Cyware Weekly Threat Intelligence - August 12–16

Weekly Threat Briefing • Aug 16, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Aug 16, 2019
The Good
The week ended on a good note with many government agencies taking proactive steps to bolster their cybersecurity. The U.S. Energy Department is updating its Cybersecurity Capability Maturity Model to help organizations counter cyber threats. In other instance, the DHS announced the funding of a new project called STAMP in an effort to hunt for bugs in their IT systems.
The Department of Homeland Security has awarded a new contract to GrammaTech for the Static Tool Analysis Modernization Project (STAMP) project. The goal of the project is to improve software security tools available across the government.
A team from the Georgia Institute of Technology has developed a tool dubbed SkyWalker to check vulnerabilities in mobile apps that use multiple clouds. The tool lets app developers audit various cloud-based tools and find vulnerabilities before they integrate them into their products.
The U.S. Energy Department is upgrading its Cybersecurity Capability Maturity Model to help federal agencies and private companies better assess the strength of their cyber defenses. The model was revised in 2014 and it reflects recent advances in both digital threats and protections.
The Southern African Development Community (SADC) has planned to create multiple emergency response teams to help online users against cybercrime. Some of the 16-member states of SADC including Tanzania, South Africa, Zambia, and Mauritius have already established cybercrime emergency response units.
The Bad
Along with the good news, comes the bad. This week saw several data breaches worldwide including incidents impacting Choice Hotels, Suprema’s Biostar 2 and LEE. Moreover, a report disclosed by the FBI this week revealed that the culprit behind the massive Capital One data breach may have also hacked more than 30 other organizations.
Largest lodging franchisor Choice Hotels suffered a data breach which resulted in the exposure of some 700,000 customers’ records. The cybercriminals had managed to gain access to the unprotected MongoDB database to steal the records and left behind a ransom note, asking a ransom of $3,800.
Another publicly accessible database had leaked biometric data of over 1 million people who used Biostar 2 app. The exposed information included fingerprint records, facial recognition information and other personal details.
The FBI disclosed that the culprit behind the massive Capital One data breach might have hacked more than 30 other organizations. The data breach at Capital One had exposed more than 100 million Credit applications.
Security researchers discovered several vulnerabilities in four popular dating apps - 3Fun, Grindr, Romeo and Recon - which could allow attackers to steal GPS locations and other personal information of users. In another incident, the Chinese app Sweet Chat exposed the private chat contents and photos of over 10 million users due to an unsecured server.
A database containing 6,840,339 unique user accounts from the StockX data breach was put for sale on dark web forums by cybercriminals. The database was sold on the Apollon marketplace for $300. Later researchers found exposed credentials being distributed on underground hacker forums for an amount as low as $2.15.
Over 3.69 million records were exposed by Leadership for Educational Equity (LEE) due to an unprotected Elasticsearch database. The exposed data included names, home addresses, gender, ethnicity, and salesforce ID of individuals.
New Threats
Attacks due to new and existing malware were also unearthed by researchers this week. Malware like Ursnif and DanaBot trojans made a comeback in different cyberespionage campaigns targeting organizations and individuals across the world. Apart from these, Troldesh ransomware and PsiXBot botnet were upgraded with new anti-analysis techniques to evade detection.