Cyware Daily Threat Intelligence December 13, 2018

See All
Top Breaches Reported in the Last 24 Hours

French Foreign Ministry 
Hackers hit the French Foreign ministry's website. The attackers stole personal information which was registered during the Ariane platform registration. Foreign Ministry stated that they took immediate steps to prevent such events from happening again. Experts stated that the poor standard of security concerning the website is to be blamed for this incident.

State Bank of Mauritius
Hackers stole over $2 million from India’s Nariman Point branch of State Bank of Mauritius in October. The hackers transferred $.4 Mn to a bank in Paris, nearly $.6 Mn to a bank in London and the remaining amount in two banks in New York. However, the bank discovered it was hacked and attempted to block the fraudulent transactions. The hackers, however, had already transferred $2 million by then. 

Save the Children Federation
Scammers stole $1 million from Save the Children Federation charity. The hackers gained entry into an employee's email account and used fake invoices to steal the funds. Fortunately, the charity managed to recoup all but $112,000 of the losses through insurance claims.

Top Malware Reported in the Last 24 Hours

Shamoon
A new variant of the disk-wiping malware Shamoon, aka Disttrack was recently discovered. This new variant was uploaded to VirusTotal, but researchers haven’t linked it to a specific attack yet. The new Shamoon variant affects 32- and 64-bit systems running Windows. Unlike the original Shamoon variant, the new version does not require credentials to propagate. 

Mac scareware
A new Mac scareware dubbed MAC.OSX.AMCleaner was recently discovered. The malware is primarily delivered by email to trick victims into installing fake cleaning software. The malware uses a malicious installer signed with a valid Apple-issued certificate that allows it to bypass macOS protections such as Gatekeeper and helps trick the victim into thinking it is safe to run the software.

LamePyre
A new macOS malware named OSX.LamePyre, which can run a backdoor and take screenshots, was recently discovered. The malware hides as the Discord messaging app for gamers. LamePyre does not include functionality that would allow it to pass as a legitimate Discord messenger. However, in most cases, LamePyre likely already runs the backdoor before users become aware of it.

Top Vulnerabilities Reported in the Last 24 Hours

SAP bus
A dozen flaws affecting SAP products were discovered and have been addressed. A total of 12 Patch Day Security Notes were included in the latest release. The patch also addresses a critical Cross-Site Scripting (XSS) vulnerability. Another high priority bug addressed is the missing Authorization check in SAP Customizing Tools. This bug allows an attacker to remotely manage certain types of RFC connections.

Samsung flaws
Three cross-site request forgery (CSRF) flaws were discovered in Samsung's mobile site, which, if exploited, can let attackers hijack an account. The vulnerabilities existed due to the way Samsung[.]com account page handled password-reset security questions. The flaws are now being fixed after a Ukrainian bug bounty hunter reported the issue to Samsung this month.

WordPress bugs
7 security bugs affecting WordPress 5.0 were discovered and patched. The patches address the security vulnerabilities (some of which allow site takeover), and a privacy leak issue. A cross-site scripting vulnerability that allowed WordPress users to edit new comments from higher-privileged users was addressed. 



See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence December 14, 2018
Next
Cyware Daily Threat Intelligence December 12, 2018
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.