Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 12, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 12, 2018
Top Breaches Reported in the Last 24 Hours
City of Topeka
The city of Topeka confirmed that the city’s utility billing vendor may have been a victim of a cyberattack. Although a data breach was not confirmed, officials stated that around 10,000 customers may have been affected. The breach occurred between October 31 and December 7. Those customers who had set up an autopay or made a one-time transaction during this time could be affected by the breach.
Phishing campaign
Over 40,000 users fell victims to phishing attacks that involved attackers stealing their online accounts for government services. Researchers found that the login data that was stolen offered access to services in 30 countries around the world. More than half of the victims are from Italy, followed by Saudi Arabia, and Portugal. The phishing campaigns targeted both personal and corporate email accounts. The malicious emails disguised the malware as a legitimate file or archive.
Cape Cod Community College
The Cape Cod Community College was hit by hackers who stole over $800,000 from the school's bank account. The attackers used phishing emails to compromise the college's computers. Around $278,887 of the stolen money has already been recovered.
Top Malware Reported in the Last 24 Hours
Cobint
A new version of the Threadkit exploit kit was found being used by the Cobalt gang to spread the Cobint malware. Threadkit’s obfuscation technique was slightly updated, making it harder to detect. CobInt, which is the payload of Threadkit, now has an added layer of obfuscation using a XOR routine for decoding the initial payload, making it harder to analyze and detect.
Android malware
A new Android trojan, hidden inside a malicious app named ‘Optimization Battery’, has been discovered. It can steal money from users' PayPal accounts. The malware initiates automated PayPal money transfers once the user enters his/her login credentials and the two-factor authentication code. The trojan abuses the Accessibility permission and automates screen taps.
Bagle worm
Bagle, the Windows worm that was first detected in 2004, is back in action again. A new variant of the worm was discovered in recent spam campaigns. The Bagle worm contains a backdoor that eavesdrops on TCP port 6777, which is hardcoded in the worm’s body. The worm provides attackers with remote access to the infected PC and can be used to download and execute other malware from the internet.
Top Vulnerabilities Reported in the Last 24 Hours
McAfee True Key bugs
Multiple vulnerabilities have been identified in the McAfee True Key. The code execution vulnerability is caused by a weak directory permission vulnerability in Microsoft Windows client and could allow attackers to execute arbitrary code on the system. The privilege escalation vulnerabilities, which is caused by an authentication abuse flaw in the Microsoft Windows client, could allow hackers to execute unauthorized commands on the system.
Intel bugs
A vulnerability (CVE-2018-12155) has been identified in the Intel IPP which could be potentially exploited by the malicious users to compromise the affected system. A successful exploitation of this vulnerability could allow a local attacker to access sensitive information on a targeted system which can be used to conduct further attacks. Patches have been released and users are advised to update to the fixed version Intel IPP 2019 Update 1.
Norton Password Manager
A vulnerability (CVE-2018-18362) has been identified in the Symantec Norton Password Manager for Android. If exploited the bug could allow a remote attacker to steal the victim's cookie-based authentication credentials from the targeted system.