Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 4, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 4, 2019
Luas Tram system website hacked
Dublin’s Luas Tram system website recently was hacked by cybercriminals. The company informed customers of the incident and said a malicious message was put on the home page, viewable to early visitors visiting the domain. The attackers demanded 1 Bitcoin ($3,843) to be paid within the next 5 days, or the stolen data would be published. Experts believe Luas’ payment website used by passengers to pay for fare violations has not been affected.
FoodPanda breach
Recently, Ola-owned food delivery platform FoodPanda was breached where PIIs of the customers were exposed as plaintext. Personal data like name, address, mobile number, and email ID got leaked. The flaw was identified by a Jalandhar-based cybersecurity researcher who immediately contacted the company and had the bug fixed. This type of data is a tempting target for threat actors looking for lucrative data.
MobSTSPY disguises as Legit Android app
Security researchers found a spyware, dubbed as MobSTSPY, disguised as legitimate Android apps on the Play Store. These apps have already been downloaded 100,000 times in 196 nations. The apps in question include Flappy Birr Dog, HZPermis Pro Arabe, FlashLight, Win7imulator, Win7Launcher, and Flappy Bird. The spyware can steal user data, call logs, and clipboard items. Firebase Cloud Messaging (FCM) is used to send info to its server. Additional credentials are gathered via phishing attacks. MobSTSPY is found to have the most impact on users from India. As of now, Google has removed all the fake apps from the Play Store.
Authentication bypass flaw in Skype app
A new authentication bypass flaw is found in Skype for Android. The flaw can allow anyone in possession of the victim’s phone to bypass the phone’s lock screen and access all its files, contacts, and even launch browser windows. One can even open the browser by tapping links in a sent message. The bug affects Skype on all versions of Android and exists due to coding failure and bad design in the app.
Widevine L3 DRM hacked
The L3 level of protection in Google’s Widevine DRM technology was recently cracked. This can allow someone to decrypt contents transferred via DRM-protected multimedia streams, which include Netflix, HBO, Hulu, and others. This is because Whitebox AES-128 cryptography used by the Widevine L3 platform is vulnerable to the DFA attack.
CleanMyMac X privilege escalation bugs fixed
Multiple privilege escalation bugs in MacPaw’s CleanMyMac X software were fixed. The helper functions that run as root functions can be accessed by applications without validations. As a result, an attacker with local access to the victim machine can modify the file system as root. Users should update to CleanMyMac X v4.2.0.