The scariest hacks and vulnerabilities of 2019

The scariest hacks and vulnerabilities of 2019

Yes, this is one of the year-end products. And it's been a long time since 2019 that there has been a global catastrophe, or any other major news item that breaks down weekly.

Below is a summary of the last 10 months of training accidents by months.

HANUI
Powerful vulnerability in Apple FaceTime - An error in Apple's FaceTime application is that hackers can create and receive an automatic FaceTime phone without interaction from a helper, opening doors for confidential surveillance.



North Korean activists flocked to Russia in the Search Force after a Skype interview - the title of the article was clearer and well worth the read.

The protesters are trying to steal data from the Ministry of South Korea - the Seoul government claims that hackers have distributed over 30 computers and stole data from 10.

One was hit by the PHP PEAR website - We still don't know what happened, but someone broke the PHP PEAR report with the support of the PHP PEAR server.

Security can be found in 26 Pay-Credits - This report outlines the dangers of some low-cost cryptocurrencies and how hackers can steal assets all the time.

Oklahoma State Release Record Records FBI Investigation Investigation - Security and Exchange Server has allowed anyone to receive government files, such as internal files, and FBI interviews.

Iranian hackers accused of DNS training around the world - FireEye and later the Cisco Talos - have launched an Iranian hacker program that is turning traders from companies around the world through Iranian suppliers and recording company signals of future attacks. To do this, DNS management accounts are terminated by domain name registrations to perform DNS attacks. Attackers also violated the Greek high-register.

Implementation of SCP will result in 36-year-old security failure - the implementation of the 36-year-old Protocol (36P) since 1983 when four security breaches were approved were malicious SCP server disrupts the client (user) system with malicious actions that hide the cache.

LTE Security Loss - Two new LTE security features were announced this year. One affected 3G, 4G, and 5G, and another, a set of 36 vulnerabilities identified after a consolidation of South Korean security researchers.

Sites can steal browsing data by adding APIs - Researchers have found over 200 extensions for Chrome, Firefox and Opera that vulnerable to malicious websites.

WiFi software bugs related to computers, laptops, router, gaming devices - a security bug was discovered in the Marvell Avastar chip. The list of hardware related features includes the PS4, Xbox One, Samsung Chromebook and Microsoft Surface.

Malware has been updated to Android devices - sometime in 2019. First in January, when researchers discovered the problem with the Alcatel app, before installing it on Alcatel smartphones . Secondly, in June, when German internet authorities discovered a count of four smartphones.

THIS
Leaky DB reveals Chinese surveillance methods - Security researcher Victor Gevers has found a calendar release from a Chinese company that has found its test case for Muslim people, found by Chinese Uighur surveys .

Many WinRAR Errors Found - Web App researchers have identified a WinrAR bug that has affected all aspects of WinRAR since 2000. Over 500 million WinRAR users are at risk. As a result, more and more tribal and nationalist activists became involved.

Thanks to the new WinPot malware, Customers can buy - WinPot has been on the market since March 2018.

Trademarks and custom Android applications have been found with 97% accuracy - The latest machine learning algorithm can detect Tor when users are using a specific application such as YouTube, Instagram, Spotify and more.

US homeowners take VFEmail email - Doctors don't ask for payment. VFEmail called the process "attack and destruction".

Thunder vulnerability- The security bug affects the interface of Windows, Mac, Linux on Thiperbolt peripherals. You are allowed to create malicious scams that can steal your OS data.

Download PDF - A group of German researchers has found the way

Hide malicious software with a processor - Studies have found ways to keep malware on your computer using expensive execution and Intel SGX encoder system.

MAR .N
Hackers shut down offline sirens before the storm - Yes. That's bad.

ASUS Trainer in Supply Chain - Updates ASUS Live Hacks to perform malicious software on user programs. The hack is in 2018, but only released in March. There are more than millions of computers that are believed to be infected.

News GitHub News Provides 300+ Secondary Applications - GitHub Sound, which has 89 accounts, provides 73 repositories with more than 300 Windows, Mac and backdoor applications. Linux.

Bithumb cryptocurrency trading fell for the third time in two years - Police are believed to have smashed nearly $ 20 million in EOS and Ripple cryptocurrencies. At this point, it looks as if Bithumb has never been tested.

Chrome on Attack Attack Date - CVE-2019-5786, the Chrome FileReader API error, was eventually created to read content from a user's computer. Google said the error was used with zero day by the Windows 7 controller in the state.

