Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 15, 2021

No cardholder ever wants to receive a data breach notification, but the run-up to the Black Friday sale is just about the least convenient time to receive one. Unfortunately, for some customers associated with Costco, that’s exactly what has happened. The retail giant disclosed that around five skimmers were planted on payment card devices to pilfer card numbers, CVV, and expiration dates of users.

In other threats, a new alert from the CISA is urging multiple ICS system manufacturers to patch their products that use the vulnerable Data Distribution Service (DDS) protocol. The development comes after a group of researchers demonstrated that more than a dozen vulnerabilities found in the DDS standard could be exploited to launch DoS attacks or cause buffer overflow conditions.

Top Breaches Reported in the Last 24 Hours

Misconfigured server issue

The FBI fixed a misconfigured server that allowed hacktivists to send thousands of fake emails to recipients. According to federal authorities, the misconfiguration issue allowed threat actors to temporarily hijack the Law Enforcement Enterprise Portal (LEEP) from where they executed malicious activities.

Card skimming attack

Retail giant Costco confirmed a card skimming attack that affected less than 500 users. Around five skimmers were planted on payment card devices across four Chicago-based warehouses. This enabled attackers to capture information such as names, card numbers, CVV and expiration dates of users. In other news, researchers revealed that more than 1,000 online shops are vulnerable to web skimming attacks. The sites are related to insurance, financial services, pharma, media, security, and retail.

PYSA gang dumps data of over 50 victims

The PYSA ransomware gang dumped sensitive data associated with over 50 victims on its leak site. The gang is known for attacks on educational institutions, including K-12 schools. Other affected organizations include foreign government entities and the healthcare sector.

Top Malware Reported in the Last 24 Hours

GravityRAT spotted

GravityRAT was spotted in a malicious campaign that primarily targeted Indian users. The malware was distributed via a fake SoSafe chat app. The campaign is designed to target military officials.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed ICS systems

The CISA issued an alert about a series of vulnerabilities impacting the Data Distribution Service (DDS) protocol used by multiple ICS vendors. Successful exploitation of these flaws can result in a DoS attack or buffer overflow condition. The affected products have been patched by most of the vendors.

Flaws in Diebold Nixdorf ATMs

Two flaws impacting Diebold Nixdorf ATMs could have allowed to replace the firmware on the system and withdraw cash. Researchers uncovered that security measures meant for the flaws CVE-2018-9000 and CVE-2018-9100 could be bypassed to spew cash out of the machines.

Related Threat Briefings