Cyware Weekly Threat Intelligence, June 15 - 19, 2020

Weekly Threat Briefing • Jun 19, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 19, 2020
The Good
Maintaining security across payment systems is an utmost priority for all entities that store, process, or transmit cardholder data. Following the spike in attacks against Point of Sale (PoS) systems, the PCI Security Standards Council (SSC) has released a new set of security requirements to protect cardholders’ data from being compromised during transactions. Furthermore, the Advertising Standards Authority (ASA) and the Internet Advertising Bureau (IAB) have set up a new scam ad alert tool to protect online users from ad frauds.
The PCI Security Standards Council (SSC) has updated the PCI PTS POI Modular Requirements to enable stronger protections for cardholder data. This will enhance security controls to defend against physical tampering and malware attacks that can compromise card data during payment transactions.
The Advertising Standards Authority (ASA) and the Internet Advertising Bureau (IAB) have set up a new scam ad alert tool with support from digital ad platforms and tech giants. The tool will help protect UK citizens from online ad frauds.
The British government will invest £10 million in the next four years to develop groundbreaking cybersecurity technologies. The declared sum, which is a part of the government’s ‘Digital Security by Design’ program, will be distributed among nine research teams.
Google revealed that it is relying on artificial intelligence to combat coronavirus-related threats in the UK, India, and Brazil. The firm has incorporated Safe Browsing protection into Google Search, Chrome, Gmail, and Android to block such threats automatically.
Intel unveiled a new security feature, Control-Flow Enforcement Technology (CET), for devices that will use the company’s upcoming Tiger Lake mobile processors. The feature will help prevent Return Oriented Programming/Jump Oriented Programming/Call Oriented Programming malware attacks.
The Bad
Multiple data leaks due to misconfigured AWS S3 buckets caught the attention of security experts this week. In one incident, Ariix Italia exposed more than 36,000 documents of Italian citizens, while some eight dating apps leaked 845 GB of private information on the internet. On the other hand, DeliveryHero confirmed a data breach of its Foodora brand, affecting personal details of 727,000 accounts.
Attackers hijacked an Oxford University email server to send phishing emails to harvest Microsoft Office 365 credentials from European, Asian, and Middle Eastern targets. The attackers also made use of an Adobe server hosted on Samsung’s domain.
Delivery Hero disclosed a data breach of its Foodora brand. The incident affected users across 14 countries, including personal details of 727,000 accounts.
PostBank replaced 12 million cards for its customers due to a security breach that took place in December 2018. Rogue employees of the firm had stolen the 36-digit master key to withdraw more than $3.2 million in fraudulent transactions.
Ransomware attackers hacked the computer systems of the City of Keizer, Oregon. They demanded a ransom of $48,000 from the city for the retrieval of stolen data.
IT services giant, Cognizant, revealed that Maze ransomware operators pilfered a limited amount of data from its systems. This included social security numbers, driver’s license numbers, tax IDs, and passport numbers of employees.
Amazon’s AWS Shield service mitigated the largest-ever DDoS attack that occurred in mid-February this year. The DDoS recorded a range of 2.3 Tbps.
An unsecured Amazon S3 bucket belonging to Ariix Italia had leaked more than 36,000 documents of Italian citizens. The exposed documents included scans of national IDs, credit cards, and health insurance cards. The bucket also contained full names, addresses, and signatures of individuals.
DraftKings disclosed that its partner SBTech was affected in a ransomware attack during their merger. This had affected the company’s sports betting and iGaming services.
MaxLinear Inc. was hit by Maze ransomware this week. Following the attack, the hackers released some proprietary information about the company online. The threat actor group is also behind an attack on a Puerto Rico-based management firm, CSA group.
The UK National Health Service (NHS) confirmed that some 113 internal email accounts were compromised to send malicious spam messages outside the organization. The emails sent using the breached account included a link to a fake login page of the NHS.
Several websites belonging to different Australian financial institutions, law firms, and entertainment companies were put for sale on MagBo underground forum. The access to these websites was sold at prices up to $10,000.
Web skimmer codes were used against Intersport, Claire’s, and Icing in an attempt to harvest credit card details from customers. The malicious code was planted on the checkout pages of the targeted websites.
A misconfigured AWS S3 bucket had leaked 845 GB of data belonging to different dating apps. The affected apps include 3somes, CougarD, Gay Daddy Bear, Xpal, BBW Dating, SugarD, GHunt, and Herpes Dating.
New Threats
Coming to new threats, a set of 19 vulnerabilities, collectively known as Ripple20, was found affecting a TCP/IP software library developed by Treck Inc. These flaws can be exploited to pilfer data from millions of IoT devices. Additionally, new versions of the Shlayer Mac malware and IcedID trojan capable of sneaking past security solutions more efficiently, were also uncovered this week.