Go to listing page

Cyware Daily Threat Intelligence December 27, 2018

Cyware Daily Threat Intelligence December 27, 2018

Share Blog Post

Top Breaches Reported in the Last 24 Hours

BevMo website breached
Unauthorized access to BevMo website has resulted in the compromise of personal and financial data of nearly 15,000 customers. The firm disclosed that the intruders launched malicious code in the checkout page after gaining access to the website. The malicious code was designed to capture payment card details of customers. The information compromised in the breach includes names, credit or debit card numbers, expiration dates, CVV2 codes, billing addresses, shipping addresses and phone numbers of customers. The breach is believed to have affected customers who placed orders between August 28, 2018, and September 26, 2018. the firm has informed the potentially affected customers and law enforcement agencies about the breach. It has also removed the malicious code from the website to prevent hackers from gaining further access to customers' sensitive data. 

Top Malware Reported in the Last 24 Hours

JungleSec ransomware
Notorious ransomware called JungleSec has been found leveraging unsecured Intelligent Platform Management Interface (IPMI) to infect Windows, Linux and Mac systems. IPMI is used by administrators to manage servers remotely. It comes either inbuilt in the motherboard or can be installed as an add-on card. Incidents of exploiting the security loopholes of IPMI to launch the JungleSec ransomware has surfaced recently. In one instance, the attackers were found leveraging the default manufacturer passwords of IPMI to access the servers. Once the attackers gain access to the targeted server, they can reboot the computer to single user mode in order to get root access and download ccrypt encryption program. The program is used to encrypt the files on a victim's computer. Once the ransomware finishes the encryption process, it displays a ransom note which contains instructions on how to retrieve the encrypted files.

Top Scams Reported in the Last 24 Hours

Netflix phishing scam
The US'Federal Trade Commission is alerting users about a new Netflix phishing scam that involves cybercrooks stealing payment card details from Netflix users. The scammers send phishing email - that appear to come from the online streaming service - to the victims and ask them to update their payment info as the company is facing some trouble with the existing billing info. The email comes attached with a link for updating the payment details. Users are urged to be cautious about such emails asking for payment card details. Look out for grammatical and spelling mistakes in order to figure out a phishing email. Visit the site by typing the name in the address bar instead of clicking on the link that comes attached in an email.


ccrypt encryption program
netflix phishing scam
malicious code
junglesec ransomware
bevmo website

Posted on: December 27, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.