Cyware Daily Threat Intelligence December 27, 2018

Top Breaches Reported in the Last 24 Hours

BevMo website breached
Unauthorized access to BevMo website has resulted in the compromise of personal and financial data of nearly 15,000 customers. The firm disclosed that the intruders launched malicious code in the checkout page after gaining access to the website. The malicious code was designed to capture payment card details of customers. The information compromised in the breach includes names, credit or debit card numbers, expiration dates, CVV2 codes, billing addresses, shipping addresses and phone numbers of customers. The breach is believed to have affected customers who placed orders between August 28, 2018, and September 26, 2018. the firm has informed the potentially affected customers and law enforcement agencies about the breach. It has also removed the malicious code from the website to prevent hackers from gaining further access to customers' sensitive data. 

Top Malware Reported in the Last 24 Hours

JungleSec ransomware
Notorious ransomware called JungleSec has been found leveraging unsecured Intelligent Platform Management Interface (IPMI) to infect Windows, Linux and Mac systems. IPMI is used by administrators to manage servers remotely. It comes either inbuilt in the motherboard or can be installed as an add-on card. Incidents of exploiting the security loopholes of IPMI to launch the JungleSec ransomware has surfaced recently. In one instance, the attackers were found leveraging the default manufacturer passwords of IPMI to access the servers. Once the attackers gain access to the targeted server, they can reboot the computer to single user mode in order to get root access and download ccrypt encryption program. The program is used to encrypt the files on a victim's computer. Once the ransomware finishes the encryption process, it displays a ransom note which contains instructions on how to retrieve the encrypted files.

Top Scams Reported in the Last 24 Hours

Netflix phishing scam
The US'Federal Trade Commission is alerting users about a new Netflix phishing scam that involves cybercrooks stealing payment card details from Netflix users. The scammers send phishing email - that appear to come from the online streaming service - to the victims and ask them to update their payment info as the company is facing some trouble with the existing billing info. The email comes attached with a link for updating the payment details. Users are urged to be cautious about such emails asking for payment card details. Look out for grammatical and spelling mistakes in order to figure out a phishing email. Visit the site by typing the name in the address bar instead of clicking on the link that comes attached in an email.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.