Cyware Daily Threat Intelligence, March 13, 2019

Top Breaches Reported in the Last 24 Hours

Indonesia’s voter data under attack
Chinese and Russian hackers are targeting Indonesia’s voter data in a bid to disrupt the country’s upcoming presidential election. According to reports, the attackers aiming the voter data in an attempt to manipulate content as well as create ghost voters or fake voter identities. The latest developments come in the wake of a crackdown in Indonesia on fake news and the use of social media to influence voters.

Kathmandu data breach
A month-old data breach at an apparel firm Kathmandu has exposed personal details of thousands of customers. The incident occurred after an unidentified third-party gained access to the ‘Check-Out’ page of the website. The breach occurred between January 8 and February 12. The information compromised in the breach includes billing addresses, email addresses, phone numbers, gift card details and credit card details of customers.

Ransomware attack on CPCS
A  ransomware attack at The Committee for Public Counsel Services (CPCS) has affected the overall operation of the agency. As a result, email systems were disabled and several payments for the attorney were halted. The CPSC is working on unlocking the encrypted servers for the past two weeks.   

Several firms impacted
Box, one of the popular file-sharing platforms, was found leaking sensitive data belonging to a dozen firms. According to reports, hundreds of thousands of documents have been exposed due to the improper security configuration is the Box enterprise accounts. These documents included sensitive details such as Social Security Number, Bank Account Numbers, Employee lists, Financial details, IT data and passport photos.    

Top Malware Reported in the Last 24 Hours

Operation Comando
Researchers came across a new cyber espionage campaign that uses CaptureTela trojan to infect firms in the hospitality sector. Dubbed as ‘Operation Comando’, the attack campaign has been active since August 2018. However, researchers came to know about it in December 2018. Phishing emails are used to perform the campaign.    

PsMiner malware
A new monero-mining malware dubbed ‘PsMiner’ has been found recently. It spreads by exploiting known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SQL server. The malware is written in the Go language and includes worm-like capabilities.

Nymaim downloader
Nymaim is one prominent malware downloader appearing regularly in the wild. During the initial days,  it was mainly used as ransomware. However, in 2016, it evolved to distribute Ursnif banking trojan. The malware downloader is primarily distributed via Blackhole exploit kit. In some instances, it has been also distributed via phishing emails.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches 64 bugs
Microsoft released security patches and 4 advisories as a part of March Patch Tuesday. The security patches released are for 64 vulnerabilities discovered in its multiple products. Out of the 64, 17 have been rated ‘Critical’ on the severity scale. The critical vulnerabilities include four memory corruption vulnerabilities in Scripting Engine and two remote code execution vulnerabilities in Windows VBScript Engine.  

Adobe releases security patches
Adobe has released security patches for two vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. The flaws are tracked as CVE-2019-7094 and CVE-2019-7095. These vulnerabilities can allow attackers to take control of an affected system. The users are requested to update their installation to the latest version as soon as possible.

A flaw in the Swiss e-voting system
A vulnerability has been detected in the Swiss e-voting system. It can allow attackers to gain access to the voting system and manipulate cast votes. The vulnerability exists in the cryptographic system that verifies the cast votes. The company which developed the system is working on fixing the issue.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, March 14, 2019
Next
Cyware Daily Threat Intelligence, March 12, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.