Cyware Daily Threat Intelligence, April 01, 2019

See All
Data breaches continue to be a major concern for businesses across the world. Lately, US-based food service and entertainment operator Earl Enterprises disclosed that it has suffered a massive data breach that might have resulted in the compromise of 2 million credit card numbers. The breach occurred after hackers injected malware into point-of-sale systems at some Earl Enterprises’ restaurants. Over 100 restaurants are believed to be have been impacted by the incident. The affected restaurants include Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy!, Mixology and Tequila Taqueria.
In another major incident, hackers pilfered almost $20 million from a South Korean cryptocurrency exchange platform Bithumb. This is the third time that the firm has been attacked in the past three years.

Several malware attacks were also reported in the past 24 hours. One such incident involved the use of 25 variants of Exodus spyware. These variants were found to be distributed via malicious apps on the Google Play Store. The malware, once installed, is capable of performing several nefarious activities such as recording phone calls in 3GP format and extracting call logs & address books. It can also take pictures with the embedded camera as well as capture screenshots of an app.
        
Top Breaches Reported in the Last 24 Hours

Earl Enterprises suffers a security breach
Earl Enterprises announced that it has suffered a massive security breach that may have impacted several of its restaurant brands. This includes Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy!, Mixology and Tequila Taqueria. The incident occurred after hackers planted malware on the PoS at some restaurant run by Earl Enterprises. Over 100 restaurants are believed to have been impacted by the attack.

Bithumb hacked
South Korean cryptocurrency exchange platform Bithumb has been hacked for the third time in the past three years. This time, the hackers are believed to have made off with nearly $20 million in EOS and Ripple cryptocurrencies. The attack occurred on March 29, 2019.

Burrell Behavioral Health data breach
Burrell Behavioral Health is notifying its customers about a data breach that resulted in the exposure of ePHI of more than 67,000 patients in August, 2018. The incident occurred after a third-party vendor had improperly stored the critical health information on a server. The data compromised in the breach includes patients' names, addresses and social security numbers.

Top Malware Reported in the Last 24 Hours

New malvertising campaign
Researchers have observed that cybercriminals are using a new form of malvertising campaign to generate profits. The attack starts with users being redirected to malicious websites that show an ad inside a popup. The first layer of redirection goes to domains hosted on 176.123.9[.]52 and 176.123.9[.]53 which will perform the second redirect via a .tk domain.

Exodus spyware variants
Dozens of malicious apps have been found distributing 25 variants of Exodus spyware. These apps are available on the Google Play Store pages that are written in the Italian language. Once installed, the malware is capable of recording phone calls in 3GP format and extracting call logs & address books. It can also take pictures with the embedded camera as well as captures screenshots of an app.  

Updates on ASUS hack emerges
New details regarding the recent ASUS hack has surfaced recently. A cybersecurity firm, Skylight has published the full list of 583 MAC addresses from the 619 targeted in the ASUS breach. The researchers extracted the list from the offline tool released by Kaspersky. This can be beneficial for security professionals from different enterprises as the list can enable them to know whether they are affected by the hack.

Top Vulnerabilities Reported in the Last 24 Hours

SUSE security update
The remote SUSE host has recently released a security update to address a remote code execution flaw in  SLED15/SLES15 sqlite3. Dubbed as CVE-2018-20346, the flaw could allow attackers to execute arbitrary code in a system. This happens when the FTS3 extension is enabled and an integer overflow is encountered for the FTS queries. Thus, users are recommended to update the current sqlite3 to the latest version, v3.27.2 as early as possible.

SQL injection flaw in Magento
Hackers have publicly released the PoC of SQL injection vulnerability found in Magento. Named as PRODSECBUG-2198, the flaw can enable any hacker to obtain users' login credentials. Upon gaining access, they can then install backdoors or any skimming code of their choice. The vulnerability exists in all the versions after Magneto Open Source 1. The company's developers recently disclosed and patched a number of vulnerabilities including PRODSECBUG-2198. It is recommended that all customers must upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8.

Top Scams Reported in the Last 24 Hours

PayPal scam
The Australian Cyber Security Centre (ACSC) is warning its citizens about an ongoing PayPal scam. The latest scam involves users receiving phishing emails that pretend to be from PayPal. The email warns victims’ that their PayPal accounts will be permanently locked or disabled if they fail to update their personal details. For this, the victims are required to click on a link that comes attached in the email. Once clicked, the link takes the victims to a fake Paypal login webpage where details entered is captured by the cybercriminals. Paypal urges users to be cautious when emails come with generic greetings such as ‘Dear User’ and those that do not address them by their names.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, April 02, 2019
Next
Cyware Daily Threat Intelligence, March 29, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.