Share Blog post
A new cryptocurrency miner, dubbed PyRoMineIoT, has been discovered by security researchers. The miner is abusing a National Security Agency-linked remote code execution in order to scan for vulnerable Internet of Things (IoT) devices. The malware uses malicious website disguised as security updates for web browsers, to spread itself.
LuckyMouse hacker group
Security researchers are of the belief that the LuckyMouse hacker group has launched a campaign targeting National Data Center (NDC) in Central Asia. Hackers carried out this attack by inserting malicious scripts in official websites and conducting watering hole attacks. HyperBro Trojan was used as the last stage in-memory RAT.
Investigations revealed that the BuhTrap malware was used in the recent attacks on Banco de Chile that stole US$ 10 million from the bank. The malware was created using the open-source Nullsoft Scriptable Install System. Buhtrap malware and its components, including MBR Killer, have a notorious reputation in Russia and Ukraine.
Google has released an update to Chrome to version 67.0.3396.87. This update contains patches to the vulnerability that can allow hackers to take control of the affected system. It is available for Windows, Mac, and Linux. Google mentioned that they will retain the restrictions if the bug exists in a third-party library.
Microsoft Patch Tuesday
A flaw in Cortana allows hackers to acess data and reset passwords on locked Windows PCs. Researchers discovered that Cortana can be manipulated into executing PowerShell commands. However, hackers would need physical access to a PC and get Cortana to index files from a USB drive and execute them.
Dixons Carphone announced a data breach that resulted in the loss of 5.9 million payment cards and 1.2 million personal data records. Luckily sensitive information like PIN numbers and CVV details haven't been stolen. However, about 105,000 payment cards from outside the EU and without chip and pin protection were accessed. The company said that there were attempts since last July.
AcFun discloses data breach
Chinese video streaming platform AcFun disclosed a data breach incident that stole data from thousands of users. User IDs, nicknames, and passwords stored on the company’s encrypted servers were exposed by hackers. Users are advised to change their passwords immediately.
Security breach at Elmcroft Senior Living
The Elmcroft Senior Living has been recently hit by a security breach. Hackers got hold of personal information of its residents, employees, clients, and patients. The breach is said to have occurred in the middle of May 2018.
Posted on: June 13, 2018
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.