Cyware Weekly Threat Intelligence - March 11–15

Weekly Threat Briefing • Mar 15, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Mar 15, 2019
The Good
We’re back with the most interesting threat intel of the week. Let’s first appreciate all the positive events that occurred in the cybersecurity landscape over the past week. Google is planning to block unwanted ‘Drive-by-Downloads’ that are initiated from ad frames without any user interaction. Apple is working on an anti-snooping technology that will secure iPhone users’ privacy. Meanwhile, RBS is planning to experiment biometric bank card which will allow customers to verify a purchase using their fingerprint.
Google is planning to block unwanted ‘Drive-by-Downloads’ that are initiated from within ad frames without any user gesture. This feature will be supported in all six blink platforms - Windows, Mac, Linux, Chrome OS, Android, and Android WebView, except iOS.
Apple is working on an anti-snooping technology that will prevent law enforcement authorities from tracking iPhone users’ location and read their private messages. This technology protects iPhone users’ privacy by encrypting information between an iPhone and a mobile network.
Royal Bank of Scotland (RBS) is planning to experiment biometric bank cards in order to enhance security and make payments faster and easier. Biometric bank cards will allow customers to verify a purchase using their fingerprint without the need for Pin codes.
Democratic U.S. Rep. Jim Langevin has introduced a bill to incorporate cybersecurity training into the career and technical education programs. The bill would authorize $10 million to create a competitive grant program within the Department of Education to include cybersecurity education into existing education programs.
The Bad
The past week witnessed several data breaches and massive cyber attacks. An unprotected database exposed private data of almost 1.8 million Chinese women. A misconfigured Box file-sharing platform exposed confidential business documents. In the meantime, almost seven manufacturers were hit by GPS spoofing attacks that took place in the annual Geneva Motor Show.
An unprotected database exposed private data of almost 1.8 million Chinese women. The exposed information included names, dates of birth, ages, addresses, ID numbers, educational details, marital status, and more. The database also included URLs to photos, BreedReady status, and a HasVideo field.
Almost seven car manufacturers such as Audi, Peugeot, Renault, Rolls-Royce, Volkswagen, Daimler-Benz, and BMW were hit by GPS spoofing attacks that took place in the annual Geneva Motor show. Preparators had spoofed the GPS signals of LabSat device and created confusion among the drivers by showing them wrong dates and locations.
Kathmandu Holdings suffered a data breach impacting customers’ personal information. The compromised information includes customers’ billing and shipping names, shipping addresses, email addresses, phone numbers, payment card details, pickup/delivery details, gift card details, and Kathmandu Summit Club usernames and passwords.
Citrix learned from FBI that attackers gained unauthorized access to Citrix internal network and downloaded business documents. FBI advised Citrix that the attackers might have used a ‘tactic known as password spraying, a technique that exploits weak passwords’ to gain access to Citrix internal network.
Hackers breached the ‘college admission database’ of three U.S colleges including Oberlin College in Ohio, Grinnell College in Iowa, and Hamilton College in New York, and gained access to students’ personal information. The hackers demanded 1 bitcoin or approximately $3,800 as ransom from the students for the personal information they claimed to have stolen.
Charitable organization Delaware Guidance Services (DGS) notified almost 50,000 parents and guardians of a ransomware attack. As a part of the ransomware attack, patient records containing personal information were encrypted. The personal information includes names, addresses, date of birth, social security number and medical information.
Box, one of the popular file-sharing platforms exposed confidential business documents due to misconfiguration. The exposed documents include sensitive information such as Social Security numbers, bank account numbers, passport photos, confidential files related to company’s prototypes/design, employee lists, financial data & invoices, customer lists & meetings’ archives, IT data, VPN configurations, and network diagrams.
An unprotected database exposed 33 million Chinese job seekers’ resume. The exposed information includes job seekers’ personal information such as names, genders, dates of birth, phone numbers, email addresses, home addresses, marital statuses, educational details such as school names, degree, and professional details such as job designation, employer names, salary.
Researchers detected a compromised Pakistani government website that delivers Scanbox Framework payload whenever anyone visits the site. Once the Scanbox framework is on the visitor’s system, it collects system information and keystroke logs. Researchers notified the Pakistani government website about the infection, however, the site still remains compromised.
63Red Safe mobile app described as ‘Yelp for conservatives’ exposes user data due to unsecured API. The developer of the app hardcoded his credentials and left all the credentials and the list of API endpoints in the app’s source code. This allows anyone to view or access user data as well as block/unblock users. The exposed user data includes username, email address, profile id, avatar, follower count, following count, profile creation date, profile update dates, ban status, and hotscore.
New Threats
Several new malware, vulnerabilities, and ransomware were discovered over the past week. A new Android Adware ‘SimBad’ was detected in 206 Android apps with almost 150 million installs. A new Ransomware-as-a-Service named ‘Yatron’ is being promoted via Twitter. Last but not least, Researchers detected vulnerabilities in Swiss e-voting system that could allow attackers to gain access to the voting system and manipulate cast votes.