Go to listing page

Cyware Daily Threat Intelligence, March 11, 2019

Cyware Daily Threat Intelligence, March 11, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Citrix data breach
Foreign hackers ransacked the complete internal network system of Citrix to steal over 6TB of data. This included emails, business docs and internal secrets of the firm. The firm was informed about the incident by FBI, who believe this to be the work of the Iran-based IRIDIUM threat actor group. The threat actor group used a combination of TTPs to bypass the defense wall.  

New details emerged on Verifications.io data breach
Three new unprotected databases containing records belonging to the email marketing company Verifications.io have been discovered. With the discovery of the new databases, it is believed that more than two billion records belonging to the firm might have been exposed. Earlier, only one misconfigured database was discovered by researchers. It exposed up to 809 million email addresses, phone numbers, business leads, and bits of personal information on the internet.  

Columbia Surgical Specialists pay $15,000 ransom
Columbia Surgical Specialists paid $15,000 ransom to deal with a ransomware attack. The ransomware attack had left the healthcare organization with nothing but encrypted files. The incident affected over 400,000 patients. The data compromised in the attack included patients’ names, driver’s license numbers, Social Security numbers and protected health information.  

Top Malware Reported in the Last 24 Hours

STOP ransomware evolves
The prolific STOP ransomware has been enhanced with new capabilities. The new STOP Promorad ransomware variant is now capable of installing AZORult info-stealing trojan onto victims’ systems to steal account credentials, browser history, desktop files, cryptocurrency wallets, and more. The collected information is then sent to the server operated by the attackers. Besides this, it also encrypts the files and appends them with .promorad extension.

Emotet trojan spreads it tentacles
Researchers discovered that the Emotet trojan had increased its malicious activities towards the end of 2018. Several organizations in Latin America and Asia have been found to be affected by the infamous Trojan. The threat actors behind the trojan are targeting an array of sectors, from finance and retail to technology to steal sensitive data.

Decryption key for BigBobRoss ransomware released
Avast and Emsisoft have released free decryption keys for BigBobRoss ransomware. The ransomware gets its name from the email address included in the ransom note. The ransomware’s propagation method is unknown. However, it is found that the BigBobRoss uses an AES-128 encryption scheme to encrypt victims’ files.    

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Ultrasound machines
Researchers at Check Point discovered that several ultrasound machines are still running on the legacy software, Windows 2000 version. This can enable attackers to manipulate the records, replace the patient names and execute ransomware. Worst even, the cybercriminals can abuse the flaw to move laterally across the network. Hackers can steal patients’ records and later use them for identity theft.  

Facebook Messenger bug
Researchers have spotted a flaw in the web version of Facebook Messenger. The bug can let the website expose a user’s chat history to anyone. This is done using a Cross-Site Frame Leakage attack which exploits the iFrame elements on the web version of Messenger. Upon discovery, Facebook immediately mitigated the issue by randomly creating iFrame elements.

Bug in Windows 7
A critical bug in Windows 7 can be exploited by cybercriminals to take control of someone’s computer. The flaw exists in the core elements of the operating system that are supposed to stop data in one program interacting with anything outside that application. Microsoft is working on fixing the issue.

Top Scams Reported in the Last 24 Hours

New ATM skimming attack
Researchers have discovered a new type of ATM skimming attack. Here, the scammers are hijacking the in-built camera of the ATM to place the skimmer card. The card consists of a camera component which is angled towards the cash’s machine’s PIN pad. This enables the scammers to record the victims' PINs. The PIN grabbed is paired with an ‘insert skimmer’ that is not visible from outside and easily fits into the ATM’s card acceptance slot. Once the scammers get hold of the victims’ PINs, they can create an exact copy of the card and used it at another ATM to empty saving accounts.


unprotected databases
emotet trojan
bigbobross ransomware
stop ransomware
identity theft

Posted on: March 11, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.