Go to listing page

Cyware Daily Threat Intelligence, August 01, 2019

Cyware Daily Threat Intelligence, August 01, 2019

Share Blog Post

Mirai, the powerful IoT botnet that unleashed devastating DDoS attacks in 2016, is much more than what it looks. Over the years, the botnet has become more robust and sturdy in order to compromise a wide range of devices. Lately, security experts have uncovered a new sample of Mirai botnet that had its C2 server placed in the Tor network. This was done to evade detection of the C2 server. 

Western Digital and its subsidiary SanDisk have warned its users about two vulnerabilities that can put users data at risk. One of the two flaws can allow threat actors to launch a man-in-the-middle attack in order to deliver malicious content to the users. 

With users filing a claim to get $125 as part of Equifax’s $700 million settlement, FTC has warned that scammers are using the situation to steal personal information. The tricksters have created legitimate-looking fake Equifax websites that appear to settle claim settlement for affected users.

Top Breaches Reported in the Last 24 Hours

Club Penguin Rewritten hacked
Hackers have managed to steal login data for a little over four million accounts due to a misconfigured backdoor in a gaming website CPRewritten. An ex-employee had left behind PHP files allowing access to the website's database. This had affected email addresses, usernames and encrypted passwords of account holders. 

Pearson hacked
Educational publishing company Pearson PLC is notifying several schools and universities in the US about a data breach that happened in November 2018. The hack has affected around 13,000 schools and university accounts on AIMSweb, the company’s student monitoring, and assessment platform. The data exposed included first and last names and, in some cases, date of birth and email addresses. 

Honda exposes data
An unprotected Elasticsearch instance belonging to Honda has exposed information of over 300,000 employees. This exposed data includes employees’ names, email addresses, their last login, their computers' endpoint security vendor network information, OS versions, hostnames, and patch status. The database also contained data on computers used by the company's CFO, CSO, and CEO.

Website defaced
The Randolph County government website was recently hacked and replaced with a note that said ‘Welcome to Randolph County’. The home page of the website displayed a graphic of a person in a Guy Fawkes mask holding a protest sign. No information was compromised. In addition, the site did not have mention any ransom. 

Top Malware Reported in the Last 24 Hours

New Mirai variant
A new variant of Mirai botnet which had its Command & Control server placed in the Tor network has been discovered by security researchers. This was done to evade detection. The variant contained four C&C servers with 30 hard-coded IP addresses. This new sample scans the TCP ports 9527 and 34567 to find vulnerable IP cameras and DVRs from remote access and control. 

Magecart warning issued
The PCI Security Standards Council along with Retail & Hospitality ISAC have highlighted the growing threat of online skimming attacks through an alert. The alert warns that almost all e-commerce sites are vulnerable to the attack as they do not have effective security controls.  

New malvertising campaigns
Two fresh malvertising campaigns have emerged recently. The first campaign uses exploit kit to bypass ad-blockers, while the other is known for targeting Mac users via web redirections. The first one leverages RIG exploit kit to infect a toolbar with malware whereas the second campaign redirects Mac users to a domain on the Safari browser. The domain delivers a malware-infected Flash Player installer.     

Top Vulnerabilities Reported in the Last 24 Hours 

Vulnerable SanDisk SSD Dashboard
Two critical vulnerabilities in the Western Digital and SanDisk SSD Dashboard can allow threat actors to trick users into running arbitrary code on the computers. The vulnerabilities are tracked as CVE-2019-13466 and CVE-2019-13467. CVE-2019-13467 is the most severe among the two and affects Western Digital and SanDisk SSD Dashboard applications prior to version 2.5.1.0.

Vulnerable Prima FlexAir
Multiple vulnerabilities have been discovered in the FlexAir access control platform developed by Prima Systems. The bug can be exploited remotely and does not require advanced hacking skills. The vulnerabilities affect Prima FlexAir 2.3.38 and earlier versions. They are patched in version 2.5.12. 
  
Top Scams Reported in the Last 24 Hours

Fake Equifax settlement claims
The Federal Trade Commission took to Twitter to warn people about a new scam where scammers are creating fake Equifax websites that appear to claim settlement for users affected in the 2017 data breach. The main intention is to steal people’s personal information.

Phony gift card scams
Phishing attacks targeting employees with phony gift card emails are on a rise. These type of attacks involves scammers impersonating a boss or co-worker of an organization and asking its peer to buy gift cards. The purpose is asked to purchase the gift cards – most commonly Google Play, Steam Wallet, Amazon, Apple iTunes or Walmart cards – and then send the codes to the attacker by email.  

 Tags

phishing attacks
club penguin rewritten
sandisk ssd dashboard
pearson
mirai botnet

Posted on: August 01, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite