Go to listing page

Cyware Daily Threat Intelligence December 12, 2018

Cyware Daily Threat Intelligence December 12, 2018

Share Blog Post

Top Breaches Reported in the Last 24 Hours

City of Topeka
The city of Topeka confirmed that the city’s utility billing vendor may have been a victim of a cyberattack. Although a data breach was not confirmed, officials stated that around 10,000 customers may have been affected. The breach occurred between October 31 and December 7. Those customers who had set up an autopay or made a one-time transaction during this time could be affected by the breach.

Phishing campaign
Over 40,000 users fell victims to phishing attacks that involved attackers stealing their online accounts for government services. Researchers found that the login data that was stolen offered access to services in 30 countries around the world. More than half of the victims are from Italy, followed by Saudi Arabia, and Portugal. The phishing campaigns targeted both personal and corporate email accounts. The malicious emails disguised the malware as a legitimate file or archive. 

Cape Cod Community College
The Cape Cod Community College was hit by hackers who stole over $800,000 from the school's bank account. The attackers used phishing emails to compromise the college's computers. Around $278,887 of the stolen money has already been recovered.

Top Malware Reported in the Last 24 Hours

Cobint
A new version of the Threadkit exploit kit was found being used by the Cobalt gang to spread the Cobint malware. Threadkit’s obfuscation technique was slightly updated, making it harder to detect. CobInt, which is the payload of Threadkit, now has an added layer of obfuscation using a XOR routine for decoding the initial payload, making it harder to analyze and detect. 

Android malware
A new Android trojan, hidden inside a malicious app named ‘Optimization Battery’, has been discovered. It can steal money from users' PayPal accounts. The malware initiates automated PayPal money transfers once the user enters his/her login credentials and the two-factor authentication code. The trojan abuses the Accessibility permission and automates screen taps.

Bagle worm
Bagle, the Windows worm that was first detected in 2004, is back in action again. A new variant of the worm was discovered in recent spam campaigns. The Bagle worm contains a backdoor that eavesdrops on TCP port 6777, which is hardcoded in the worm’s body. The worm provides attackers with remote access to the infected PC and can be used to download and execute other malware from the internet. 

Top Vulnerabilities Reported in the Last 24 Hours

McAfee True Key bugs
Multiple vulnerabilities have been identified in the McAfee True Key. The code execution vulnerability is caused by a weak directory permission vulnerability in Microsoft Windows client and could allow attackers to execute arbitrary code on the system. The privilege escalation vulnerabilities, which is caused by an authentication abuse flaw in the Microsoft Windows client, could allow hackers to execute unauthorized commands on the system.

Intel bugs
A vulnerability (CVE-2018-12155) has been identified in the Intel IPP which could be potentially exploited by the malicious users to compromise the affected system. A successful exploitation of this vulnerability could allow a local attacker to access sensitive information on a targeted system which can be used to conduct further attacks. Patches have been released and users are advised to update to the fixed version Intel IPP 2019 Update 1.

Norton Password Manager
A vulnerability (CVE-2018-18362) has been identified in the Symantec Norton Password Manager for Android. If exploited the bug could allow a remote attacker to steal the victim's cookie-based authentication credentials from the targeted system.


 Tags

phishing attacks
new android trojan
cobalt gang
cobint
threadkit
bagle worm

Posted on: December 12, 2018


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite