Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence December 27, 2018 - Featured Image

Daily Threat Briefing Dec 27, 2018

Top Breaches Reported in the Last 24 Hours

BevMo website breached

Unauthorized access to BevMo website has resulted in the compromise of personal and financial data of nearly 15,000 customers. The firm disclosed that the intruders launched malicious code in the checkout page after gaining access to the website. The malicious code was designed to capture payment card details of customers. The information compromised in the breach includes names, credit or debit card numbers, expiration dates, CVV2 codes, billing addresses, shipping addresses and phone numbers of customers. The breach is believed to have affected customers who placed orders between August 28, 2018, and September 26, 2018. the firm has informed the potentially affected customers and law enforcement agencies about the breach. It has also removed the malicious code from the website to prevent hackers from gaining further access to customers' sensitive data.

Top Malware Reported in the Last 24 Hours

JungleSec ransomware

Notorious ransomware called JungleSec has been found leveraging unsecured Intelligent Platform Management Interface (IPMI) to infect Windows, Linux and Mac systems. IPMI is used by administrators to manage servers remotely. It comes either inbuilt in the motherboard or can be installed as an add-on card. Incidents of exploiting the security loopholes of IPMI to launch the JungleSec ransomware has surfaced recently. In one instance, the attackers were found leveraging the default manufacturer passwords of IPMI to access the servers. Once the attackers gain access to the targeted server, they can reboot the computer to single user mode in order to get root access and download ccrypt encryption program. The program is used to encrypt the files on a victim's computer. Once the ransomware finishes the encryption process, it displays a ransom note which contains instructions on how to retrieve the encrypted files.

Top Scams Reported in the Last 24 Hours

Netflix phishing scam

The US'Federal Trade Commission is alerting users about a new Netflix phishing scam that involves cybercrooks stealing payment card details from Netflix users. The scammers send phishing email - that appear to come from the online streaming service - to the victims and ask them to update their payment info as the company is facing some trouble with the existing billing info. The email comes attached with a link for updating the payment details. Users are urged to be cautious about such emails asking for payment card details. Look out for grammatical and spelling mistakes in order to figure out a phishing email. Visit the site by typing the name in the address bar instead of clicking on the link that comes attached in an email.

Related Threat Briefings