Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 20, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 20, 2022
Millions of vehicles, with some owners working in critical sectors, were found on the verge of being hijacked by a potential hacker. The CISA has also warned against vulnerabilities in MiCODUS GPS tracker devices and urged vehicle owners to take defensive measures. A security mishap in a mental health app—and a social mood tracker—has been exposing the sensitive data of users, owing to malpractice.
Enjoy ordering food online? Magecart attacks on three online food ordering platforms stole 50,000 payment card records from 300 U.S. restaurants. The campaign, which began no later than November 12, 2021, still impacts some of the restaurants.
**Ransomware cripples construction group **
Building materials producer Knauf Group’s global operations have been paralyzed in the wake of a cyberattack. Its IT servers were brought offline to contain the attack and stop it from spreading further. Though not officially declared, the Black Basta ransomware group has claimed responsibility for the attack by listing the firm on its extortion site.
Belgium annoyed with Chinese state-sponsored attacks
Belgian officials have accused Chinese state-sponsored actors of a series of cyberattacks against its interior and defense ministries. The noted Chinese groups in the report are tracked as APT27, APT30, APT31, and Gallium. The country, which is home to NATO headquarters and the EU Commission, has urged China to stand by “the norms of responsible state behavior as endorsed by all UN member states.”
Russain hackers snoop on western entities
Cozy Bear or APT29, was seen abusing legitimate cloud services, such as Google Drive and DropBox, to target a number of Western diplomatic missions, including foreign embassies of Portugal and Brazil. The group’s phishing technique includes a malicious HTML file, called EnvyScout, which acts as a dropper for Cobalt Strike and additional payloads.
Mental health app blurted out user data
Japan-based journaling and social mood tracking app Feelyou inadvertently exposed the email addresses of close to 80,000 of its users in 177 countries. A researcher reported a vulnerability on the platform while reverse engineering several other mental health trackers and similar apps. No evidence of any attack was spotted.
New ransomware family in Rust
A dark web ransomware forum ad has listed a new ransomware family, dubbed Luna, that can encrypt multiple platforms, including Windows, Linux, and ESXi systems. The preliminary findings suggest that it is meant only for Russian-speaking threat actors. Being written in Rust, it easily evades automated static code analysis attempts. The ransom note had spelling mistakes too.
300 restaurants leaked payment card data
Card skimmers harvested payment data of customers interacting with three online ordering platforms, namely InTouchPOS, MenuDrive, and Harbortouch. The cascading effects of the attack have encompassed over 300 restaurants, and at least 50,000 compromised payment card records have already been listed on the dark web.
Flawed GPS tracker affects millions
Six security gaps in a GPS tracker device, MiCODUS MV720, pose a variety of threats to nearly 1.5 million vehicles across 169 countries. The impacted device concerns individuals at Fortune 50 firms, governments in Europe, U.S. states, a South American military agency, a nuclear plant operator, and others. An abuser can not only track the vulnerable vehicle but also extract route information, and even manipulate some data.