Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 14, 2020

Payment processing systems are a lucrative target for cybercriminals to steal sensitive financial data. Now, the American store chain Rutter’s was hit by a malware attack targeting its Point-of-Sale (PoS) systems. A majority of the company’s over 70 locations across Central Pennsylvania, West Virginia and Maryland were reportedly affected by the incident. The company disclosed that attackers could have potentially gained unauthorized access to some customers’ payment card data.

In other news, security researchers discovered several new malware campaigns including the ones featuring the xHelper Android malware strain that is capable of reinfecting devices after factory reset, a remote access trojan named Parallax that provides full control over infected machines, and a new ransomware strain that extorts victims with demands of sending their private photos.

Meanwhile, researchers at MIT discovered security flaws in the Voatz mobile voting app that was used during the 2018 midterm elections in West Virginia. Attackers could potentially exploit the app to see and manipulate users’ votes.

Top Breaches Reported in the Last 24 Hours

Rutter’s PoS breach

The American store chain Rutter’s was hit by a malware attack targeting its Point-of-Sale (PoS) systems. A majority of the company’s over 70 store locations in Central Pennsylvania, West Virginia and Maryland were reportedly affected by the incident. The company disclosed that attackers may have gained unauthorized access to some customers’ payment card data.

Student records exposed

The Institute of International Education (IIE) accidentally exposed thousands of sensitive student records due to an unprotected database. The exposed database contained links to students documents including passport scans, visa documents, medical forms, funding verification details, student dossiers, and more. The institute manages over 200 programmes covering 29,000 international students.

Nedbank security breach

The South Africa-based Nedbank was hit by a third-party security breach that impacted the personal details of 1.7 million users. Attackers infiltrated Computer Facilities (Pty) Ltd, a South African company that provided marketing services to the bank. The company took down its systems to prevent further attacks or breach of customer data.

Top Malware Reported in the Last 24 Hours

Parallax RAT

A remote access trojan (RAT) named Parallax was found to be widely distributed through malicious spam campaigns. When installed, it allows attackers to gain full control over an infected system. The malware was being offered for as low as $65 a month on underground forums.

xHelper Android malware

A researcher from Malwarebytes found the new xHelper Android malware strain targeting US-based phones. The malware is capable of reinfecting target devices even after factory reset by leveraging a malware dropper hidden inside certain Android directories.

Ukrainian Blackout malware

Security experts at Venafi observed that the malware used in attacks targeting Ukrainian power utilities is now being deployed widely to steal SSH keys. By compromising a single SSH key, attackers could gain undetected root access to mission critical systems to spread malware or sabotage processes, as per the researchers.

500 malicious Chrome extensions

Google removed more than 500 malicious Chrome extensions with millions of downloads from the Chrome Web Store. These extensions were found uploading private browsing data to attacker-controlled servers. Google removed the extensions due to violation of user privacy.

Sextortion-focused ransomware strain

Researchers at Emsisoft spotted a new ransomware strain dubbed Ransomwared that demands victims’ private photos to send a decryption tool to unlock all the encrypted data. However, the researchers indicate that ransomware strain is not very sophisticated in its design.

Top Vulnerabilities Reported in the Last 24 Hours

Voting app flaws

MIT researchers identified multiple security vulnerabilities in the mobile voting app called Voatz that was used during the 2018 midterm elections in West Virginia. The researchers found that an adversary with remote access to a target device could potentially alter or see a user’s vote, and that the app server could potentially be hacked to change users’ votes.

Curveball vulnerability

Security experts at Trend Micro found that “Curveball” or CVE-2020-0601, a vulnerability in the core cryptography libraries in Windows under CryptoAPI system, could be exploited by attackers to create their own cryptographic certificates. This could allow attackers to evade detection in Windows by providing fake certificates.

Top Scams Reported in the Last 24 Hours

Emotet-powered sextortion scams

Security researchers discovered a new sextortion scam sent through an Emotet botnet. The scammers sent malspam to users’ work emails. The new campaign was found to be 10 times more effective than previous campaigns.

Related Threat Briefings