Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence August 30, 2018 - Featured Image

Daily Threat Briefing Aug 30, 2018

Top Malware Reported in the Last 24 Hours

Asacub malware

Asacub is one of the world's most prolific banking malware. It was developed in 2015 when it contained more spyware capabilities. The Trojan has infected over 225,000 users, almost all of whom are from Russia. By setting itself as the default messaging app, Asacub can withdraw funds from phones running an application used by one of Russia's largest banks.

CEIDPageLock

A new version of the CEIDPageLock rootkit has been discovered. It is being distributed via the Rig exploit kit. The malware can monitor victims' browser activities and tricks victims into visiting fake websites. The rootkit has infected over 10,000 victims in China and around 40 in the US. The rootkit allows threat actors to obtain account credentials, deliver malicious payloads, and collect data without consent.

BusyGasper spyware

The BusyGasper Android spyware has recently been discovered by security experts. The malware is not being distributed via traditional means. Attackers require physical access to a targeted device to install the spyware. BusyGasper has infect 10 victims in Russia. The spyware can detect motions, steal data and keylog.

Top Vulnerabilities Reported in the Last 24 Hours

TPM chips bug

A grey area vulnerability has been discovered in TPM chips. The bug works against computers which use a TPM chip that uses a static root of trust for measurement (SRTM) system for the boot-up routine. Two new attacks on TPM chips have been disclosed. The attacks can allow an attacker to tamper with the boot-up process. While an attacker abuses power interrupts, the TPM state restores to obtain valid hashes for components involved in the boot-up process. The second attack affects TPM chips that use a dynamic root of trust for measurement (DRTM) system for the boot-up routine.

Schneider Electric flaw

Multiple vulnerabilities have been discovered affecting Schneider Electric firmware. The cross-site scripting enables attackers to manipulate user input and launch remote code execution attacks. Together, successful exploitation of the vulnerabilities allows unauthorized users to replay authentication sequences, overwrite passwords, or decode passwords. Schneider has issued patches for the bugs.

Top Breaches Reported in the Last 24 Hours

Huazhu Hotels breach

Chinese hotel chain Huazhu Hotels suffered a data breach that resulted in over 130 million of its guests' data being put up for sale on the dark web. The stolen data is being sold in a Chinese dark web forum for 8 bitcoins. The Chinese hotel chain operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities. The compromised data includes official website registration information such as ID card numbers, mobile phone numbers, email addresses, home addresses, and more.

TheTruthSpy hack

TheTruthSpy, a company that sells spyware to domestic abusers, was hacked. Attackers breached TheTruthSpy's servers and stole login credentials, photos, audio recordings intercepted from victim’s phones, text messages, location information, and social media chats and more.

Air Canada breach

Air Canada's mobile app users may have been affected by a data breach. The personal information of around 20,000 users may have been compromised by the breach. Users' names, email addresses, and phone numbers may have been stolen. Following the breach, the airline has locked down all 1.7 million user accounts until their passwords are changed.

Related Threat Briefings