Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 8, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 8, 2019
Top Breaches Reported in the Last 24 Hours
Jackson County suffers a ransomware attack
Jackson County authorities have confirmed that the entire county’s systems have been hit by a ransomware attack. Following the attack, the government’s email systems remained offline over the weekend and some departments including law enforcement have had to conduct their operations entirely on paper. The type of ransomware and the payment demanded are not disclosed. The County officials have contacted the FBI. They're now working to restore the 911 and emergency systems first.
Another unprotected MongoDB exposes data
An unprotected MongoDB database has exposed almost 809 million records belonging to an email marketing firm Verifications.io.The leaky database contained 150GB data and three folders that had different records. The first folder had over 790 million unique email addresses while the second folder contained 4,150,600 records that had both email addresses and users’ phone numbers. The third folder contained than 6 million business lead records.
Venezuela left in the dark
A massive cyber attack at Guri Hydroelectric Power System caused the whole of Venezuela to go without electricity on March 7, 2019. This affected all organization and school operations. The country was plunged into darkness for 16 hours after which the power was restored.
Top Malware Reported in the Last 24 Hours
SLUB backdoor
Security researchers have discovered a new backdoor malware named ‘SLUB’ that propagates via Watering hole attack. The malware - which is written in C++ language - achieves persistence by adding a RUN key to the Windows Registry. It uses the GitHub Gist service and the Slack messaging system to communicate with the attackers. The attackers leverage the VBScript engine vulnerability to compromise targets.
Operation Pistacchietto
A new campaign named ‘Operation Pistacchietto’ has been found targeting organizations in Italy. The infection process starts with visitors being asked to update their Java with the latest version. For this, the user needs to click on a link that comes attached in a phishing email. The link once clicked, downloads a .bat file that contains a malicious script. The first part of the script includes a trick to ask user administrative privileges; the second part aims to gain persistence using the Windows Task Scheduler.
Top Vulnerabilities Reported in the Last 24 Hours
Ubuntu 14.04.6 released with a new update
Canonical has released the sixth point release to the Ubuntu 14.04.6 LTS operating system series. The latest update addresses the vulnerability in the APT package manager. It affects all Debian and Ubuntu-based operating systems and can allow a remote attacker to install malicious packages.
Insecure car alarm apps
Researchers have found security flaws in three car alarm apps created Pandora, Viper and Clifford. These bugs can be exploited by attackers to unlock a vehicle’s door and start a car’s engine. In addition, these bugs can also enable attackers to remotely activate the alarm, track any vehicle in real time and access customers’ accounts. The respective companies have upgraded the security of the apps to remove the flaws.
Cisco releases security patches
Cisco has released a series of security patches to address several vulnerabilities in multiple products. These vulnerabilities could trigger denial-of-service conditions and allow a remote attacker to gain root privileges & execute arbitrary commands. One of the updates includes a fix for a critical vulnerability in Cisco's Nexus (n)000 series switches.