Cyware Daily Threat Intelligence December 20, 2018

Top Breaches Reported in the Last 24 Hours

UK's Steelite hacked
UK's Steelite International, Stoke-on-Trent-based pottery firm, discovered that hackers had encrypted the firm's server including its payroll server. This was made possible as hackers found a weakness in the company's system and began encrypting key files. The firm detected the hack after it noticed suspicious activity and took immediate steps to restore the servers. Hackers didn't get enough chance to encrypt the backup files.

Facebook,in the soup again
Facebook has been alleged for giving a dozen of companies access to its 2.2 billion users' data without consent. The data also includes private messages, names and contact info of friends. The big name with which the data was shared includes Bing, Amazon, Apple, Netflix and Spotify. While Microsoft's Bing was able to access the names of all Facebook users' friends, Apple gained access to Facebook contacts and calendar entries. Netflix and Spotify were able to read users' private mesaages. Amazon had the permission to obtain users' names and contact info of friends. 

Top Malware Reported in the Last 24 Hours

Ryuk ransomware evolves
Ryuk, well-planned and targeted ransomware, has been found attacking various organizations recently. Out of all these firms, three firms in the US are severely hit by the malware. Furthermore, some companies paid a whopping amount as ransom to retrieve their files. Although the amount varies from victim-to-victim, researchers claim that attackers have already collected over $640,000 using the ransomware.

New BEC campaign
A new Business Email Compromise(BEC) campaign has been discovered targeting banking and financial services in the US and UK. The scammers rely on a popular Google cloud storage service to host malware such as Houdini RAT. The malware is distributed in the form of VBS script and JAR files. Once installed, Houdini communicates with the C2 server to download malicious payloads. 

Malicious Android wallpaper apps
Researchers have detected 15 malicious Android wallpaper apps in Google Play Store. These apps are used to run fraud ad schemes and have been found to downloaded for more than 222,220 times. Users from Italy, Taiwan, the US, Germany, and Indonesia are mostly affected. 

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft issues a patch
Microsoft has issued an emergency security patch to fix a remote execution vulnerability (CVE-2018-8653) in Internet Explorer. The critical flaw affected the IE9, IE10 and IE11 and could allow attackers to execute arbitrary code remotely. This zero-day vulnerability can be exploiting web-based scenarios, where an attacker tricks a user into clicking on a malicious site. 

Cisco patches a bug
Cisco has released a security update to address a vulnerability in Adaptive Security Appliance(ASA). The bug could allow an attacker to perform privileged actions by using the web management interface. An attacker could exploit this vulnerability by sending specially-crafted HTTP requests via HTTPS to a targeted device. 

OpenSSH vulnerability
A low severity vulnerability has been detected in OpenSSH tool. The vulnerability could be used hackers to obtain sensitive private-key information by leveraging the privileged-separated child processes. The good news is that no such leaks have been observed yet by researchers. An update to address the flaw is likely to be issued in the future. 

Top Scams reported in the Last 24 Hours

New extortion scam
In a new extortion scam uncovered, victims are being threatened with a hitman if they don't pay $4000 in Bitcoins. The threatening message comes in the form of an email, which reads the owner has recently received an order from someone to hire a hitman to assassinate the recipient. The malicious email has a subject line that says, ‘Pretty significant material for you right here 17.12.2018 08:33:00'. The body of the email is poorly written and contains a lot of grammatical mistakes. 

Sedgwick County vendors targeted
A scammer pretending to a Sedgwick County official is targeting the county's vendors to steal business information. The scammer has spoofed a county email address to evade detection. The spoofed email is sent to several vendors, seeking information on past financial transactions. No money or sensitive information is believed to have been exchanged. The county is working towards informing all its vendors about the scam. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.