Mexican state oil firm Pemex hit by ransomware attack

Ravie Lakshmanan

https://thenextweb.com/security/2019/11/12/mexican-state-oil-firm-pemex-hit-by-ransomware-attack/

Excerpt:

“Mexican state-owned oil firm Pemex has been hit by a ransomware attack that halted critical operations, prompting the company to disconnect its network from the internet and back up critical information from hard drives.”


Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak

https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/

Excerpt:

“On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.”


Inadequate data sanitization puts enterprises at risk of breaches and compliance failures

https://www.helpnetsecurity.com/2019/11/21/inadequate-data-sanitization/

Excerpt:

“Global enterprises’ overconfidence and inadequate data sanitization are exposing organizations to the risk of data breach, at a time when proper data management should be at the forefront of everything they do, according to Blancco.”


1.19 billion confidential medical images available on the internet

https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/

Excerpt:

“1.19 billion confidential medical images are now freely available on the internet, according to Greenbone’s research into the security of Picture Archiving and Communication Systems (PACS) servers used by health providers across the world to store images of X-rays as well as CT, MRI and other medical scans.”


A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems

https://www.wired.com/story/iran-apt33-industrial-control-systems/

Excerpt:

“Iranian hackers have carried out some of the most disruptive acts of digital sabotage of the last decade, wiping entire computer networks in waves of cyberattacks across the Middle East and occasionally even the US. But now one of Iran's most active hacker groups appears to have shifted focus. Rather than just standard IT networks, they're targeting the physical control systems used in electric utilities, manufacturing, and oil refineries.”


Canadian intelligence agencies CSE and CSIS are divided on Huawei 5G ban

Pierluigi Paganini

https://securityaffairs.co/wordpress/93837/security/canadian-intel-huawei-5g.html

Excerpt:

“The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) agencies are divided over the ban of Huawei 5G technology. Canada, along with the US, the UK, New Zealand, and Australia formed the so-called Five Eyes intelligence-alliance.”


5,183 breaches from the first nine months of 2019 exposed 7.9 billion records

https://www.helpnetsecurity.com/2019/11/14/breaches-2019/

Excerpt:

“According to Risk Based Security’s Q3 2019 Data Breach QuickView Report, the total number of breaches was up 33.3% compared to Q3 2018, with 5,183 breaches reported in the first nine months of 2019.”


 

Google is reportedly gathering health data on millions of Americans

Christine Fisher

https://www.engadget.com/2019/11/11/google-ascension-patient-records-project-nightingale/

Excerpt:

“Google is gathering detailed health record information from millions of Americans -- and it has not informed patients or doctors, The Wall Street Journal reports. According to WSJ, St. Louis-based Ascension, the second-largest health system in the US, is sharing lab results, diagnoses and hospitalization records, as well as health histories complete with patient names and dates of birth, with Google.”


Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own Tokyo 2019

Pierluigi Paganini

https://securityaffairs.co/wordpress/93512/hacking/pwn2own-tokyo-2019-day-one.html

Excerpt:

“Bug hunters have earned a total of $195,000 for finding flaws in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest.”


Phishing attacks at highest level in three years

https://www.helpnetsecurity.com/2019/11/07/phishing-attacks-levels-rise/

Excerpt:

“The number of phishing attacks continued to rise into the autumn of 2019, according to APWG.”


Buran Ransomware; the Evolution of VegaLocker

Alexandre Mundo and Marc Rivero Lopez

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Excerpt:

“McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware families like GandCrab, and they are willing to negotiate that rate with anyone who can guarantee an impressive level of infection with Buran. They announced in their ads that all the affiliates will have a personal arrangement with them.”


Anonymous and LulzSecITA hacked professional orders and telephone operator Lyca Mobile

Pierluigi Paganini

https://securityaffairs.co/wordpress/93474/hacktivism/lulzsecita-lyca-mobile.html

Excerpt:

“The #FifthOfNovember has arrived, the Italian branch of Anonymous and LulzSecITA hacked websites of professional orders, prefecture of Naples, and also the telephone operator Lyca Mobile.”


Chinese APT group Calypso hacked state institutions in six countries

Teri Robinson

https://www.scmagazine.com/home/security-news/apts-cyberespionage/chinese-apt-group-calypso-hacked-state-institutions-in-six-countries/

Excerpt:

“A Chinese-speaking APT group, Calypso, has actively been targeting state institutions in six countries, hacking systems and injecting a program to gain access to internal networks, according to a report from researchers at Positive Technologies Expert Security Center.”


Nikkei hit by BEC scammers, loses $29 million

https://www.helpnetsecurity.com/2019/11/05/nikkei-bec-scam/

Excerpt:

“Japanese media company Nikkei Inc. is the latest organization to be fleeced by BEC scammers, to the tune of $29 million.”


Ransomware Attacks Hit Everis and Spain's Largest Radio Network

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/ransomware-attacks-hit-everis-and-spains-largest-radio-network/

Excerpt:

“Everis, an NTT DATA company and one of Spain's largest managed service providers (MSP), had its computer systems encrypted today in a ransomware attack, just as it happened to Spain's largest radio station Cadena SER (Sociedad Española de Radiodifusión).”


BEC Fraudsters Divert $742,000 from Ocala City in Florida

Ionut Ilascu

https://www.bleepingcomputer.com/news/security/bec-fraudsters-divert-742-000-from-ocala-city-in-florida/

Excerpt:

“The City of Ocala in Florida fell victim to a business email compromise scam (BEC) that ended with redirecting over $742,000 to a bank account controlled by the fraudster(s).”