Cyware Daily Threat Intelligence, July 26, 2019

See All
Human error can sometimes undermine even the best of security measures. Recently, the National Australia Bank (NAB) has admitted that it has accidentally uploaded personal information of 13,000 of its customers to the servers of two data service companies. 

In another major data breach incident, an unprotected server held by a Brazilian service provider has leaked around 250GB data belonging to several local banks. Although the number of banks and individuals impacted in the breach is unknown, it is found that a major chunk of the leaked data belonged to a local firm named Banco Pan. 

With ransomware attacks making it difficult to retrieve data, paying the ransom is the last resort for some organizations. Park DuValle Community Health Center has paid a ransom of $70,000 following a ransomware attack in June. The healthcare firm was forced to carry out its operations manually for the last seven weeks. 

Top Breaches Reported in the Last 24 Hours

250GB data leak
An unprotected server belonging to a Brazilian services provider has exposed around 250GB data belonging to several local banks. The number of individuals affected in the incident unknown. However, it is found that a sizeable chunk of data exposed relates to a local firm Banco Pan. Exposed personal data includes scanned ID and social security cards. The misconfigured server also contained documents provided as proof of address as well as had service request forms. 

Park DuValle pays ransom
Park DuValle Community Health Center has paid a ransom of $70,000 following a ransomware attack in June. The healthcare center had suffered an attack earlier in April 2019. However, it had managed to restore the affected systems without paying the ransom. This time, the organization had decided to pay the ransom after consulting with the FBI and information technology specialists.

NAB inadvertently shares customer data
The National Australia Bank (NAB) has inadvertently uploaded personal information of approximately 13,000 customers to the servers of two data service companies. The compromised data included customers’ names, birth dates, contact details and in some cases government-issued identification numbers. However, no NAB login details or passwords have been compromised. The bank has notified industry regulators and OAIC about the incident.

Ransomware hits an electric utility
A ransomware attack at the South African electric utility City Power at Johannesburg has affected its systems, including databases and applications. The name of the ransomware is unknown. However, it has blocked some clients from buying electricity units using the prepaid electricity vending system. So far, the firm has managed to restore most of its IT applications and networks. 

Synology suffers brute force attack
Synology is warning its NAS device users that attackers have recently stolen device admin credentials using a brute-force attack. The purpose of this attack is to deliver ransomware known as eCh0raix. The firm has recommended its customers to use Synology’s network and account management settings to prevent the internet-based attacks.   
  
Top Malware Reported in the Last 24 Hours

Guildma malware
Guildma is an updated version of Astaroth trojan. It originates in Brazil and has affected 130 banks and web services such as Netflix, Facebook, Amazon and Google Mail. The banking trojan was first detected in May 2019 and its activity has spiked in June 2019. The malware is distributed through phishing emails. 

TxHollower
A new variant of malware-loading technique that makes use of Process Doppelgänging has been spotted in the wild.  Called TxHollower, it is a type of malicious code that specializes in loading a second-stage malware payload onto a victim’s system. Researchers believe TxHollower loaders are available to cybercriminals through some offensive framework or exploit kit. 

New evasive Magento skimmer
Malicious actors are using fake Google domains to deceive unsuspecting victims in a new card-skimming campaign. These sites are infected with a malicious credit card skimmer that supports dozens of payment gateways.   

Top Scams Reported in the Last 24 Hours

Sextortion scam
The Australian government’s cybersecurity agency has warned Australians about a sextortion scam that threatens to send intimate images of the victim unless a ransom is paid. The email looks like it is coming from the victim’s own email address, giving the impression that criminals have control of the person’s account.  The email also claims to have compromised the recipient’s computer, router and other electronic devices. To make it scarier, it includes a password which the recipient has used in the past.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 29, 2019
Next
Cyware Daily Threat Intelligence, July 25, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.