Cyware Weekly Threat Intelligence - March 18–22

Weekly Threat Briefing • March 22, 2019
Weekly Threat Briefing • March 22, 2019
The Good
We’re back with the most interesting threat intel of the week. As is our custom, let’s first acknowledge all the positive advancements that took place in the cybersecurity landscape over the past week. Instagram is testing a new feature that**** automatically locks users’ old usernames for 14 days after switching to a new handle. National Cybersecurity Center of Excellence (NCCoE) has published a guide to protect mobile devices from data breaches. Meanwhile, DHS is requesting a budget of $11.4 million to support the addition of new 150 cybersecurity positions by the end of fiscal 2020.
The Bad
Over the past week, several data breaches and massive cyber attacks came to light. Gnosticplayers seller, who disclosed 800 million profiles, has made a comeback with the fourth batch of stolen data put up for sale in the DreamMarket marketplace. The aluminum giant, Norsk Hydro suffered a cyber attack switching some of its operations to a manual mode. In the meantime, Facebook revealed that almost hundreds of millions of users passwords were stored in a readable format on its internal data storage systems.
New Threats
Several vulnerabilities and malware strains emerged over the past week. Researchers observed a new variant of the Mirai botnet that uses 11 new exploits and targets smart TVs and wireless presentation systems. Researchers uncovered the Google photos vulnerability that could allow attackers to infer the metadata of the images stored in Google Photos. Last but not least, a new malspam campaign disguised as leaked documents that contain information about the ‘Boeing 737 Max crashes’ was observed in the wild distributing H-Worm RAT and Adwind info-stealer malware.