New CPU error - Scientists have found the new Intel VISA Intel technology (internal signal transduction technology).

Hacks at French gas stations - The criminal group stole 120,000 liters of oil from Total Petrol stations in Paris when gas stations forgot to change the pin of the pump to oil.

Breaking the Citrix End - Citrix has learned of an FBI hacker. Hackers robbed business documents. Most Citrix customers are government agencies and Fortune 500 companies.

Problems unlocking smartphones - We've had a few years, but the first lawsuit was filed in October when the user discovered that the Samsung Galaxy S10's facial recognition could scam the video's owner. A month later, the user found it able to open a Nokia 9 fingerprint reader with a rubber band. Well, in October, users discovered that you can unlock the Pixel 4 Face Unlock technology while your eyes are closed, and the couple found out they could unlock their Samsung S10 to protect their fingers with any the finger of the user if the device is secure with the silicone material case. In fact, the problem of avoiding facial recognition is widespread. A non-profit Dutch study last year found that developers were able to prevent unlocked activities on 42 of the 110 smartphones they tested.

April
United Airlines seats - The airline emphasizes the cameras are not in use; however, customers pay special attention and concern through the presence of cameras.

Pusna researchers 'PWNED!' on hundreds of GPS tracking maps through an unauthorized API - More than 20 GPS tracking models have allowed scammers to track owners, acquaintances and tracking features.

Thousands of victims have been exposed to thieves via password encryption - security updates have been available for MyCar Android and iOS since mid-February to remove credentials.

The weather alert came out 90 minutes after the spyware attack - A similar attack to the French M6 in October did not happen.

Facebook agrees to saving naked passwords for millions of Instagram users - Event came a month before, Facebook also admitted to saving passwords for Facebook accounts.

Source code for Iran's Cyber ​​Mail has escaped the telegram - Tools have made it available to malware developers every day, learning more about attacks. In May and May, second and third sections are withdrawn from Iranian hackers.

The Indian government agency has released data online for millions of pregnant women online - more than 12.5 medical documents for pregnant women are available. The files were removed by the flight attendant after more than three weeks.

More iSCSI iSCSI storage clusters are streamed online without a password - The new hacker has opened an outdoor back office of NAS human resources storage devices and devices.

Gnosticplayer hacks - a hacker known as gnosticplayers saved over a billion internet user records in a few months.

A hack team can receive DNS traffic on D-Link routers for up to three months. Other router models, such as ARG, DSLink, Secutech and TOTOLINK, are also targeted. Strikes are active throughout Brazil.

is right
Hackers remove the Git repositories and request purchase

Thrangrycat Vulnerability - Thrangrycat Rescue accepts intruders to hold a naughty home on a Cisco machine. It is advisable that many Cisco devices are affected. No attacks were found in nature.

BlueKeep Nuclear Power - In mid-May, Microsoft warned of a new "terror" scandal against the RDP, later renaming BlueKeep. Later, BlueKeep (DejaBlue )'s two-anonymous attacks were released in August. After months of indirect attacks, the abuse report was released in September.

The unprotected server identifies the data to 85% of the entire population of Panama - the server has patient data, but no medical records have been processed - personally identifiable information (PII).

Software updates bring police ankle inspectors to the Netherlands - the latest update prevents ankle owners from returning data to police control rooms. As a result, it is imperative to get some suspects and put them in jail.

Israel faces response to Hamas hackers by air strike - Israeli army announces it has attacked Hamas cyber base.

Google Replace Titanium Titan Security Keys - Bluetooth synchronization capability forces Google to replace Titan keys sold in the United States. Ultimately, Microsoft was forced to issue a specific problem fix.

Hack Canva - one of the victims of Gnosticplayer. The company has crashed by 139 million user records.

StackOverflow Hack - Stack Overflow says hackers have broken the production system and hackers are insecure for more than a week.

Flipboard Hack - The hacker extension is unknown, but Flipboard says hackers have had access to their plans for nearly nine months.

London Securities to start patrols via Wi-Fi Hotspots - London for TfL says it plans to launch a vehicle search system that will use public Wi-Fi destinations in June London forthcoming.

Errors The Greatest Safe Browser - Chrome, Safari, and Firefox have not been able to see your own alerts for more than a year.

May
The hackers have smashed 10 telephone providers - Cybereason scientists say a nationwide intelligence service has scared at least 10 telecommunications companies - as hackers work de facto "IT shadow" Complex ”.

