Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 31, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 31, 2018
Top Breaches Reported in the Last 24 Hours
My Health Record breaches
The 2017-18 annual report submitted by the Australian Digital Health Agency (ADHA) revealed that My Health Record has recorded a total of 42 data breaches between July 1, 2017, and June 30, 2018. 17 breaches involved the Department of Human Services accessing e-health records to cross-check Medicare records. Another 22 breaches involved unauthorized Medicare claims. The Office of the Australian Information Commissioner has contacted the potentially affected individuals. Over 17 million Australians have their private medical records uploaded on the My Health Record website. As per the latest amendment passed by the House of Representative, a person can opt out of the federal's national health record system on or before January 31, 2019.
Top Malware Reported in the Last 24 Hours
US Newspapers suffers a cyber attack
Several prominent newspapers in the US have suffered a massive cyber attack over the weekend. Security experts suspect that the attack originated from outside the US and involved the use of Ryuk ransomware. The affected newspaper includes the name of Los Angeles Times, New York Times, Wall Street Journal and the San Diego Union-Tribune.
Smoke Loader and AZORult trojans
A new spam email campaign that is used to deliver Smoke Loader and AZORult trojans has been discovered by security researchers. The campaign is used to target Japanese users. The spam email contains a fake link to the Japan Meteorological Agency(JMA) - that alerts the recipients about a fake tsunami. When clicked on the link, it redirects the users to a fake website and downloads Smoke Loader and AZORult trojans in the background.
Roma225 campaign
A new espionage campaign dubbed as 'Roma225' has been found targeting companies in the Italian automotive sector. The campaign is used to distribute Revenge RAT variant via phishing emails. When installed, the RAT connects with the C2 server to send back victims' machine information to hackers.
Top Vulnerabilities Reported in the Last 24 Hours
Windows Zero-Day vulnerability
A new zero-day vulnerability impacting Windows operating systems has been discovered by a security researcher recently. The bug could allow attackers to overwrite 'pci-sys' file and even cause a denial-of-service attack on targeted machines. Furthermore, the bug can disable third-party AV software on the affected systems.
Voicemail systems vulnerable
Researchers have discovered that voicemail systems can be compromised by using a brute-force attack. Recently, a proof-of-concept of the hack was released which showed how the attack could be leveraged to obtain access to accounts on WhatsApp, Netflix and PayPal. When compromised, attackers can listen to automated password reset messages sent by online servers.
Oracle BI Publisher flaws
Several flaws have been detected in the Oracle Business Intelligent Publisher installed on the remote host. The affected versions are 11.1.1.7.x prior to 11.1.1.7.180717, 11.1.1.9.x prior to 11.1.1.9.180717, 12.2.1.2.x prior to 12.2.1.2.180717, and 12.2.1.3.x prior to 12.2.1.3.180717. The flaw exists in the Layout Tools of Oracle Fusion Middleware.