Share Blog Post
Malware authors are constantly developing more sophisticated strains of existing malware to expand their malicious activities. In the past 24 hours, security researchers have come across new variants of Racoon stealer and Lampion trojan, that are being used against both organizations and individuals. While the new version of Racoon is capable of exfiltrating a wide range of data from about 60 applications on a targeted computer, the new Lampion trojan is using a new template from DPD firm to infect Portuguese banks.
New updates on the activities of MageCart Group 12 have also emerged in the last 24 hours. It has been found that nearly 13 e-commerce sites - out of 40 compromised ones - are still infected with a JavaScript skimmer designed to pilfer payment card details of customers. Some of these sites were compromised as early as September 2019.
Top Breaches Reported in the Last 24 Hours
Decathlon leaks 123 million records
Sports giant Decathlon has leaked over 123 million records due to a misconfigured Elasticsearch database. The exposed records include usernames, unencrypted passwords, social security numbers, phone numbers, and birth dates of both employees and customers.
Samsung declares a data breach
A technical error in Samsung’s ‘Find my Mobile push notification’ allowed people to access the details of other users. Upon being informed, the firm immediately rectified the issue temporarily by removing the ability to log into the store on its website. Samsung also plans to contact the affected individuals about the issue.
Mexico ministry suffers an attack
Mexico’s economy ministry has suffered a cyberattack on some of its servers. Following the attack, the ministry has beefed up its safety measures. It has also disclosed that there is no evidence of compromise of sensitive information.
Invite links leaked online
Invite links for WhatsApp and Telegram groups that are not intended for public access were available through simple lookups on popular web search engines. Both companies have taken some safety measures to protect the privacy of their users. This security lapse could allow illegal activities within a group.
Slickwraps suffers a breach
Slickwraps has issued a breach notification to disclose that the personal details of over 857,000 customers have been compromised due to a vulnerability in its website. The vulnerability in the website caused the leak of firmware’s customers’ data via the social media site.
Tetrad leaks data
A misconfigured Amazon S3 bucket belonging to market analysis company Tetrad had leaked personal data and behavioral profiles on 120 million Americans. It included data extracted from Chipotle employees, a spreadsheet containing the home addresses of Kate Spade customers, and loyalty card accounts for beverage retailer Bevmo.
Top Malware Reported in the Last 24 Hours
Racoon malware evolves
The characteristics of Racoon malware have been modified to steal sensitive data from about 60 applications on a targeted computer. All the popular browsers such as Google Chrome, Mozilla Firefox, Microsoft Edge, Opera, and UC Browser are on the list of targets. The targeted cryptocurrency apps include Electrum, Ethereum, Exodus, Jaxx, and Monero.
New details about MageCart attack
A new report highlights that MageCart Group 12 has infected nearly 40 new websites, 13 of which are still loaded with malicious JavaScript skimmer ‘jquerycdn[.]su’. The affected websites include BioPets, Wellspring Wholesale, D2D Organics, Nilima Home, Silk Naturals, Schlaf team, and Selaria Dias.
DopplePaymer launches its website
Operators of DopplePaymer ransomware have launched a website named ‘Dopple Leaks’ to shame victims that refuse to pay ransoms. The site will also be used to leak files and sensitive data stolen from victim organizations.
Lampion V2
A new version of Lampion trojan has been detected since February 12, 2020. The new malware variant now makes use of templates impersonating the DPD firm to evade detection during the infection process. However, the modus operandi of the variant remains the same. The new version of Lampion trojan is being used against Portuguese banks.
Mozart malware
A new backdoor malware called Mozart is using the DNS protocol to avoid detection while communicating with remote attackers. The malware is believed to be distributed via phishing emails that contain PDFs. These PDFs are linked to a ZIP file located at https://masikini[.]com/CarlitoRegular[.]zip.
Emotet continues to evolve
Researchers have detected two new variants of Emotet trojan that are active since January 2020. The first variant is PP97M/Downldr.IE.gen!Eldorado and the second variant is PP97M/Powload.C.gen!Eldorado. Both are delivered through phishing emails that contain malicious Microsoft Office 365 attachments.
Top Vulnerabilities Reported in the Last 24 Hours
Honeywell releases patches
Honeywell has released security patches for two potentially serious vulnerabilities affecting a web server used by its Notifier fire alarm systems. The vulnerabilities are authorization bypass (CVE-2020-6972) and information disclosure (CVE-2020-6974). Honeywell has addressed the issues with the release of firmware version 4.51. Apart from the firmware update, it has also advised users to follow a few security measures to mitigate attacks arising due to the flaws.
Zyxel fixes 0day
Zyxel has issued an update to fix a zero-day vulnerability found on many of its network-attached storage devices. The flaw could be exploited by an attacker to remotely compromise more than a dozen types of Zyxel NAS products without any help from users.
Vulnerable Moxa devices fixed
Taiwan-based industrial networking provider Moxa has patched 12 vulnerabilities that can be exploited to carry out malicious activities against an organization’s industrial systems. All of the vulnerabilities have been classified as critical or high severity.
Top Scams Reported in the Last 24 Hours
Fraudulent transactions
PayPal accounts linked to Google Pay were being charged with fraudulent transactions ranging from $1.88 to $1953. The issue came to notice on February 22 after numerous people in Germany began reporting that they were charged through Target Stores or Starbucks. Most of the Target Stores used in this fraud transaction are located in New York and North Carolina. It is still unknown how the scammers are stealing the amount from PayPal accounts.
Tags
Posted on: February 25, 2020
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
