Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 1, 2019

Mirai, the powerful IoT botnet that unleashed devastating DDoS attacks in 2016, is much more than what it looks. Over the years, the botnet has become more robust and sturdy in order to compromise a wide range of devices. Lately, security experts have uncovered a new sample of Mirai botnet that had its C2 server placed in the Tor network. This was done to evade detection of the C2 server.

Western Digital and its subsidiary SanDisk have warned its users about two vulnerabilities that can put users data at risk. One of the two flaws can allow threat actors to launch a man-in-the-middle attack in order to deliver malicious content to the users.

With users filing a claim to get $125 as part of Equifax’s $700 million settlement, FTC has warned that scammers are using the situation to steal personal information. The tricksters have created legitimate-looking fake Equifax websites that appear to settle claim settlement for affected users.

Top Breaches Reported in the Last 24 Hours

Club Penguin Rewritten hacked

Hackers have managed to steal login data for a little over four million accounts due to a misconfigured backdoor in a gaming website CPRewritten. An ex-employee had left behind PHP files allowing access to the website's database. This had affected email addresses, usernames and encrypted passwords of account holders.

Pearson hacked

Educational publishing company Pearson PLC is notifying several schools and universities in the US about a data breach that happened in November 2018. The hack has affected around 13,000 schools and university accounts on AIMSweb, the company’s student monitoring, and assessment platform. The data exposed included first and last names and, in some cases, date of birth and email addresses.

Honda exposes data

An unprotected Elasticsearch instance belonging to Honda has exposed information of over 300,000 employees. This exposed data includes employees’ names, email addresses, their last login, their computers' endpoint security vendor network information, OS versions, hostnames, and patch status. The database also contained data on computers used by the company's CFO, CSO, and CEO.

Website defaced

The Randolph County government website was recently hacked and replaced with a note that said ‘Welcome to Randolph County’. The home page of the website displayed a graphic of a person in a Guy Fawkes mask holding a protest sign. No information was compromised. In addition, the site did not have mention any ransom.

Top Malware Reported in the Last 24 Hours

New Mirai variant

A new variant of Mirai botnet which had its Command & Control server placed in the Tor network has been discovered by security researchers. This was done to evade detection. The variant contained four C&C servers with 30 hard-coded IP addresses. This new sample scans the TCP ports 9527 and 34567 to find vulnerable IP cameras and DVRs from remote access and control.

Magecart warning issued

The PCI Security Standards Council along with Retail & Hospitality ISAC have highlighted the growing threat of online skimming attacks through an alert. The alert warns that almost all e-commerce sites are vulnerable to the attack as they do not have effective security controls.

New malvertising campaigns

Two fresh malvertising campaigns have emerged recently. The first campaign uses exploit kit to bypass ad-blockers, while the other is known for targeting Mac users via web redirections. The first one leverages RIG exploit kit to infect a toolbar with malware whereas the second campaign redirects Mac users to a domain on the Safari browser. The domain delivers a malware-infected Flash Player installer.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable SanDisk SSD Dashboard

Two critical vulnerabilities in the Western Digital and SanDisk SSD Dashboard can allow threat actors to trick users into running arbitrary code on the computers. The vulnerabilities are tracked as CVE-2019-13466 and CVE-2019-13467. CVE-2019-13467 is the most severe among the two and affects Western Digital and SanDisk SSD Dashboard applications prior to version 2.5.1.0.

Vulnerable Prima FlexAir

Multiple vulnerabilities have been discovered in the FlexAir access control platform developed by Prima Systems. The bug can be exploited remotely and does not require advanced hacking skills. The vulnerabilities affect Prima FlexAir 2.3.38 and earlier versions. They are patched in version 2.5.12.

Top Scams Reported in the Last 24 Hours

Fake Equifax settlement claims

The Federal Trade Commission took to Twitter to warn people about a new scam where scammers are creating fake Equifax websites that appear to claim settlement for users affected in the 2017 data breach. The main intention is to steal people’s personal information.

Phony gift card scams

Phishing attacks targeting employees with phony gift card emails are on a rise. These type of attacks involves scammers impersonating a boss or co-worker of an organization and asking its peer to buy gift cards. The purpose is asked to purchase the gift cards – most commonly Google Play, Steam Wallet, Amazon, Apple iTunes or Walmart cards – and then send the codes to the attacker by email.

Related Threat Briefings