Cyware Daily Threat Intelligence, July 29, 2019

Share Blog Post

Cyberattacks on healthcare firms are on the rise since the past few years. In the last 24 hours, two ransomware attacks on two different healthcare organizations have been reported. The victims of these attacks are Bayamón Medical Center and Puerto Rico Women & Children’s Hospital. While the attack on Bayamón Medical Center has affected over 400,000 patients, Puerto Rico Women & Children’s Hospital has reported that nearly a hundred thousand patients were impacted by the attack. 

In a data breach incident, online e-commerce site Sephora has admitted that a data breach has affected its customers in Southeast Asia, New Zealand and Australia. The breach exposed full names, birth dates, gender, email addresses and encrypted passwords of customers. 

A new promotional scam that tricked WhatsApp users into revealing their personal details was also uncovered in the last 24 hours. The scam was propagated through a message that claimed to offer 1000GB of free internet data.   

Top Breaches Reported in the Last 24 Hours

Hospitals suffer ransomware attacks
Bayamón Medical Center and Puerto Rico Women & Children’s Hospital are the latest victims of ransomware attacks. The hospitals have notified HHS about the incident on July 19, 2019. While the attack at Bayamón Medical Center has affected 422,496 patients, Puerto Rico Women & Children’s Hospital reported that 99,943 patients were potentially affected due to the ransomware infection. 

Sephora data breach
Sephora has admitted to a data breach that has affected its customers in Southeast Asia, New Zealand and Australia. The breach occurred due to unauthorized third-parties. This has exposed full names, birth dates, gender, email addresses and encrypted passwords of customers. The cosmetics company claims that no credit card information was accessed in the attack.

Wallingford student information exposed
A security lapse due to a Pearson Clinical Assessment has exposed the information of several students studying in Wallingford school. The information includes a ‘limited number’ of student names, and in some cases dates of birth and email addresses. However, Social Security numbers, credit card data or other financial details were not involved in the incident.  

Comodo’s internal files accessed
A security researcher has managed to steal internal files and documents owned by Comodo by using a login credential exposed on the internet. The credentials, which belonged to a software developer of Comodo, was available in the GitHub repository. As a result of the security lapse, the researcher was able to access sales documents and spreadsheets stored in the company’s OneDrive.

Top Malware Reported in the Last 24 Hours

Zegost info-stealer
Researchers have uncovered a new campaign that makes use of Zegost info-stealer malware. The malware is believed to have been created by Chinese-based threat actors who are targeting government networks in China. The malware is known to steal victim’s information that resides in the compromised network.

Unique steganography technique
An unusual steganographic technique to implant a malicious web shell on vulnerable websites has been spotted in Latin America. The attackers are hiding PHP scripts in EXIF headers of JPEG images to upload malware onto targeted websites. EXIF is a standard that specifies the characteristics of images, sound and ancillary tags used by cameras, scanners and other devices.

Bypassing Visa card security
A group of security researchers has found a way to bypass the £30 limits on Visa cards and drain as much amount as possible. The group has termed it as contactless fraud. The crime can be conducted without stealing the credit card. This is possible when the user is not careful with mobile payment machine or through a credit card reading machine.  

Top Vulnerabilities Reported in the Last 24 Hours 

LinkedIn flaw
A researcher has discovered a serious flaw in a LinkedIn feature that can allow users to post an official-looking job opening on nearly any company’s LinkedIn business page. This manipulated job list also appears in the LinkedIn’s job search and requires no approval process. Scammers can take advantage of this aggregated list and steal personal data of applicants who are looking for jobs.

Vulnerable LibreOffice
LibreOffice has been found to be impacted by a major code execution flaw which could allow anyone to execute arbitrary Python commands through the application. The flaw is tracked as CVE-2019-9848 and stems from a LibreOffice component called LibreLogo.  
Top Scams Reported in the Last 24 Hours

Fake Wi-Fi spots
Seven in ten British users have been found using free public Wi-Fi, with 25% of them failing to check the legitimacy of the public hotspot. This can allow cybercriminals to eavesdrop on users and steal usernames, passwords, and bank details. The Wi-Fi connections are created to have innocuous-sounding names such as ‘airport WiFi’ or ‘hotel Wifi’ and can also redirect victims to malicious sites and phishing sites.   

1000GB of free data scam
A new WhatsApp scam that claims to offer 1000GB of free internet data to users has been doing rounds on the internet lately. The offer claims to be a part of the 10th anniversary for WhatsApp and is provided as a gift to users who have been loyal to the service. It includes a link which a user needs to click on to avail the offer. 


zegost info stealer
bayamon medical center
free data scam

Posted on: July 29, 2019

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!