Cyware Daily Threat Intelligence, March 21, 2019

See All
Attackers continue to target online retailers and their customers in order to steal financial information and credentials. Now, the cybersecurity landscape witnessed Magecart attackers targeting the bedding websites MyPillow.com and Amerisleep.com. In another instance, ZOLL Medical Corporation suffered a data breach exposing personal and medical information of almost 277, 319 patients.

Apart from the data breaches and cyber attacks that are being witnessed on a daily basis, there are also a few malware strains that have been reported in the last 24 hours. Researchers observed Fin7 threat group’s comeback with two new malware samples ‘SQLRat’, ‘DNSbot’. Meanwhile, another set of researchers spotted a Microsoft office document with a malicious payload that uses techniques to bypass Microsoft security mechanisms.

Despite all the major cyber attacks and new threats, organizations continue to release security updates in order to secure their systems. Drupal has released a security update to address the moderately critical cross-site scripting vulnerability. Facebook has issued a patch for the critical Denial of Service (DoS) bug.

Top Breaches Reported in the Last 24 Hours

Bedding sites attacked
Magecart threat group targeted the bedding websites MyPillow.com and Amerisleep.com in order to steal customers’ personal information and payment card information. The pillow manufacturing company MyPillow was reported to be hit with Magecart attacks in 2018 and Amerisleep was said to be targeted in 2017. While MyPillow has restored its site after the attack, Amerisleep is yet to respond with a fix.

ZOLL Medical Corporation data breach
ZOLL Medical Corporation suffered a data breach exposing personal and medical information of almost 277, 319 patients. The exposed information includes patients’ names, addresses, dates of birth, social security numbers, and medical information. The medical corporation is offering free credit and identity monitoring services for one year to all the potentially affected patients.

Top Malware Reported in the Last 24 Hours

SQLRat and DNSbot
Researchers observed the come back of Fin7 threat group with a new administrative panel and previously unseen malware samples. In the new campaigns, researchers observed two new malware samples ‘SQLRat’, ‘DNSbot’ and the threat group’s new attack administrative panel ‘Astra’. Astra which is written in PHP, acts as a script management system and pushes malicious scripts to compromised computers.

Office document contains a malicious payload
Researchers spotted a Microsoft office document with a malicious payload that uses techniques to bypass Microsoft security mechanisms such as the AppLocker and the Anti Malware Scan Interface (AMSI). The office document lures users to enable MACRO execution to display the real content, while silently executing the malware infection chain in background.

Top Vulnerabilities Reported in the Last 24 Hours

Google Photos bug
A security researcher uncovered that Google Photos is vulnerable to a browser-based timing attack called Cross Site Search. This vulnerability could allow attackers to infer the metadata of the images stored in Google Photos. The metadata information includes photos’ geolocation details, date, time, and more. To be precise, the vulnerability could allow attackers to know where, when, and with whom your photos were taken.

Drupal patches cross-site scripting vulnerability
Drupal has released a security update to address the moderately critical cross-site scripting vulnerability. The vulnerability has been fixed in versions Drupal 7.65, Drupal 8.5.14, and Drupal 8.6.13. Drupal requests users who are using versions Drupal 7.5, 8.5, and 7.6 to update to the latest versions.

Facebook patches DoS bug
Facebook has issued a patch for the critical Denial of Service (DoS) bug. The Denial-of-Service (DoS) vulnerability was detected in Facebook Fizz, the social media giant's open source implementation of the Transport Layer Security (TLS) protocol. The vulnerability was detected by a security researcher at Semmle's research team Kevin Backhouse. Facebook has rewarded the research team with $10,000 for the discovery.

Top Scams Reported in the Last 24 Hours

BEC scammer pleads guilty
A scammer named Evaldas Rimasauskas, 50, who operated a Business Email Compromise (BEC) scam against Google and Facebook and earned over $100 million pleaded guilty. The BEC scam attack tricked Google and Facebook into wiring funds to his accounts. The scammer is to be sentenced on July 24, 2019.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, March 22, 2019
Next
Cyware Daily Threat Intelligence, March 20, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.