Round Up of Major Breaches and Scams
A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned. When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach brokers who market and sell the data for them. Brokers will then create posts on hacker forums and dark web marketplaces to market the stolen data.
Ticketmaster agreed on Wednesday to pay a $10 million fine to escape prosecution over criminal charges accusing the company of hacking into the computer system of a startup rival. A judge in federal court in New York City signed off on the deal in what’s been a long-running legal battle that challenged Ticketmaster’s dominance over ticket sales for concerts by major music acts. The Live Nation subsidiary had been facing multiple charges of conspiracy to commit hacking and wire fraud targeting a Brooklyn-based company called Songkick.
A Florida man has filed a class-action lawsuit regarding data breaches at Wyndham Capital Mortgage. Ethan Darnell filed the complaint on Dec. 10 in North Carolina’s Western District Court. In October, Charlotte-based Wyndham alerted clients and state attorneys general about an email data breach the month prior. A Wyndham employee sent an email with clients’ personal information to an unauthorized account.
Google Chrome continues to be the world’s number one browser, and according to third-party stats, it’s running on over 70 percent of the desktop computers out there. In other words, more than 7 in 10 users installed Google Chrome on their PCs, despite the operating system actually coming with a different browser. And that says a lot about how big Google Chrome has become. But at the same time, it also creates a new responsibility for Google, who now needs to make sure the browser is just working fine for everybody out there, while also providing only the best features no matter the platform.
Round Up of Major Malware and Ransomware Incidents
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords. The worm spreads by scanning for systems and running a credential spraying brute force attack. The malware leverages a hardcoded dictionary of weak credentials for the attack, such as root:123456.
Round Up of Major Vulnerabilities and Patches
Flash Player c, after always being a security risk to those who have used it over the years. Over the years, multiple zero-day and critical vulnerabilities found to impact Flash Player were used by both cybercriminals and nation-state hacking groups to install malware, remotely execute malicious code, and take over the users’ computers.