The new Silex button scams thousands of IoT devices - The attack for several days, but the hacker finishes and an unknown code for Silex malicious software.

NASA has attacked a rebel because of an unauthorized connection of the Raspberry Pi to its network - NASA has described hackers as a "progressive threat," which is generally used by hackers in the state, but gave no further details.

The famous Facebook support page has hacked - Facebok has been hacking the hack for weeks.

Google nest cameras can allow old owners to spy on new owners - Google has finally released an update.

Firefox Two Zero Days - Mozilla Adjusted Two Zero Days of Firefox [1,2] used to attack Coinbase employees.

AMCA data breach - A healthcare provider was cut off last year and hackers could sell patient data online. The change applies to many health care providers and is limited to over $ 20 million.

CBP says hackers steal licenses and photos of travelers - CBP says the subcontractor stored photos on their internal servers unauthorized and then attacked them.

HSM Major Vulnerabilities Subject Banks, Cloud Service Providers, Governments - Two security scientists have identified vulnerabilities that can be used remotely to obtain encrypted data on important software packages. called Hardware Security Modules (HSM).

The flood of SIM swap attacks has hit US cryptocurrency users - In the week of June, dozens of US cryptocurrency users are victims of SIM swap attacks.

July
The Kazakh government recognizes all local HTTPS communications - Efforts to improve HTTPS target Facebook, Google, Twitter, and other sites. Finally, Apple, Google and Mozilla have agreed to drop the certification used for HTTPS MTM attacks.

Millions of Bulgarian Data Militants - a hacker stole personal data of millions of Bulgarians and sends local newsletters via e-mails of broadcast links to stolen data. The day was stolen

Instant Potential Power - 11 - A major error in TCP libraries has affected routers, printers, SCADA, virtual machines, and many IoT devices.

Apple's AWDL strategy was offset by a lack of security - Apple introduced the virus in March, but scientists say other deficiencies need to be promoted to some Apple services. Bugs allow tracking and MitM attacks.

DHS warns of the failure of CAN buses in low-cost aircraft - DHS CyS Security Agency recommends that airline owners limit access to aircraft "to their best ability" to protect against the weaknesses they can use to fight an aircraft.

Harmful errors found in GE cosmetics - GE recommends that manufacturers do not connect harmful cosmetics to the hospital's primary networks. The company has also denied that errors can cause harm to patients, but later apologized and admitted that these problems could be life-threatening.

Los Angeles Police arrested the data breach - a personal record of more than 2,500 LA police officers stole in a hack. The insurer sent an email directly to the company as well as an example of information stating that they stole to validate its recommendations.

The Louisiana governor has declared a state of emergency following an outbreak of regional redemption - Yes. Ransomware is very bad. Then tipped Texas, dental practices and dental care providers.

Using Bluetooth can monitor and identify iOS users, Microsoft mobile devices - This vulnerability can be used to alert users regardless of native OS protections in the world and affect Bluetooth devices on Windows 10, iOS and macOS computers. These include iPhones, iPads, Apple Watch models, MacBooks, Microsoft tablets and tablets.

The 7-Eleven Japanese retailer lost $ 500,000 for a mobile app error - 7-Eleven will eventually be sold in the app.

in glory
CPAP Error SWAPGSAttack - Scientists explain the inherent weakness of CPU and Meltdown Specter CPUs - and affect all methods used by 2012 Intel devices.

Dragonblood's new anonymity - Earlier this year, two security scientists released details of five vulnerabilities (collectively known as Dragonblood) in a recent demonstration of WPA3 security and security.

Daily News 14 News - Google discovers the weaknesses of iOS 14 divided into five substance chains that have developed in the wild since September 2016. Attacks for Chinese Uyghuru users.

Weaknesses in VPN security - Hackers combine attacks on VPN Pulse Secure and Fortinet - with national players.

Windows CTF Vulnerability - Microsoft CTF Vulnerability recovered from Windows XP. The error allows hackers to hack any Windows application, unlock it exclusively, gain executive benefits.

WS-Discovery Guide Made for DDoS Attacks - The protocol adopted by DDoS for rental, is already used in real-world attacks.

Hacker One - Hacker hits Capitol One, where it stole the record of 100 million users. It also hacked another 30 companies.

Hy-Vee Card Verification - Supermarket supermarket chain has adopted a security breach on some of its Point-of-Sale (PoS) programs. They are finally given the data for sale on hacking conventions.

