Cyware Weekly Cyber Threat Intelligence November 19 - 23, 2018

Weekly Threat Briefing • Nov 23, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Nov 23, 2018
The Good
Rejoice one and all, for it is Friday! As you gear up for the weekend, it is our pleasure to bring to you the most interesting cybersecurity news of the week. Let’s first tip our hats to all the governments and companies making strides to improve security. The US army’s scientists are working on a quantum networking experiment aimed at offering soldiers more secure and reliable communications on the battlefield. Meanwhile, the FCC has launched an all-out war against scammers and robo-callers in a new initiative.
The US army’s scientists, working out of the corporate research lab (ARL), are working on a quantum networking experiment aimed at offering soldiers more secure and reliable communications on the battlefield.
The Federal Communications Commission (FCC) has launched an all-out war against scammers and robo-callers in a new initiative. US network providers are now being forced to implement a new technology called SHAKEN/STIR (Secure Handling of Asserted information using toKENs/Secure Telephony Identity Revisited).
The Indian government is planning on implementing higher penalties for companies that fail to immediately report data breaches. The Indian ministry of electronics and information technology (MeitY), is now drafting a new data protection law and new regulations that impose higher fines on firms into reporting breaches.
The Bad
Over the past week, several destructive data breaches and leaks have knocked off major companies. The breach of the week award has to go to Amazon, which suffered a massive breach just days before Black Friday. The US Postal Service (USPS) was also impacted by a breach that may have exposed over 60 million customers’ data. Meanwhile, Daniel’s Hosting, one of the most popular dark web hosting services, was knocked offline by rival hackers.
Amazon suffered a massive breach just days before Black Friday. The breach resulted in the compromise of names and email addresses of some of its customers. The tech giant has been tight-lipped about the details surrounding the matter, only revealing that the breach was caused due a technical error in its website.
The US Postal Service (USPS) was also impacted by a breach that may have exposed over 60 million customers’ data. The breach was caused by a year-old API flaw, that not only allowed anyone with a USPS account to view other users’ data but also alter their information without their knowledge or consent.
Daniel’s Hosting, one of the most popular dark web hosting services, was knocked offline by rival hackers. The attack occurred on November 15, 2018, and has resulted in the loss of 6500 plus Dark Web services hosted on the platform.
San Diego-based communications company Vovox exposed around 26 million text messages, as well as other sensitive customer data like phone numbers, password reset links and security codes, two-factor verification codes, shipping notification and more.
New Threats
Multiple new malware, ransomware and threat actors emerged over the past week. A new Trickbot variant was discovered being distributed as part of a new campaign posing as coming from Llyods bank. Over a dozen malware-laced Android apps were discovered on the Google Play Store. Meanwhile, a new variant of the Rotexy malware, that combined the capabilities of both a banking malware and a ransomware, was discovered.