Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 21, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 21, 2018
Top Breaches Reported in the Last 24 Hours
Warby Parker data breach
Warby Parker, a popular eyewear retailer, announced that it has suffered a data breach that may have affected around 198,000 customers. The information compromised in the breach includes usernames and passwords. Hackers accessed these credentials from unrelated cyber break-ins at other companies. The information retrieved from other companies was then used by hackers to gain unauthorized access to client data at several internet retailers. The firm is yet to find if customers' payment card details were affected in the breach. Warby Parker has notified both law enforcement agencies and customers about the breach.
Nokia leaks data
A faulty Etcd server has resulted in the exposure of several internal databases, passwords and secret access keys on the internet. The exposed credentials include Heketi user and admin passwords, a Redis password, a Weave password, a k8s secret encryption key, and a Gluster user private key. Apart from these, SSH and RSA private keys, a cluster key and AWS S3 secret keys were also exposed in the data leak. The faulty server is listed on Shodan search engine.
Top Malware Reported in the Last 24 Hours
DanaBot variant
A new variant of DanaBot banking trojan has been observed targeting financial institutions in Italy. The attackers leverage 'fattura' themed phishing emails to distribute the new variant. The malware is capable of stealing users'passwords and credentials from Google Chrome and Mozilla Firefox. Once the malware variant gathers the information, it sends it back to the attackers'command-and-control(C2) servers. A macro-enabled Word document is used to download the malicious DLL payload.
Miori IoT botnet
A new variant of Mirai botnet, tracked as Miori, has been found to be distributed through remote code execution vulnerability in the PHP framework of ThinkPHP versions 5.0.23 and 5.1.31. Upon execution, the malware listens on port 42352 and receives commands from the C2 server. The string obfuscation technique used by Miori is same as the original Mirai botnet. Apart from Miori, several known variants of Mirai such as IZ1H9 and APEP were also observed using the same RCE exploit for propagation.
Top Vulnerabilities Reported in the Last 24 Hours
Windows zero-day flaw PoC
A proof-of-concept(PoC) for the new Windows zero-day flaw has been released by a security researcher whose Twitter name goes by SandboxEscaper. The flaw was found affecting Microsoft's Windows operating system and could allow low-privileged users or an attacker to read the content of any file on a targeted computer.
A flaw in Huawei routers
An information disclosure flaw has been detected in several Huawei routers. The flaw, dubbed as CVE-2018-7900, exists in the router panel and can allow attackers to identify whether devices have default credentials or not. The flaw makes it easy for cybercriminals to attack routers using default credentials.
Multiple flaws in WIBU-SYSTEMS
Cisco security researchers have found several vulnerabilities in WIBU-SYSTEMS WibuKey[.]sys. These flaws could allow hackers to access partial sensitive information and perform privilege escalation. Attackers can also carry out arbitrary code execution of affected systems by exploiting these flaws.