Cyware Weekly Threat Intelligence, November 18 - 22, 2019

Weekly Threat Briefing • Nov 22, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Nov 22, 2019
The Good
As we gear up to welcome the weekend, let’s quickly glance through the major cybersecurity happenings of the week. The ‘Cybersecurity Protocol for International Arbitration (2020)’, a set of guidelines on cybersecurity measures for individual arbitration matters, was published. The state of Virginia has developed a new model to quantify cybersecurity risks. Meanwhile, several security vendors and non-profits have collaborated on an initiative called ‘Coalition Against Stalkerware’ to fight against stalkerware.
The Cybersecurity Protocol for International Arbitration (2020), a detailed guideline set on cybersecurity measures for individual arbitration matters was released as part of New York Arbitration Week. These guidelines were the work of a cybersecurity group including representatives from the New York City Bar Association (City Bar), the International Institute for Conflict Prevention & Resolution (CPR), and the International Council for Commercial Arbitration (ICCA).
The state of Virginia has developed a new model for quantifying cybersecurity risk and prioritizing defenses. This model is said to be an adaptation of multiple standards for quantifying risk. The model’s accuracy was tested by comparing the outcomes of past breaches with known variables against the model’s predictions, and numbers were found to be fairly close.
Several antivirus vendors and non-profits have collaborated on an initiative called the ‘Coalition Against Stalkerware’. This global initiative is said to be the first of its kind and focuses on fighting against stalkerware. This coalition plans to work on multiple fronts to achieve its goal.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the non-profit organization VotingWorks, have released an open-source tool named ‘Arlo’. This tool has been designed for the auditing process after the U.S. elections. The auditing process aims to safeguard the election process against hacked or faulty voting systems.
The Bad
This week witnessed several cybersecurity incidents. Macy’s disclosed that it was the victim of a security breach that possibly compromised customer payment information. T-Mobile suffered a security breach that affected some customers of its prepaid service. In other news, an open AWS database exposed data belonging to thousands of PayMyTab customers.
Department store chain Macy’s disclosed the details of a data breach involving malicious scripts that stole customers’ payment information. The website was reportedly hacked on October 7, 2019, and the malicious script was injected into the 'Checkout' and 'My Wallet' pages. Macy’s said that only a small number of customers were impacted by this breach.
The U.S. branch of T-Mobile announced a security breach that affected some customers of its prepaid service. The exposed data included customer names, phone numbers, account numbers, billing addresses, rate plans, and plan features. The company said that no sensitive information was compromised.
The state of Louisiana suffered a ransomware attack impacting websites and IT systems. As a response to the attack, the state’s cybersecurity team was activated. The extent of damage to the government’s internal system caused by this cyberattack is not clear yet.
Just hours after Disney+ video streaming service was launched, cybercriminals reportedly started hacking user accounts. Thousands of user account credentials were said to be available for sale on hacking forums. Many customers said that their accounts’ emails and passwords were changed.
An unsecured Amazon Web Services (AWS) S3 bucket exposed data belonging to PayMyTab customers. The leaked information includes customer names, email addresses, telephone numbers, last four digits of payment cards, restaurant visit information, and order details. This leak reportedly impacts thousands of people.
The National Veterinary Associates (NVA) fell victim to a cyberattack by the Ryuk ransomware, impacting 400 clinics across the country. Payment systems, practice management software, and patient records were encrypted as a result of this attack. Two security firms have been hired to help the agency recover from the attack.
Personal information and account credentials of 1.4 million users of cryptocurrency wallet service GateHub and about 800,000 users of gaming tools provider Epicbot were posted online. The databases contained email addresses and passwords that were hashed.
The official Monero cryptocurrency project website was hacked and legitimate Linux and Windows binaries were replaced with malicious versions. The malicious programs were found to be designed to steal users’ wallet seed and share them with an attacker-controlled server. Details about how the website was compromised and how many users were affected are not clear yet.
The Rouen University Hospital-Charles Nicolle in France was hit by a ransomware attack that impacted 6,000 computers across all five sites of the hospital complex. The IT systems were closed down to prevent the infection from spreading. Details about the ransomware strain responsible are not yet known.
An unsecured database belonging to the Gekko Group leaked more than 1 terabyte of data. This leak impacted citizens from several countries including the United Kingdom, Spain, Italy, Israel, Belgium, and France, among others. The exposed data include names, home addresses, email addresses, PII of children, destination hotels, reservation dates, travel dates, price of stays, and data from other reservation platforms.
Security researchers discovered 1.19 billion confidential medical images exposed on the internet along with patient names, dates of birth, ID cards, and reasons for examination. This exposure is believed to be the result of leaky PACS servers.
Washington-based Wizards of the Coast, the game developer of ‘Magic: The Gathering,’ disclosed a security breach that impacted the account data of more than 452,000 players. The database contained player names and usernames, date and time of account creation, hashed and salted passwords, and email addresses.
New Threats
Security experts brought several malware and vulnerabilities to light this week. A new phishing campaign that targeted Office 365 administrators was spotted. Cisco’s VoIP adapters were reported to contain 19 security flaws. Meanwhile, millions of devices were found to be impacted by a security vulnerability impacting Google and Samsung devices.