Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 9, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 9, 2020
With every passing day, ransomware attackers are becoming bolder and launching more targeted attacks. In a recent incident, the Springfield Public Schools district in Massachusetts was hit with a ransomware attack that led to the shut down of classes at over 60 schools. Meanwhile, the Walmart-owned Sam's Club notified many customers of credential stuffing attacks on their accounts.
The last 24 hours also saw the discovery of new malware and vulnerability threats. While Cisco addressed a high-severity flaw in its Webex Teams for Windows, Google responded to the discovery of the RainbowMix ad fraud campaign by removing over 240 apps with millions of downloads on Play Store, which were found misdirecting users through malicious pop-up ads.
Top Breaches Reported in the Last 24 Hours
Ransomware affects 25,000 students
The Springfield Public Schools district, the third-largest school district in the state of Massachusetts, was forced to shut down its systems due to a ransomware attack. After initially announcing that over 60 schools were closed due to “issues” with their network, the district later confirmed that the disruption was a result of a ransomware attack.
Sam’s Club customers hacked
Over the past two weeks, Sam’s Club has started sending automated password reset emails and security notifications to customers regarding unauthorized access to their accounts. According to the Walmart-owned retail membership chain, the credential stuffing attacks did not stem from a data breach.
Travel information leak
Researchers from Cyble found the KelvinSecTeam collective sharing leaked data from Airlink International UAE for free on two dark web forums. The leak occurred due to a misconfigured server that contained 60 directories with approximately 5,000 files each.
Top Malware Reported in the Last 24 Hours
Android ad fraud apps
Google removed more than 240 Android apps from the Play Store for showing out-of-context advertisements in violation of the platform’s policy on intrusive advertising. The ad fraud operation, dubbed RainbowMix, involved apps that were clones of legitimate apps and accumulated a total of over 14 million downloads this year.
Cryptme ransomware attacks
Proofpoint researchers reported a Cryptme ransomware campaign that targeted individual school teachers. The attackers sent email messages posing as a parent or guardian submitting an assignment on a student’s behalf. The messages contained a zip file attachment that included a macro-laden document designed to install the ransomware payload.
Top Vulnerabilities Reported in the Last 24 Hours
Flaws in Cisco Webex
Cisco patched high-severity security flaws in Webex Teams for Windows, Identity Services Engine (ISE), and 8000 Series IP cameras. The flaw in Webex could allow a local attacker with valid credentials to load malicious DLL files or Windows software libraries that run when Webex is launched.
**Microsoft Azure **
Two security flaws in Microsoft Azure App Services, which were first reported in June, could have enabled hackers to launch Server-Side Request Forgery (SSRF) attacks or execute arbitrary code and take over the administration server.