Workers connect nuclear power to the Internet to my cryptocurrency - The workers of the Ukrainian nuclear power plant accept the only inherent security risks of bitcoin mining. They were finally caught.

Moscow's blockchain voting system was broken a month before the election - a French scientist with a $ 15,000 net worth to find mistakes in Moscow's Ethereum-based voting system.

The US military buys $ 32.8 million worth of equipment with known security risks - List of weak products purchased by DoD including Lexmark printers, GoPro cameras, and Lenovo computers.

AT&T employees have been fined for installing malware on the company's network - DOJ says Pakistani is earning $ 1 million for AT&T employees on its network, opening more than devices 2 million goes.

Users Logs Windows Badware on Adult Web Sites - The new Varenyky Trojan horse records videos of users browsing adult sites. Currently, they are intended for French users only.

Trojan TrickBot has the ability to help exchange SIM card violations - Trojan TrickBot has detected transactions and PINs received for Sprint, T-Mobile, and Verizon Wireless accounts.

Warship Technology - Hackers can use package delivery services to send hacking software directly to your company door.

Instagram launches Hyp3r advertising company - Instagram runs a promotional company that collects data about its users.

September
Tech Attack - Security researchers have analyzed SMS-based attacks in information that can allow malicious readers to track users' devices using small apps known on SIM cards. This is found to affect SIM cards in 29 countries. There is also a second attack called WIBAttack.

Television TV Signs - Two school newspapers have found that smart TVs are collecting data on TV viewing habits.

Check Jailbreak Checkm8 - The latest Checkm8 Jailbreak released for all iOS devices using the A5 to chipset A11 on iPhone 4S to iPhone 8 and X.

Elasticsearch data filter for most Ecuador residents - personal data about Ecuadorian citizens, their feet and children, and financial records and author registration information. Then follow.

PDF Challenge Distribution - More than 24.3 million PDF Lumin users shared by users at the hacking forum in mid-September. A day later, the company admitted the crime.

Heyyo in the dating app - Almost everything except private messages have escaped.

vBulletin day and subsequent hacks - Anonymous security researcher releases zero days on vBulletin conference software. This vulnerability is used immediately to hack multiple conventions.

YouTube's biggest rivals have created YouTube creators - YouTube creators whose car and driver community have been hit by attacks that could trigger 2FAs, allowing hackers to broadcast Google and YouTube accounts.

Pipe Recovery Application (Thousand) - Thousands of Linux servers have been infected by a new forced ransomware application.

More than 47,000 Supermicro Servers Introduce BMC Ports on the Internet - Scientists have discovered a new remote control controller on Supermicro servers that have been found to find their BMC ports on the Internet.

Ransomware Insurance Insurance Company $ 95 Million - The Ransomware incident at the Danish Demant Center, which reviews analysts, lost nearly $ 95 million, one of the most expensive cases to date.

Vulnerability Exim (CVE-2019-15846) - Millions of Exim servers are vulnerable to security vulnerabilities that could allow teachers to execute malicious code with root privileges when used.

October
Avast Hack - A Czech anti-virus vendor launched a second attack aimed at threatening CCleaner's release following its covenant in 2017. Hacker said the company was attacked by a viral VPN profile.

Android Day in the Park - Scientists at Google Project Zero have discovered that Android Android was broken on a free day that coincided with Pixel, Samsung, Huawei, Xiaomi.

Alexa and Google Home have used it themselves and ereaddropping - Amazon, Google could not fix security gaps in Alexa and Home more than a year after the initial transactions.

Czech authorities disseminate Russia's cybercrime website - Czech officials say Russian officials are using local companies to launch cybercrime attacks against foreign sites. Officials say the services have received FSB support and financial assistance from government agencies in the area.

Johannesburg handle gay hacking - A group called "Shadow Kill Hackers" is asking local officials for bitcoins 4 or sending public data online. The second attack was against Johannesburg after a redemption charge came in July, when some areas were left without fire.

CPDoS attacks - CloudFront, Cloudflare, Fast, Akamai and others affected by attacking the new CPDoS cache website.

PHP7 RCE - Bug CVE-2019-11043 PHP7 can receive non-technical attacks to recover Nginx servers running PHP-FPM.

MacOS programs exploit in DDoS attacks - Approximately 40,000 macOS systems launch a specific web portal that can be used for large DDoS attacks.