Cyware Weekly Cyber Threat Intelligence October 8-12, 2018

Weekly Threat Briefing • Oct 12, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Oct 12, 2018
Friday is here again, which means its time to kick back and relax as we help you catch up on the biggest cybersecurity news of the week. Before we delve into the latest malware, breaches and threat actors to have emerged over the past week, let's take a minute out to tip our hats to all the organizations and law enforcement agencies who took strides to enhance security, even as cybercriminals continue to evolve and become more advanced. California passed a new law that aims at boosting IoT security, The Wall Street Journal launched a programme designed to help small businesses improve their security. Meanwhile, US authorities charged a Chinese intelligence agent over corporate espionage.
California passed a new law that aims at boosting IoT security. The new law makes it illegal for connected device manufacturers to ship devices with default passwords. The law also makes it mandatory for manufacturers to create a unique credential for each device, or ensure that the user is forced to create a unique password when they boot up the device for the first time.
The Wall Street Journal launched a programme designed to help small businesses improve their security. The WSJ Pro Cybersecurity program offers small business information about cyberthreats, security response methods, and more via its website and newsletters.
US authorities charged a Chinese intelligence agent over corporate espionage. The suspect, Yanjun Xu, is a high-ranking director in China’s Ministry of State Security (MSS) - the country’s counter-intelligence and foreign intelligence agency. The US justice department is seeking his arrest and extradition on charges of economic espionage and attempting to steal trade secrets from several U.S aviation and aerospace companies.
The Italian police solved the five-year-old mystery of who hacked the Nasa website. The suspect claimed to be a part of the Master Italian Hackers Team and also defaced 60 other websites. The Italian police tracked him down after he opened up in social media about being part of the NASA 2013 website defacement attacks.
Several major data breaches and leaks emerged over the past week that caused substantial damage to organizations and customers. The breach of the week award goes to Google - the tech giant’s aging social media network will shut down next year after a breach exposed 500,000 customers’ data. Vancouver-based Rebound Orthopedics & Neurosurgery suffered a breach that may have compromised 2,800 patients’ records. Garmin-owned Navionics inadvertently exposed customer and corporate information.
The breach of the week award goes to Google - the tech giant’s aging social media network will shut down next year after a breach exposed 500,000 customers’ data. The breach was caused by an API bug, which, if exploited, could allow third-party apps to gain access to public profile information of Google Plus users’ friends.
Vancouver-based Rebound Orthopedics & Neurosurgery suffered a breach that may have compromised 2,800 patients’ records. The healthcare organization said that an unidentified person gained access to an employee’s email account on May 22.
Garmin-owned Navionics inadvertently exposed customer and corporate information. The electronic marine navigation charts manufacturer was found using a misconfigured MongoDB server that exposed 19GB of information exposed to anyone on the internet.
Shopper Approved suffered a breach after the notorious Magecart threat group launched an attack against the third-party application. The attackers skimmed payment information from multiple online stores instead of directly targeting a store.
Multiple new malware, vulnerabilities and threat actors came out of the woodwork this past week. A previously unknown threat group called Gallmaker was brought to light by security experts. Multiple critical vulnerabilities were discovered in Sony smart TVs and a new Panda Banker malware campaign targeting the US, Canada, and Japan was discovered.