Cyware Daily Threat Intelligence, January 29, 2020

Share Blog post

Manufacturing industries, chemical plants, and nuclear industries need to be more cautious than ever as a new ransomware named ‘Snake’ has been detected by security experts. The ransomware has been designed to lock up or even delete data on industrial control systems. The ransomware searches for hundreds of specific programs, including many industrial processes that belong to General Electric Co., in order to terminate them and allow it to encrypt the files.

In another incident, a US-based diagnostic lab LabCorp had inadvertently exposed 10,000 medical documents due to a security flaw in its website. This was the second time the firm had come under fire for failing to protect patients’ data within a 12 months period. The gas station and convenience store giant WaWa Inc. also had to bear the brunt after a massive database containing data from 30 million customer payment cards was put up for sale on the infamous Joker’s Stash dark web forum.

In a major security update, Apple has rolled out new versions of its operating systems for iPhone, iPad, iPod touch, Apple Watch, Mac, HomePod, and Apple TV devices. These new versions offer bug fixes and performance improvements to a wide range of Apple devices.

Top Breaches Reported in the Last 24 Hours

LabCorp suffers a second data breach
A security flaw in LabCorp’s website had left exposed 10,000 medical documents on the internet. This is the second time that the diagnostic lab has suffered a massive data breach in a span of 12 months. The document contained names, dates of birth, and in some cases Social Security numbers of patients. The bug has now been fixed, preventing further leak of data.

WaWa Inc. data breach
As per the latest developments, security researchers have uncovered that data from 30 million cards of WaWa customers are put up for sale on Joker’s Stash dark web market. It is likely that the hackers will release additional card data in batches over the next 12 to 18 months. The gas station and convenience store chain had disclosed in December 2019 that it had suffered a massive data breach which went on for a nine-month-long period.

Tissue Regenix Group PLC attacked
Regenerative medical technology company Tissue Regenix Group PLC has temporarily closed its manufacturing plant in America following a cybersecurity breach. The firm revealed that its computer systems and a third-party IT service provider in the United States were accessed without authorization. However, the incident has not affected any of Tissue Regenix’s operations in the UK.

Echo of Moscow radio station hit
For two weeks, the website of the Echo of Moscow radio station and the computers were hacked following a very powerful DDoS attack. Because of this, part of the telephone service was also affected. The firm is working along with law enforcement agencies to resolve the matter.

Cornerstone payment solutions affected
An unprotected database belonging to Cornerstone Payment Systems had spilled 6.7 million transaction records online. The records contained payee names, email addresses and in many cases postal addresses. The company took the database offline when it became aware.

Top Malware Reported in the Last 24 Hours

Snake ransomware
A new ransomware called ‘Snake’ has the ability to lock up or even delete data on industrial control systems. Just like other ransomware, Snake removes all file copies from infected stations, preventing the victims from recovering encrypted files. A further investigation by researchers has revealed that the Bahrain Petroleum Co. was potentially affected by the new cyberthreat.

Top Vulnerabilities Reported in the Last 24 Hours

Magento fixes flaws
Magento has updated its e-commerce software for all supported platforms with fixes for multiple vulnerabilities. The vulnerabilities affect Magento Commerce (2.3.3/2.2.10 and below), Open Source (2.3.3/2.2.10 and below), Enterprise Edition (1.14.4.3 and earlier), and Community Edition (1.9.4.3 and earlier). The updates address six vulnerabilities, half of them rated critical.

Zoom fixes ID flaw
Zoom has now reported a flaw that was found and fixed last year. The flaw lies in the fact that Zoom uses 9,10, or 11 digits for its meeting ID numbers. The flaw can allow threat actors to predict meeting ID numbers, enabling them to enter private conversations.

Apple releases updates
Apple has released updates for its operating systems for iPhone, iPad, iPod touch, Apple Watch, Mac, HomePod, and Apple TV devices. The latest versions include iOS 13.3.1, watchOS 6.1.2, macOS 10.15.3 Catalina, and tvOS 13.3.1. These versions offer bug fixes and performance improvements to iPhones and iPads.

Top Scams Reported in the Last 24 Hours

FBI warns about the spike in scams
The Federal Bureau of Investigation (FBI) has issued a warning about a spike in its phone number being used for Social Security fraud. Scammers are using online services to spoof the real phone numbers of government agencies to trick the recipients into believing that it is actually coming from the original source. With the right social engineering skills, fraudsters can trick victims into sending them money in various forms. To make the interaction appear legitimate, the fraudsters provide a name and a badge number, both of which are fake.

 Tags

wawa inc
zoom
cornerstone payment solutions
snake ransomware
magento

Posted on: January 29, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!