Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 30, 2019

Ransomware has become the number one security risk to businesses and users. The past 24 hours witnessed several such attacks on different organizations. The victim organizations were Synoptek, the US Coast Guard Maritime facility, and Maastricht University. While Synoptek was hit by Sodinokibi ransomware, the US Coast Guard Maritime facility had to suffer disruptions due to Ryuk ransomware. On the other hand, Maastricht University (UM) announced that it was attacked by ransomware on December 23. The ransomware had encrypted almost all of the university’s Windows systems.

A new trojan named Lampion targeting Portuguese users was also identified in the past 24 hours. The trojan is distributed via phishing emails that appear to come from the Portuguese Government Finance & Tax. It uses anti-debug and anti-VM techniques to avoid being detected by security solutions.

Top Breaches Reported in the Last 24 Hours

Moss Adams breached

Unauthorized access to an employee email account of Moss Adams has affected the PII of customers or employees. Some of the information contained in the breached account includes names and Social Security numbers. The company is in the process of notifying the affected individuals.

Wyze Labs’ data breached

Smart home tech makers Wyze Labs confirmed a data leak impacting over 2.4 million of its users. The incident had occurred due to an unguarded Elasticsearch database. The database was left open for over three weeks, from December 4 to December 26.

Unsecured Amazon S3 bucket

The logomaker service Vistaprint had exposed more than 638,000 files due to an unprotected Amazon S3 bucket. Many of the leaked files were default logomaker images, while the remaining were logos made by users of the Vistaprint logomaker service. The problem was fixed as soon as the issue was noticed by Vistaprint.

CHSC and RGH attacked

San Antonio’s Center for Health Care Services (CHSC) and Roosevelt General Hospital (RGH) in New Mexico, were forced to take down their computing systems following malware attacks. While RGH suffered malware infection on November 14, CHSC was impacted by a handful of attacks during December.

Top Malware Reported in the Last 24 Hours

Lampion trojan

A new trojan called Lampion has been found targeting Portuguese users. The trojan is distributed via email templates based on the Portuguese Government Finance & Tax. The email includes a link which, when clicked, initiates the download of the malware. The downloaded files include a compressed file called FacturaNovembro-4492154-2019-10_8.zip.

Ransomware attacks

The corporate IT network of a US Coast Guard’s maritime facility was taken down for more than 30 hours after being affected by Ryuk ransomware. In another incident, cloud hosting and managed IT services provider Synoptek was hit by Sodinokibi ransomware. The company paid the ransom in a bid to restore operations. The Maastricht University also announced to have fallen victim to a ransomware attack on December 23, 2019.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Ruckus wireless routers

Three critical remote code execution vulnerabilities in Ruckus Wireless routers have been discovered by security researchers. The flaws can let malicious hackers bypass the routers and take control of it remotely. The vulnerabilities exist in the web-based interface. Ruckus has fixed the security flaws with the release of a new 200.7.10.202.92 version. Customers are advised to update their router and apply the patch.

Related Threat Briefings