Go to listing page

Cyware Daily Threat Intelligence January 8, 2019

Cyware Daily Threat Intelligence January 8, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Online customers of Titan targeted
Threat actors have breached Titan Manufacturing company’s computer system in order to steal user data. Titan stated that its computer system was compromised by malware from November 23, 2017 to October 25, 2018. The malware was used to steal data like name, billing address, telephone number, payment card number, expiration date, and verification code.

First National Real Estate data breach
Australia’s First National Real Estate group recently suffered a data breach where personal details of the job applicants got exposed. The allegedly leaked data includes full names, addresses, phone numbers, and other PIIs of around 2000 people. It’s assumed that the breach occurred due to use of a third-party online psychometric assessment tool.

OXO data breach
OXO International disclosed a breach incident which spans over 2 years. PIIs of customers from June 9, 2017 to November 28, 2017 and from June 9, 2018 to October 16, 2018 are believed to have been exposed. The firm believes certain PIIs entered by users into their website got compromised. Researchers believe at least one of the compromises was a Magecart attack.

Top Malware Reported in the Last 24 Hours

New Side-Channel attack detailed
A new side-channel attack has been detailed which is effective against OSes like Windows and Linux. The attack is hardware-agnostic and can be carried out remotely in certain cases. The attack doesn’t target microarchitectural design flaws in CPUs but targets the OS itself. It bypasses security sandboxes, redresses user interfaces, and capture keystrokes. The attack can be modified to work in a remote exploitation scene, where an attacker bombards a remote PC with malicious code to retrieve data from its memory.
GandCrab using Vidar infostealer
GandCrab operators are adding Vidar infostealer which will help the threat actors to access more and more sensitive info before encrypting computer files. Fallout EK is used in spreading the infostealer, which doubled as a downloader for the ransomware. So, attackers can grab payment card data or credentials stored in various applications and scrape details from multiple digital wallets. Vidar is also used as malware dropper which encrypts the victims’ files.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable hot tubs
Thousands of connected hot tubs are found to be vulnerable to remote cyber-attacks. the hot tubs could be remotely controlled by a mobile app, called ‘Balboa Water App’. The app is found to lack authentication mechanism, which allows attackers to gather info found on public resources to find homes with vulnerable hot tubs and target them. Third-party databases could be used to find the GPS location data of a given tub. The Wi-Fi access points on the tubs are found out and leveraged to control the tubs locally.

Twitter API bug spilling location metadata
The old Twitter API bug is spilling enough location metadata from Twitter posts. This data can be useful for threat actors to access private information like users’ home address, workplaces, and sensitive locations they’ve visited. A location data auditing tool called LPAuditor was used to examine tweets for location metadata and infer personal info. The tool relies on publicly accessible geolocation databases and can point to locations related to homes and workplaces very accurately.


vidar infostealer
twitter api bug
oxo international

Posted on: January 08, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.