Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 7, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 7, 2019
Singapore Airlines data breach
Singapore Airlines recently suffered a data breach due to a software glitch where PIIs of 278 customers got exposed. The compromised information includes details like names, email addresses, account numbers, membership tier statuses, KrisFlyer miles, recent miles transactions, and upcoming flights. It also leaked passport details of 7 customers. But, no credit card data was compromised.
PIIs of Humana Health Insurance applicants exposed
Humana Health Insurance policy applicants received a major setback when their PIIs got exposed due to a data breach. Names, dates of birth, last 4 digits of Social Security Numbers, and other details got exposed. However, the full Social Security Numbers, health care info, and banking or credit card details were not exposed. Attackers used Banker’s Life employee system credentials to gain access to the websites. The incident was reported to the federal law enforcement.
Tampermonkey Extension installed by malware
Opera browser has blacklisted Tampermonkey v4.7.54 which is currently offered on the Chrome Web Store. This is because the extension is being controlled by Windows malware. It prevents the extension from working in the Opera browser. A sample of adware called Gom Player is found installing Chrome Web Store version of Tampermonkey. It is done to facilitate the injection of ads or other malicious behavior.
14 iPhone apps connected to Golduck malware
Wandera researchers found 14 retro gaming apps that communicated with the same server used to control Golduck malware for Android. These apps were loaded with ads that were used to trick users into granting permission for malware installed outside the App Store. The apps are not technically compromised as they don’t contain any malicious codes. But, the backdoor they open presents a risk of exposure.
WordPress bug allowing PHP injection attacks
A severe WordPress flaw is found allowing contributors to conduct PHP Object Injection attacks via crafted metadata. This results in a full system compromise. The bug allows the unauthorized disclosure of information and disruption of service. It is caused by mishandling of serialized data at phar:// URLs in the ‘wp_get_attachment_thumb_file’ function. This flaw can affect WordPress versions since 3.7. So, users are asked to update to WordPress version 5.0.1 immediately.
Critical DoS flaw affecting Yokogawa products
A serious DoS flaw is found to impact several industrial automation products manufactured by Yokogawa Electric. The flaw mainly targets the Open Communication Driver for Vnet/IP, a real-time plant network system for process automation. The vulnerable drive in question is used by many products, including CENTUM CS 3000 and CENTUM VP distributed control systems. Yokogawa has already addressed the flaw by releasing security patches for some of the impacted products. However, some of the affected software versions will not receive patches because they have reached the end of support.
TV Licensing scam email target thousands
Thousands of TV license holders were affected recently by a highly convincing phishing campaign which appears to be sent from UK’s TV Licensing authority. The spoofed emails sent by the fraudsters are designed to trick people into giving up their payment details. Scammers are found raising concern over an overpayment refund. They mention that they’ll be refunding the overpaid amount to the victims. A link is provided in the email to claim the refund. On clicking, it takes the victims to a website which asks them for payment details. The details are used for identity thefts and hacking bank accounts. More than 5000 complaints about this convincing scam have been received over the last 3 months.