Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence November 27, 2018 - Featured Image

Daily Threat Briefing Nov 27, 2018

Top Malware Reported in the Last 24 Hours

Link between FakeSpy and XLoader

Researchers have discovered a connection between the Android malware families FakeSpy and XLoader. Collectively, the two malware variants have infected over 380,000 victims across the globe, primarily in Japan and South Korea. 126 domains were found sharing both XLoader and FakeSpy for deploying malware. The two malware families were also found to have links to the Chinese hacker group Yanbian Gang. The group has previously conducted heists against South Korean banks. Malware with the similar code was used by both the operators. The registrants of both of them are from China and appear to originate from the Jilin province. This is the current location of the Yanbian Gang members.

Top Vulnerabilities Reported in the Last 24 Hours

Artifex Ghostscript

Multiple vulnerabilities have been discovered in Artifex Ghostscript. The bugs include a stack-based buffer overflow vulnerability, a privilege escalation vulnerability, a memory corruption vulnerability. If exploited, attackers could allow remote attackers to bypass intended access restrictions from the targeted system. Patches have been issued out addressing the bugs. Users are advised to update to the fixed version Artifex Ghostscript 9.26 as soon as possible.

Gnuplot

Multiple buffer overflow vulnerabilities were identified in the Gnuplot command-line program. The bugs, if exploited successfully, could allow an attacker to execute buffer overflow attacks on the targeted system. Patches have been deployed addressing the bugs. Users are advised to update to the fixed version Gnuplot 5.2 patch level 5 as soon as possible.

Top Breaches Reported in the Last 24 Hours

Suncorp Bank

Suncorp Bank's customers were hit by a data breach. Customers' personally identifiable information (PII) was inadvertently leaked on a public government website and remained publicly available for two months. The leaked data included salary info, dates of birth, addresses, and employment details of some of the Suncorp customers. The exposed information also contained insurance status, beneficiary nominations, and superannuation balance of a number of Suncorp members. The data was taken down when Suncorp discovered the breach in November. Suncorp said that the affected customers will get 12 months of free access to credit monitoring and identity theft protection service. The Office of Australian Information Commissioner has been notified of this and the access to the accounts of the affected members are being reviewed.

Top Scams Reported in the Last 24 Hours

TV License Fraud

The UK’s national fraud and cyber reporting center, Action Fraud, is warning the public of a surge in TV license fraud. Between September to October this year, over 2,500 complaints were sent to Action Fraud notifying them of the scam. The scam emails claim to be coming from TV network providers and tricks victims into believing that they are due a refund. However, the scammers deploy malicious URLs that are designed to harvest victims' bank account and credit card details. The scam emails also prompt users into divulging personal information such as full name, date of birth, address, phone number, mother's maiden name, and bank details.

Related Threat Briefings