data breaches, and vulnerabilities happened in 2019, and improve cybersecurity by learning from these experiences.
- Security flaw in Apple’s new iOS listens in to your iPhone/iPad without your approval through apps like FaceTime. Apple took the security flaw seriously and released a software update to resolve the bug.
- The Department of Securities in Oklahoma exposed terabytes of confidential data and these files are all downloadable by anyone. The leaked data includes not only personal data and system credentials but also FBI investigation information.
- Millions of new Android smartphones have pre-installed malicious apps. Android Open Source Project is installed in smartphones to keep the price tag down, but unsuspecting customers are in danger of purchasing devices that come with pre-installed malware.
- A new malware was discovered which hijacks ATM machines and makes it into a slot game. This malware named as WinPot or ATMPot, is designed to compromise the ATMs from an unnamed but popular vendor and force these machines to empty their pockets.
- The digital signing system in apps such as Adobe Acrobat Reader and online services like DocuSign had been broken. Faking digital signature on PDF documents can lead to the loss of money or the chaos inside private companies and public institutions.
- A way to hide malware operations by leveraging the process of speculative execution, the CPU optimization feature was found. This technique called ExSpectre, makes benign application binaries to be shown as safe even with security software apps.
- ASUS Live Update is a tool to upgrade and patch computer systems on time. A vulnerability in this tool, if exploited may have had backdoors installed on more than one million PCs without authorization.
- Google revealed Chrome zero-day under active attack. This security flaw is a memory management error in Google Chrome’s FileReader, which is a web API. This API lets web apps read the contents of files stored on the user’s computer.
- Several vulnerabilities in smartphone unlocking functions found. Facial recognition may be fooled by the owner’s face video shown in a video, while fingerprint protection can be broken by the owner’s fingerprint left on other surfaces.
- United Airlines embedded cameras on their entertainment systems, however, passengers raised privacy concerns. However, the airline claimed that it is not for monitoring passengers, but for providing possible future applications such as video conferencing.
- Facebook storing the passwords of their users in plaintext format is considered as an incident since readable passwords may be abused by employees and impact on millions of Facebook Lite users, Facebook users, and Instagram accounts.
- Indian government healthcare agency exposed more than 12.5 million medical records of pregnant women. These records include detailed medical information regarding ultrasound scan, amniocentesis, or other genetic testing of their unborn child.
- 4 Microarchitectural Data Sampling (MDS) attacks targeted on store buffers, load buffers, line fill buffers, and uncacheable memory are discovered. As the attack on line fill buffers involved Zombieload, it can retrieve more information than the others.
- Stack Overflow the largest Q&A site for programming and development-related topics reported that hackers gained access to its internal network and breached their production systems.
- Transport for London rolled out a system to track commuters via public Wi-Fi hotspots across the London Underground. They claimed that this privacy-protected data collection can improve customer services including delay warnings and station congestion.
- A nation-state-backed intelligence operation of Chinese origin broke into 10 telecom companies to gain access to call data records, the geolocation of users and other information about hundreds of millions of people.
- A Raspberry Pi device was found connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization and proper security review leads to a breach of agency’s network and the loss of approximately 500 MB data related to Mars missions.
- A security breach at American Medical Collection Agency (AMCA) exposed personal and financial information of over 20 million Americans who paid laboratory work at various clinical and blood testing labs across the US and used AMCA’s billing portal
- Google Project Zero security reported that the iMessage issue fixed in iOS 12.3 led to the Apple phones needing to be wiped and restored to function correctly. Receiving malformed message will case Springboard, the application that handles the iOS home screen, to crash and respawn repeatedly.
- A flaw in the Bluetooth communication protocol exposes modern device users to tracking and leaks their ID. Bluetooth exploit can be used to spy on users despite native OS protections and impacts on Windows 10, iOS, and macOS machines.
- There is a vulnerable password reset function in 7-Eleven’s 7Pay mobile payment app. It led to approximately 900 customers of 7-Eleven Japan have lost a collective of ¥55 million ($510,000) due to exploitation.
- Since September 2016, there are 14 iOS vulnerabilities are targeted in 5 exploit chains, according to Google. The attacks were aimed at any user accessing these sites via an iPhone, rather than aiming at particular iOS users.
- Exploitation targeting Webmin, Pulse Secure and Fortinet’s FortiGate had been started by hackers led to enterprise network risk across the world. Hackers take advantage of public technical details and demo exploit code to launch attacks against real-world targets.
- New warshipping technique gives hackers access to enterprise offices as delivery workers may inadvertently provide the bridge between hacker and victim. In order to attack, a tiny device is hidden1 in a package and shipped.
- STK and S@T Browser technologies installed on some SIM cards are abused on sim card based hijacking, which is also called Simjacking. This attack method is being abused in the real world to track and monitor individuals by surveillance vendors.
- Several high-profile accounts from the YouTube creators car community fell victim to the attacks caused by a massive wave of account hijacks already. The account hackers lured users to phishing sites, where hackers logged account credentials.
- A new ransomware targeting Linux-based servers infected thousands of servers. Their files encrypted by a new strain of ransomware named Lilocked (or Lilu). However, the way the Lilocked gang breaches servers and encrypts their content is currently unknown.
- Amazon and Google fail to address security loopholes in Alexa and Home devices more than a year after first reports. Hackers can abuse Amazon Alexa and Google Home smart assistants to eavesdrop on user conversations without users’ knowledge.
- CloudFront, Cloudflare, Fastly, Akamai, and others impacted by new Cache-Poisoned Denial-of-Service (CPDoS) web cache poisoning attack. This attack directs users to the error pages other than the legitimate sites by poisoning content delivery networks (CDN).
- Attackers are able to leverage the Apple Remote Management Service (ARMS), which is a part of the Apple Remote Desktop (ARD) feature, because there are more than 40,000 macOS systems have a particular port exposure. It leads to big DDoS attacks.
Contacts LIFARS Today For
Incident Response Services