Cyware Weekly Cyber Threat Intelligence February 4-8, 2019

Weekly Threat Briefing • Feb 8, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Feb 8, 2019
The Good
We’re back with the most interesting cybersecurity news of the week. Let’s start with all the positive advancements that happened in the cybersecurity landscape. Google has released a Chrome extension named ‘Password Checkup’ to protect accounts from data breaches. Google is also working to advance the cyber-security model known as confidential computing with the Asylo project. Meanwhile, Mitsubishi Electric has developed a sensor-security technology that detects malicious attacks on equipment sensors.
Google has released a Chrome extension named ‘Password Checkup’ on the Safer Internet Day (February 5, 2019). This extension checks if usernames and passwords combinations entered in login pages are one of over 4 billion credentials that Google knows to have been previously compromised in data breaches.
Mitsubishi Electric has developed the world’s first sensor-security technology that detects malicious attacks on equipment sensors by embedding a proprietary algorithm in sensor fusion algorithms. The algorithm detects malicious attacks based on the inconsistencies in measurement data.
Google is working to advance the cyber-security model known as ‘confidential computing’ with the Asylo project to protect the integrity of workloads. The confidential computing approach provides an additional layer of protection against malicious insiders, vulnerabilities and compromised operating systems.
The Bad
Over the past week, several data breaches and massive cyber attacks occurred. South Africa’s electricity provider Eskom was hit with a double security breach. Outdated New England Municipal Research Center (NEMRC) software has leaked sensitive information including Social Security number. In the meantime, the restaurant chain Huddle House disclosed a malware attack which occurred on one of its POS systems.
South Africa’s primary electricity provider Eskom was hit by not just one, but two security breaches. One was due to an unsecured database that leaked customer data online. The second breach came along with AZORult malware infection disguised as a downloader for The Sims 4 game.
The restaurant chain Huddle House disclosed in a press release that attackers breached one of its third-party point-of-sale (POS) systems with malware. The malware was designed to stole payment information such as cardholder names, credit/debit card numbers, card expiration dates, cardholder verification value, and service codes.
Outdated New England Municipal Research Center (NEMRC) software has leaked municipal employees’ sensitive information including Social Security number. NEMRC, the software was used by Vermont municipalities as well as the state’s tax department. The exposed information also included municipal taxpayer banking information such as routing and bank numbers.
British telecom company Three UK’s homepage exposed other customers’ data when searched by visitors. The exposed data included customer names, their postal addresses, phone numbers, email addresses, amongst others and were shown randomly.
The Metro Bank in the UK acknowledged that it is a victim to a malicious Signaling System 7 (SS7) attack. The flaws in SS7 were previously exploited by attackers to intercept text messages and track phones across the globe. However, the attackers have taken this attack to an all new level by emptying the bank accounts of victims.
The Australian Federal Parliament’s computer network has been hacked. Parliament’s presiding officers, Speaker of the House of Representatives MP Tony Smith and President of the Senate MP Scott Ryan confirmed that there is no evidence that any data has been accessed at this point of time. However, Australian security agencies are suspecting China to be behind this attack.
British MPs were targeted by an attempt to access their contacts list and send texts and emails to all their private contacts. Deputy Chief Whip Christopher Pincher warned MPs to be aware of the text messages and emails asking them to provide overseas contact details or to download a secure message app.
New Threats
Several vulnerabilities and malware strains emerged over the past week. Researchers spotted a new backdoor trojan dubbed ‘Speakup’ that infects Linux and MacOS systems. New vulnerabilities dubbed ‘Zombie POODLE’ and ‘GOLDENDOODLE’ were spotted affecting the HTTPS. Last but not least, a new malspam campaign distributing the ExileRAT was observed targeting the Tibetan government-in-exile.