Cyware Daily Threat Intelligence December 21, 2018

Top Breaches Reported in the Last 24 Hours

Warby Parker data breach
Warby Parker, a popular eyewear retailer, announced that it has suffered a data breach that may have affected around 198,000 customers. The information compromised in the breach includes usernames and passwords. Hackers accessed these credentials from unrelated cyber break-ins at other companies. The information retrieved from other companies was then used by hackers to gain unauthorized access to client data at several internet retailers. The firm is yet to find if customers' payment card details were affected in the breach. Warby Parker has notified both law enforcement agencies and customers about the breach.

Nokia leaks data
A faulty Etcd server has resulted in the exposure of several internal databases, passwords and secret access keys on the internet. The exposed credentials include Heketi user and admin passwords, a Redis password, a Weave password, a k8s secret encryption key, and a Gluster user private key. Apart from these, SSH and RSA private keys, a cluster key and AWS S3 secret keys were also exposed in the data leak. The faulty server is listed on Shodan search engine.

Top Malware Reported in the Last 24 Hours

DanaBot variant
A new variant of DanaBot banking trojan has been observed targeting financial institutions in Italy. The attackers leverage 'fattura' themed phishing emails to distribute the new variant. The malware is capable of stealing users'passwords and credentials from Google Chrome and Mozilla Firefox. Once the malware variant gathers the information, it sends it back to the attackers'command-and-control(C2) servers. A macro-enabled Word document is used to download the malicious DLL payload.

Miori IoT botnet
A new variant of Mirai botnet, tracked as Miori, has been found to be distributed through remote code execution vulnerability in the PHP framework of ThinkPHP versions 5.0.23 and 5.1.31. Upon execution, the malware listens on port 42352 and receives commands from the C2 server. The string obfuscation technique used by Miori is same as the original Mirai botnet. Apart from Miori, several known variants of Mirai such as IZ1H9 and APEP were also observed using the same RCE exploit for propagation. 

Top Vulnerabilities Reported in the Last 24 Hours

Windows zero-day flaw PoC
A proof-of-concept(PoC) for the new Windows zero-day flaw has been released by a security researcher whose Twitter name goes by SandboxEscaper. The flaw was found affecting Microsoft's Windows operating system and could allow low-privileged users or an attacker to read the content of any file on a targeted computer. 

A flaw in Huawei routers
An information disclosure flaw has been detected in several Huawei routers. The flaw, dubbed as CVE-2018-7900, exists in the router panel and can allow attackers to identify whether devices have default credentials or not. The flaw makes it easy for cybercriminals to attack routers using default credentials.

Multiple flaws in WIBU-SYSTEMS 
Cisco security researchers have found several vulnerabilities in WIBU-SYSTEMS WibuKey[.]sys. These flaws could allow hackers to access partial sensitive information and perform privilege escalation. Attackers can also carry out arbitrary code execution of affected systems by exploiting these flaws.






  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.