Cyware Daily Threat Intelligence, June 12, 2019

Share Blog Post

Celebrities and big music labels have always been a target of cybercriminals. In the latest incident, Radiohead has released 18 tracks of OK Computer sessions on Bandcamp after hackers stole several archived mini discs from the band’s lead singer Thom Yorke, and demanded a ransom payment of $150,000 to not release them. Meanwhile, Evite has admitted that it suffered a data breach in February. The stolen user data was actually put up for sale in the Dream Market marketplace by the infamous hacker ‘Gnosticplayers.

Recently, researchers observed the come back of FIN8 threat group targeting the hospitality sector with a new variant of POS malware dubbed ‘ShellTea’. The past 24 hours also saw several IT organizations such as Microsoft, Adobe, and Intel released monthly security updates for June, as part of Patch Tuesday. These security updates fix a host of critical vulnerabilities impacting their core products.

Top Breaches Reported in the Last 24 Hours

Radiohead releases 18 tracks of stolen OK Computer sessions
Hackers stole several archived mini discs from the Radiohead’s lead singer Thom Yorke and demanded a ransom payment of $150,000 to stop them from being released to the public. The mini discs contained 18 tracks of OK Computer sessions. Instead of meeting the hacker’s demand, Radiohead themselves released all the stolen tracks on Bandcamp for £18, with all the proceeds going to Extinction Rebellion.

Evite admits data breach
The e-invitations platform Evite has admitted that it suffered a data breach in February. The stolen user data was actually put up for sale in the Dream Market marketplace by the infamous hacker ‘Gnosticplayers’. Evite also provided additional details about the breach. The social planning website revealed that an unauthorized third party gained access to an inactive data storage file that contained Evite user accounts prior to 2013. The data storage file contained user data such as users’ names, usernames, email addresses, passwords, dates of birth, and phone numbers.

Top Malware Reported in the Last 24 Hours

FIN8 threat group back with ShellTea malware
FIN8 threat group is back with a new variant of ShellTea/PunchBuggy backdoor targeting the hospitality industry. The ShellTea malware is a POS malware which is capable of creating and executing files, writing the data or shellcode it received from the C&C server, and executing the shellcode. The malware leverages hashing algorithm to evade detection from antivirus tools.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft releases security updates
Microsoft has released its June 2019 Updates which fixes 88 security flaws affecting a range of its products. Out of the 88 flaws, 21 were rated ‘critical’ by Microsoft. The security updates also fix 9 remote code execution vulnerabilities found in the tech giant’s Office products such as Word 2010, Word 2013, Word 2016, Office 2010, Office Online Server, SharePoint Foundation 2013, Project Server 2010, SharePoint Server 2010, and SharePoint Server 2010 Office Web Apps.

Adobe releases security updates
Adobe has released security updates that fix arbitrary code execution vulnerabilities impacting Adobe ColdFusion (versions 2018,2016 and 11), Adobe Campaign Classic, and Adobe Flash Player. Through these vulnerabilities, attackers could have complete control of affected systems. CISA recommends Adobe users to update to the necessary patches.

Intel releases firmware updates
Intel has released firmware updates to fix the high-severity bugs that could allow an attacker to perform privilege escalation, denial of service (DoS), and information disclosure. The vulnerabilities impact NUC Kits and the RAID Web Console utility for Windows.

Top Scams Reported in the Last 24 Hours

Zelle Account Scam
Scammers are swindling funds from unsuspicious victims by tricking them to provide a six-digit text code they receive from their banks. The scammers then create a Zelle account impersonating the victims and gain access to their savings accounts. Upon which, they will transfer funds from the victims' savings accounts to their accounts.


arbitrary code execution vulnerabilities
denial of service dos bug
shelltea malware
privilege escalation
zelle account scam
fin8 threat group
remote code execution vulnerabilities
data breach

Posted on: June 12, 2019

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!