Cyware Weekly Cyber Threat Intelligence November 12 - 16, 2018

Weekly Threat Briefing • Nov 16, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Nov 16, 2018
Take a deep breath of relief because its Friday and that means its time to welcome the weekend with our weekly roundup of the most interesting cybersecurity news. As is our custom, let’s begin with the good things that happened over the past week. The US Congress approved a bill that approves the creation of a new centralized, federal cybersecurity agency. Google and Microsoft backed French President Emmanuel Macron’s call for greater internet security. Meanwhile, researchers are working on using brainwaves as the new generation of passwords.
The US Congress approved a bill that approves the creation of a new centralized, federal cybersecurity agency. The move would reconfigure the Department of Homeland Security’s National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency (CISA).
Google, Microsoft, and other tech giants have backed French President Emmanuel Macron’s call for greater internet security. The initiative, known as the “Paris Call for Trust and Security in Cyberspace,” is aimed at tightening internet regulations and boosting protections against cyberattacks, election interference, and more.
Researchers are working on using brainwaves as the new generation of passwords. Biometrics are increasingly replacing traditional passwords and the new research involves developing a flexible and secure biometric alternative to current, traditional passwords.
Over the past week, numerous new massive data breaches and leaks have occurred. New Jersey-based charity Kars4Kids accidentally exposed over 21,000 customers’ and donors’ personal details. Google services went down briefly after the tech giant’s internet traffic was hijacked. Meanwhile, a California-based communications firm exposed a massive database containing millions of text messages and more.
New Jersey-based charity Kars4Kids accidentally exposed over 21,000 customers’ and donors’ personal details. The breach was caused by an unprotected Mongo database. The exposed data includes the emails and personal information of customers and donors.
Google services went down briefly after the tech giant’s internet traffic was hijacked by a Nigerian ISP. Google’s user traffic was routed via Russia and Nigeria before the tech giant’s IP prefixes were leaked to the Chinese state-owned telecom provider called China Telecom.
A California-based communications firm called Voxox exposed a massive database containing millions of text messages and more. The breach was caused by an unprotected Amazon Elasticsearch server. The database contained tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
Health First was hit by a data breach that may have compromised the personal data of around 42,000 customers. The firm claimed that the data breached included customers’ Social Security Numbers, addresses and dates of birth.
The past week saw various new malware, vulnerabilities and threat actors pop up. The TA505 threat actor was found testing out a new reconnaissance malware dubbed tRAT. A new malware called DarkGate, that can function as a keylogger, a ransomware and cryptominer, has been discovered. Meanwhile, the Mylobot botnet was found distributing the Khalesi malware.