Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 28, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 28, 2018
Top Malware Reported in the Last 24 Hours
Turla backdoor
The Turla APT group's namesake backdoor, along with the group's Gazer backdoor is believed to have infected more victims than previously thought. The Turla relies on PowerShell scripts to load and execute the malware directly into computer memory. Recent versions of the backdoor have been targeting Microsoft Outlook and using PDF files to exfiltrate data.
New Android spyware
A new Android spyware has been discovered that contains multiple surveillance features. The malware can steal WhatsApp data, contacts, browser history, as well as take screenshots and photos. The malware code is publicly available and is currently believed to be still in development.
Dridex
Cybercriminals operating the Dridex banking malware have now begun leveraging a custom ransomware variant in new attacks. The ransomware is customized to target individual victims and scrambles victims' files before demanding a ransom. The ransom demanded varies according to the victim's net-worth, indicating that the malware operators have been researching their victims.
Top Breaches Reported in the Last 24 Hours
NewsNow hack
NewsNow suffered a data breach that may have compromised users' encrypted passwords. It is still unclear as how many users were affected. NewsNow is notifying its customers about the breach via email and has claimed that the breach has been resolved. The firm traced the intrusion to a line of attack that was possible because of a single line of code dating back eight years. The service provider took all affected servers offline.
DoorDash
The food delivery startup DoorDash reportedly received complaints from dozens of customers who claimed that their accounts have been hacked. However, DoorDash denied a breach, instead suggesting that the culprit may be a credential stuffing attack. DoorDash customers reported that their email addresses were altered and that the attackers placed fraudulent orders using their hacked accounts.
Port of San Diego
The Port of San Diego was hit by a sophisticated attack that resulted in over 500 employees having limited access to systems. The attack also impacted the San Diego Harbor Police Department, the law enforcement arm of the Port. The department was forced to switch to using alternative systems to continue operations.