Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 9, 2020

Data breaches have become a part of the daily routine, it seems. A developer of hotel booking software, Prestige Software, leaked 10 million log files owing to a misconfigured Amazon S3 bucket. Meanwhile, cybercriminals were found selling a database containing 20 million user records, which was allegedly stolen from BigBasket, an online grocery delivery service.

In other news, the xHunt campaign was discovered to be using two new PowerShell-based backdoors, TriFive and Snugy, for unauthorized access to Microsoft Exchange Servers. Also, the HMRC was impersonated again via an SMS-based scam purporting to be tax rebate messages, leading targeted victims to phishing pages.

Top Breaches Reported in the Last 24 Hours

Luxottica discloses breach

Luxottica has disclosed a data breach that exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed. The breach, which took place on August 5, stemmed from a web-based appointment scheduling platform used by the group companies.

BigBasket data leaked

BigBasket, India’s largest online grocery delivery company, became the victim of a massive data breach. Cybercriminals were allegedly found selling a trove of data belonging to the company on the dark web. The leak contained a 15GB database containing 20 million user records, including users’ names, email addresses, password hashes, contact numbers, addresses, and location, among others.

Hotel software firm suffers breach

Prestige Software, the Spain-based hotel booking software provider, exposed over 10 million log files dating back to 2013, due to a misconfigured Amazon S3 bucket. The leaked data included hotel guests’ full names, email addresses, contact details, national ID numbers, and, in some cases, even their payment information.

Ransomware disrupts X-Cart

E-commerce software vendor X-Cart was hit by a ransomware attack at the end of October. Threat actors, reportedly, exploited a flaw in third-party software to gain access to and disrupt the firm’s store hosting systems. Some stores hosted by the platform suffered downtime, while others reported issues with sending email alerts.

Top Malware Reported in the Last 24 Hours

xHunt malware campaign

Researchers found the xHunt campaign using the PowerShell script-based backdoors, TriFive and Snugy, to gain access to compromised Microsoft Exchange servers. The campaign has been reportedly active since at least July 2018 and targeting the Kuwait government, along with shipping and transportation organizations.

Ghimob banking trojan

A new banking trojan, dubbed Ghimob, was found infecting mobile devices to target financial apps from banks, exchanges, and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique. It is the latest creation of Guildma, the threat actor behind the Tétrade family of banking trojans.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress plugin flaw

A security vulnerability in the Welcart e-Commerce plugin could allow adversaries to launch code injection attacks against vulnerable websites. The high-severity bug is a PHP object-injection vulnerability, which exists in the way the platform handles cookies. The plugin has garnered over 20,000 installations, with a large market share in Japan.

Top Scams Reported in the Last 24 Hours

Tax rebate scam

An SMS phishing scam was found targeting U.K residents with tax rebate-themed messages that contain links to phishing pages. The phishing pages mimicked the HM Revenue and Customs (HMRC) web interface and also, contained fake online banking workflows to trick users.

Related Threat Briefings