Friday, October 5, 2018

Security Breach Events in 2018, 2017, 2016, 2015, 2014

Here is a list of  top vulnerabilities found since 2015, which I am still working on to compile them together. It will come from different sources and includes those which I believe it is worth taking a note here.


2018

  1. Jan 3,  Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
  2. Jan 29,  Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
  3. Mach 20, Facebook's privacy scandal - The Guardian revealed that the personal data of 50 million Facebook profiles was illegally harvested by Cambridge Analytica.
  4. June 27, Exactis – Data warehouse / consumer marketing data – 340 million PII records accessible via unprotected, online-accessible database
  5. Jul 29, Adidas – Shoes, clothing and sports equipment – PII for millions of customers (emails, login IDs, hashed passwords) – Technical details not released, potentially vulnerability on online-accessible server.
  6. Tickemaster UK – Online tickets – PII compromised, 40,000 users had their payment system compromised and money stolen – Breached through vulnerability in 3rd party chat software used on public website
  7. Typeform – Online surveys for large companies – PII for 20,000 users affected – Backup of database downloaded by exploiting vulnerability
  8. Under Armour – Sports clothing – Email, login IDs and hashed passwords for 150 million MyFitnessPal app users compromised, no details released
  9. Delta/Sears/K-Mart – Transportation, retail – PII for hundreds of thousands of customers breached – Vulnerability in chat software provided by 3rd party [24]7.ai provider
  10. Timehop – Developer / Phone Apps – 21 million PII records compromised due to weak privileged account authentication
  11. Macy’s / Bloomingdale – Retail – Stolen user credentials were used to login and access additional PII (names, addresses, credit card information)
  12. debate2018.mx – Mexican presidential election debate content – DDoS crashed the site during a presidential debate. Attacking host originated mostly from Russia and China, 185,000 accounts requesting registration within 15 minutes.
  13. CarePartners – Home medical care – Detailed medical records stolen for 273,000 patients. Details not disclosed, attackers claim they exploited vulnerability of Internet-accessible server and weak passwords. Hundreds of Gb exfiltrated.
  14. LabCorp - Clinical medical diagnostics – Large clinical laboratories, holding medical records for millions of patients. Anomalous network activity detected on July 14. Potentially hacked, extent of breach unknown.
  15. Reddit breached employees accounts (exploited vulnerabilities in SMS authenticators). Cloud-based, 2005-2007 user data files exposed.
  16. Cryptocurrency investment platform Atlas Quantum breached, 261,000 exposed. Details not disclosed but most likely public website was compromised through vulnerabilities
  17. T-Mobile breached, PII for 2 million customers potentially accessed by malicious actors. No technical details provided.
  18. Babysitting app Sitter exposed PII of 93,000 customers through a publicly accessible MongoDB file
  19. Darden Restaurants suffered a POS system data breach - 567,000 payment cards compromised.
  20. Phishing attack on Augusta University Health leads to breach exposing PII on 400,000 persons.
  21. 50.5 million Sungy Mobile customers exposed through publicly accessible data
  22. 14 million customer records exposed in GovPayNow leak (last four digits of payment cards, names, phone numbers and addresses). Details not disclosed but most likely public website was compromised through unpatched vulnerabilities
  23. US State Department email breach leaks employee PII. Potentially due to weak authentication.
  24. Blue Cross and Blue Shield of Rhode Island and Independence Blue Cross report breached, health information for approx. 1500 patients compromised. Breached occurred due to human error in services provided by third party (supply chain). Independence Blue Cross data breach which affected nearly 17,000 people after an employee uploaded member information to an unprotected public website.
  25. Tech Bureau Corp Japanese cryptocurrency exchange hack led to $60 million being stolen during a 2 hour attack against their server. No details provided, potentially through weakness in custom code.
  26. Colorado Timberline (printing firm) out of business following multiple ransomware attacks.




2017

  • Feb 17, CloudBleed - Google vulnerability researcher Tavis Ormandy discovered a bug in the internet infrastructure company Cloudflare's platform caused random leakage of potentially sensitive customer data.
  • March 7, Wikileaks CIA Vault 7 - WikiLeaks published a data trove containing 8,761 documents allegedly stolen from the CIA that contained extensive documentation of alleged spying operations and hacking tools.
  • April, Shadow Brokers (A hacking group, stole NSA data) / EternalBlue (Released by Shadow Brokers, which alleged NSA tool)
  • May 12 , WannaCry - Ransomware :WannaCry searches for and encrypts 176 different file
    types and appends .WCRY to the end of the file name. It asks users to pay a US$300 ransom in
    bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days it claims the encrypted files will be deleted. 
  • June, Petya / NotPetya / Nyetya / Goldeneya - Ransomware , which is more advanced than WannaCry. Hit Ukraninian infrastructure hard.It spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows
  • Sep 7, Apache Struts : Equifax data breach was confirmed to be a vulnerability in Apache Struts. The security flaw (CVE-2017-5638), which was patched last March, allowed attackers to gain unauthorized access to data via remote code execution.
  • Oct 3, 3 billion Yahoo user accounts were hacked by 2013 security breach, which make yahoo tops the list of largest ever data breaches
  • Oct 16, Krack : Key Reinstallation Attack (KRACK) is a proof of concept that exploits vulnerabilities in the Wi-Fi Protected Access 2 (WPA2) protocol.
  • Nov 28, Major macOS High Sierra Bug Allows Full Admin Access Without Password

Here is another good review for 2017 security threats from youtube video  2017 Security Threats | Year in Review | WEBINAR. I have watched it and made some notes in the following points:
  • Q1. The Botnet Menace , Zeus and Conflicker, Mirai (IoT) and Pushdo (SpamBots)
  • Q2. WannaCry, Locky, H-Worm (Houdini Worm)
  • Q3. SMB, Petya (Ransomware)
  • Q4. AAEH New Hope, Apache Struts Remote Code Execution, Necurs Botnets, H-Worm



2016




2015




2014




References:




No comments:

Post a Comment