Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 22, 2019

Despite strict data protection policies, companies continue to expose users’ private data due to negligence. HMD Global inadvertantly included a data collection package inside some Nokia 7 Plus smartphones that collected device owners' information and sent to a server located in China. Meanwhile, Oregon’s Department of Human Services (DHS) suffered a data breach compromising private data of over 350,000 clients.

Apart from the data breaches that are being witnessed on a daily basis, there are also a few new threats that have been reported in the last 24 hours. Researchers uncovered that a compromised iPhone app was infecting users’ devices with malware. Researchers also detected almost 18 security vulnerabilities in the reference implementation of Java Card technology. In the meantime, the U.S. Food and Drug Administration (FDA) disclosed that security vulnerabilities were detected in Medtronic devices.

Top Breaches Reported in the Last 24 Hours

Ransomware attack

The Police Federation of England and Wales (PFEW) has been hit by a ransomware attack. The ransomware attack encrypted several databases and servers, making data and email services inaccessible. The impacted databases and servers include the PFEW national members database, claims case management system, and the booking system for conference and hotel facilities.

Nokia 7 Plus devices collected and sent user data to China

HMD Global, the company that sublicensed the Nokia smartphones inadvertantly included a data collection package inside some Nokia 7 Plus devices' firmware that collected device owners' information and sent to a server located in China.

DHS Data Breach

Oregon’s Department of Human Services (DHS) suffered a data breach compromising private data of over 350,000 clients. The breach was a result of attackers gaining access to employees’ email accounts. The compromised information includes first and last names, addresses, dates of birth, Social Security numbers, and case numbers.

Top Malware Reported in the Last 24 Hours

iPhone app contains malware

Researchers from The Media Trust uncovered that a compromised iPhone app which had been downloaded by millions of users was infecting users’ devices with malware. The malware which is hidden within the ad’s style sheet calls almost 22 malicious servers to deliver payloads.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerabilities in Java Card

Researchers detected almost 18 security vulnerabilities in the reference implementation of Java Card technology from Oracle which is used in financial, government, transportation, and telecommunication organizations.

Cisco patches critical vulnerabilities

Cisco has released patches to fix the cross-site request forgery vulnerabilities. The vulnerabilities were detected in Cisco’s IP Phone 8800 Series and IP Phone 7800 series. The vulnerabilities could allow attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

FDA discloses vulnerabilities

The U.S. Food and Drug Administration (FDA) disclosed that security vulnerabilities were detected in Medtronic Plc's implantable cardiac devices, clinic programmers, and home monitors. The medical device maker Medtronic is working on security updates to patch the vulnerabilities.

Top Scams Reported in the Last 24 Hours

Bitcoin scammer arrested

Italian authorities recently arrested a Genoa-based bitcoin scammer who impersonated a Swiss crypto firm and tricked Italian investors into investing in bitcoin via gold and cash deposits. The scammer has earned a total of $300,000.

Related Threat Briefings