Go to listing page

Cyware Daily Threat Intelligence December 10, 2018

Cyware Daily Threat Intelligence December 10, 2018

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Bethesda data leak
Bethesda accidentally exposed the personal data of some Fallout 76 customers. The support tickets of some customers which included their receipts were sent to other customers. The data exposed by the breach included customers' email addresses, home addresses, and the card type used for financial transactions. Bethesda said that full credit card numbers and passwords were not exposed in the breach. 

Ransomware attack
California-based Redwood Eye Center was hit by a ransomware attack, which affected over 16,000 patient records. The attack affected its third-party vendor that hosted and stored the specialist’s patient data. The breach resulted in patients'  names, addresses, dates of birth, health insurance information, and medical treatment information being encrypted.

German manufacturer of machinery and equipment KraussMaffei was hit by a ransomware attack. That attack targeted the firm's Munich-based plant  Production had to be scaled back by the company at some of its plants. The ransomware amount that has been demanded by the attackers has not been disclosed.

Top Malware Reported in the Last 24 Hours

The operators of the Lokibot malware have recently made some changed to its C2 URLs. It is still unclear whether the change is related to the C2 URL naming convention or whether the threat actor is using a different C2 URL naming convention. The malware has been primarily targeting SMBs and Windows systems. 

Android Adware
22 new Android adware apps with around 2 million downloads were discovered and taken down from the Google Play store. The malicious apps install a device-training backdoor that allowed attackers to download files from a malicious server. The click-fraud apps manipulate user-agent strings to pose a wide variety of apps running on various phones, including iPhones. 

A new piece of Mac malware dubbed OSX.DarthMiner has been discovered, which combines the EmPyre backdoor and the XMRig cryptominer. The malware is being distributed via an application called Adobe Zii, which is designed to help in the piracy of a variety of Adobe applications. The malware can intercept all web traffic and encrypt the ‘HTTPS’ traffic.

Top Vulnerabilities Reported in the Last 24 Hours

Apple bugs
Multiple vulnerabilities have been identified in the Apple iOS. The bugs could allow attacks to conduct memory corruption, information disclosure, denial of service attacks. The bugs could also allow hackers to carry out privilege escalation attacks and security bypass conditions. 

Google vulnerabilities
Multiple vulnerabilities have been identified in the Google Android. The vulnerabilities could allow the unprivileged attacker to execute privilege escalation, information disclosure & code execution attacks. An attacker could also exploit the bugs to obtain sensitive information from the system.

Flash Player bugs
Multiple vulnerabilities have been identified in the Adobe Flash Player which could allow the attacker to execute privilege escalation & code execution attacks on the targeted system. The privilege escalation vulnerability exists in the system which is caused by the insecure loading of DLL files. The code execution vulnerability exists in the system which is caused by a use-after-free error.

Top Scams Reported in the Last 24 Hours

Fake Volkswagen scam
A new fake Volkswagen scam campaign was recently discovered. The campaign is distributed via social media networks and claims that Volkswagen is offering 20 free cars until the end of the year. The scam message also claimed that they will direct the users and participants to a site that has been specially designed for this so-called event. In reality, that site was a phishing site and has been blacklisted by the security vendors. The site in question carefully lures visitors to resend the campaign link to at least 20 of their friends on either Facebook Messenger or WhatsApp. When it is shared, the scammers promise to contact the victims on Facebook. The campaign's goal appears to be just advertising the campaign and spreading the word to as many victims as possible.


android adware family
ransomware attacks
lokibot malware
fake volkswagen scam

Posted on: December 10, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.