Cyware Daily Threat Intelligence, April 01, 2019

Earl Enterprises announced that it has suffered a massive security breach that may have impacted several of its restaurant brands. This includes Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy!, Mixology and Tequila Taqueria. The incident occurred after hackers planted malware on the PoS at some restaurant run by Earl Enterprises. Over 100 restaurants are believed to have been impacted by the attack.

South Korean cryptocurrency exchange platform Bithumb has been hacked for the third time in the past three years. This time, the hackers are believed to have made off with nearly $20 million in EOS and Ripple cryptocurrencies. The attack occurred on March 29, 2019.

Burrell Behavioral Health is notifying its customers about a data breach that resulted in the exposure of ePHI of more than 67,000 patients in August, 2018. The incident occurred after a third-party vendor had improperly stored the critical health information on a server. The data compromised in the breach includes patients' names, addresses and social security numbers.

Researchers have observed that cybercriminals are using a new form of malvertising campaign to generate profits. The attack starts with users being redirected to malicious websites that show an ad inside a popup. The first layer of redirection goes to domains hosted on 176.123.9[.]52 and 176.123.9[.]53 which will perform the second redirect via a .tk domain.

Dozens of malicious apps have been found distributing 25 variants of Exodus spyware. These apps are available on the Google Play Store pages that are written in the Italian language. Once installed, the malware is capable of recording phone calls in 3GP format and extracting call logs & address books. It can also take pictures with the embedded camera as well as captures screenshots of an app.  

New details regarding the recent ASUS hack has surfaced recently. A cybersecurity firm, Skylight has published the full list of 583 MAC addresses from the 619 targeted in the ASUS breach. The researchers extracted the list from the offline tool released by Kaspersky. This can be beneficial for security professionals from different enterprises as the list can enable them to know whether they are affected by the hack.

The remote SUSE host has recently released a security update to address a remote code execution flaw in  SLED15/SLES15 sqlite3. Dubbed as CVE-2018-20346, the flaw could allow attackers to execute arbitrary code in a system. This happens when the FTS3 extension is enabled and an integer overflow is encountered for the FTS queries. Thus, users are recommended to update the current sqlite3 to the latest version, v3.27.2 as early as possible.

Hackers have publicly released the PoC of SQL injection vulnerability found in Magento. Named as PRODSECBUG-2198, the flaw can enable any hacker to obtain users' login credentials. Upon gaining access, they can then install backdoors or any skimming code of their choice. The vulnerability exists in all the versions after Magneto Open Source 1. The company's developers recently disclosed and patched a number of vulnerabilities including PRODSECBUG-2198. It is recommended that all customers must upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8.

The Australian Cyber Security Centre (ACSC) is warning its citizens about an ongoing PayPal scam. The latest scam involves users receiving phishing emails that pretend to be from PayPal. The email warns victims’ that their PayPal accounts will be permanently locked or disabled if they fail to update their personal details. For this, the victims are required to click on a link that comes attached in the email. Once clicked, the link takes the victims to a fake Paypal login webpage where details entered is captured by the cybercriminals. Paypal urges users to be cautious when emails come with generic greetings such as ‘Dear User’ and those that do not address them by their names.