Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 29, 2019

Top Breaches Reported in the Last 24 Hours

St. Louis health center ransomware attack

Betty Jean Kerr People's Health Center in St. Louis disclosed that it suffered a ransomware attack potentially impacting the information belonging to 152,000 patients, medical providers, and employees. The impacted patient information includes social security numbers and addresses, and medical records were not affected.

Fast-food restaurant chain suffers security compromise

U.S. restaurant chain Krystal disclosed a security incident that affected some of its restaurants between July and September 2019. This incident is said to involve a payment processing system that some of its restaurants were using. An investigation is being conducted to determine the extent of damage this incident has caused.

Online fashion store hosts malicious script

Sixth June, an online fashion store, is said to be injected with a MageCart script that steals payment card information during checkout. A security researcher analyzed this code to find that the script collects enough details to make an online purchase, or log in to a victim’s account and reroute an order.

Huge number of payment card details on sale

More than 1.3 million payment card details were found to be up for sale on Joker’s Stash, a large carding shop on the internet. These card details were found to be primarily belonging to Indian card owners. Early analysis indicates the possibility of the details being obtained from skimming devices in POS systems or ATMs.

Georgia’s websites hit by a cyberattack

More than 15,000 websites have been defaced and taken offline in Georgia’s reportedly largest cyberattack. These websites belong to government agencies, media, banks, and courts, among others. The attack is said to have happened by breaching the network of a web-hosting provider Pro-Service.

American Cancer Society’s site infected with malware

The American Cancer Society’s online store was infected with credit card-stealing malware. The malware was found hidden in obfuscated code that pretended to be a legitimate analytics code. This code is believed to be injected into the site late last week.

Top Malware Reported in the Last 24 Hours

Microsoft warns about Fancy Bear attacks

Microsoft has published a report about the Fancy Bear threat group targeting anti-doping and sporting organizations across the world. According to this report, at least 16 sporting and anti-doping organizations were targeted by these attacks that began on September 16, 2019. The methods employed in these attacks have been found similar to those used by the Fancy Bear to launch attacks on several other organizations.

Top Vulnerabilities Reported in the Last 24 Hours

EU patches major vulnerabilities in eIDAS

Vulnerabilities in the electronic IDentification, Authentication and Trust Services (eIDAS) have been patched by European authorities today. These flaws potentially allow scammers to pose as any EU citizen or business.

Certain D-Link routers vulnerable to RCE

Security researchers reported that multiple D-Link routers are vulnerable to remote code execution. The vulnerabilities lie in the Common Gateway Interface (CGI) of the routers. There is no patch available for these flaws, and D-Link no longer supports the routers with the vulnerabilities.

Top Scams Reported in the Last 24 Hours

Banking fraud phone scam

A phone scam is targeting banking customers with the malicious actor pretending to be the bank’s fraud department. This involves the scammer asking about fake withdrawals that appear suspicious and sending a verification pin text from the bank’s number to appear credible. Then, the attacker asks the victim for the account’s PIN that allows the hijack of the victim’s account.

Blogging sites hacked for sextortion scam

Wordpress and Blogger sites are being targeted by attackers for a sextortion scam. They create a post on the hacked sites stating that the computer was hacked and that the blogger was recorded using an adult website. Security experts believe that hackers may be gaining access to the sites through credential stuffing attacks.

Related Threat Briefings