Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 12, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 12, 2018
CartThief malware
A new variant of the Magecart malware, called CartThief, was found targeting various e-commerce platforms. Mainly the payment pages of the legitimate Magento-hosted retail sites were targeted by this malware. When unsuspected users enter their payment card numbers into the checkout page of the sites and submit them, the data gets collected and encrypted. The PIIs are sent to the C&C server controlled by threat actors. When the malware enters the systems, it is able to insert rogue files into the legitimate HTML codes. This allows them to access the payment page of the retail sites.
Gplayed Android Trojan
Gplayed Trojan was found offering adaptability features to the operators in order to perform various tasks. As a result, the operators can inject scripts and send the .NET code to the vulnerable Android device. This Trojan contains lots of native capabilities that help in spying and exfiltrating data. It can also display USSD messages, wipe the device contacts, collect payment card data, and set a new password.
FitMetrix data breach
Researchers recently found that millions of user information were exposed from FitMetrix, a fitness technology and performance tracking company. The breach occurred via a cluster of ElasticSearch servers. This unsecured server allowed anyone knowing their IP address to access data. Various PIIs were exposed but no login credentials, passwords, credit card data, or personal health info were compromised.
Rebound Orthopedics breach
A data breach took place in the Vancouver, Wash-based Rebound Orthopedics & Neurosurgery. As a result, personal info of about 2800 employees and patients got compromised. This incident happened as attackers were able to hack an employee’s email account via a phishing email. Information like patient names, dates of birth, Social Security Numbers, driver’s license numbers, and financial account info were exposed.
Experian glitch
A flaw in Experian’s online account recovery process exposed the recovery PINs which are required to unlock frozen accounts. So, the crooks can potentially apply for loans and credit cards as their victims using the PINs. The bug has since been fixed.
Pointer corruption bugs in Intel
Pointer corruption bugs have been discovered in the Intel Unified Shader compiler for the Intel Graphics Accelerator. The flaw resides in the ‘igdusc64’ DLL in the Intel Graphics Accelerator. The flaws may lead to arbitrary code execution and DoS conditions triggered by a VMware guest affecting VMware host. Users are advised to update their Intel Graphic Drivers to version 25.20.100.6326.
VMware 3D DoS flaw
The VMware 3D DoS flaw is found to make VMware products prone to DoS attacks. The flaw exists in the 3D acceleration feature of the VMware. An attacker can exploit this flaw (CVE-2018-6977) by using a 3D-rendering shader on a targeted system. VMware ESXi 6.0.0, 6.5.0 & 6.7.0; VMware Fusion 10.0. to 11.0; VMware Workstation Player 14.0 to 15.0 & VMware Workstation Pro 14.0 to 15.0 are affected.
Security flaws in 5G standard
Several security gaps were found in the 5G AKA protocol. As a result, criminals can access the communication between a device and a network in order to intercept conversations or steal data. Poor implementation of the standard can allow attackers to offload usable charges to other users. Researchers are working on a fix.