Cyware Daily Threat Intelligence, February 14, 2020

Share Blog post

Payment processing systems are a lucrative target for cybercriminals to steal sensitive financial data. Now, the American store chain Rutter’s was hit by a malware attack targeting its Point-of-Sale (PoS) systems. A majority of the company’s over 70 locations across Central Pennsylvania, West Virginia and Maryland were reportedly affected by the incident. The company disclosed that attackers could have potentially gained unauthorized access to some customers’ payment card data. 

In other news, security researchers discovered several new malware campaigns including the ones featuring the xHelper Android malware strain that is capable of reinfecting devices after factory reset, a remote access trojan named Parallax that provides full control over infected machines, and a new ransomware strain that extorts victims with demands of sending their private photos.

Meanwhile, researchers at MIT discovered security flaws in the Voatz mobile voting app that was used during the 2018 midterm elections in West Virginia. Attackers could potentially exploit the app to see and manipulate users’ votes.

Top Breaches Reported in the Last 24 Hours

Rutter’s PoS breach
The American store chain Rutter’s was hit by a malware attack targeting its Point-of-Sale (PoS) systems. A majority of the company’s over 70 store locations in Central Pennsylvania, West Virginia and Maryland were reportedly affected by the incident. The company disclosed that attackers may have gained unauthorized access to some customers’ payment card data. 

Student records exposed
The Institute of International Education (IIE) accidentally exposed thousands of sensitive student records due to an unprotected database. The exposed database contained links to students documents including passport scans, visa documents, medical forms, funding verification details, student dossiers, and more. The institute manages over 200 programmes covering 29,000 international students.

Nedbank security breach
The South Africa-based Nedbank was hit by a third-party security breach that impacted the personal details of 1.7 million users. Attackers infiltrated Computer Facilities (Pty) Ltd, a South African company that provided marketing services to the bank. The company took down its systems to prevent further attacks or breach of customer data.

Top Malware Reported in the Last 24 Hours

Parallax RAT
A remote access trojan (RAT) named Parallax was found to be widely distributed through malicious spam campaigns. When installed, it allows attackers to gain full control over an infected system. The malware was being offered for as low as $65 a month on underground forums.

xHelper Android malware
A researcher from Malwarebytes found the new xHelper Android malware strain targeting US-based phones. The malware is capable of reinfecting target devices even after factory reset by leveraging a malware dropper hidden inside certain Android directories.

Ukrainian Blackout malware
Security experts at Venafi observed that the malware used in attacks targeting Ukrainian power utilities is now being deployed widely to steal SSH keys. By compromising a single SSH key, attackers could gain undetected root access to mission critical systems to spread malware or sabotage processes, as per the researchers.

500 malicious Chrome extensions
Google removed more than 500 malicious Chrome extensions with millions of downloads from the Chrome Web Store. These extensions were found uploading private browsing data to attacker-controlled servers. Google removed the extensions due to violation of user privacy.

Sextortion-focused ransomware strain
Researchers at Emsisoft spotted a new ransomware strain dubbed Ransomwared that demands victims’ private photos to send a decryption tool to unlock all the encrypted data. However, the researchers indicate that ransomware strain is not very sophisticated in its design.

Top Vulnerabilities Reported in the Last 24 Hours

Voting app flaws
MIT researchers identified multiple security vulnerabilities in the mobile voting app called Voatz that was used during the 2018 midterm elections in West Virginia. The researchers found that an adversary with remote access to a target device could potentially alter or see a user’s vote, and that the app server could potentially be hacked to change users’ votes.

Curveball vulnerability
Security experts at Trend Micro found that “Curveball” or CVE-2020-0601, a vulnerability in the core cryptography libraries in Windows under CryptoAPI system, could be exploited by attackers to create their own cryptographic certificates. This could allow attackers to evade detection in Windows by providing fake certificates. 

Top Scams Reported in the Last 24 Hours

Emotet-powered sextortion scams
Security researchers discovered a new sextortion scam sent through an Emotet botnet. The scammers sent malspam to users’ work emails. The new campaign was found to be 10 times more effective than previous campaigns.

 Tags

voting application
xhelper
sextortion scam
institute of international education
rutters store chain
parallax rat

Posted on: February 14, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!