Cyware Daily Threat Intelligence, March 22, 2019

See All
Despite strict data protection policies, companies continue to expose users’ private data due to negligence. HMD Global inadvertantly included a data collection package inside some Nokia 7 Plus smartphones that collected device owners' information and sent to a server located in China. Meanwhile, Oregon’s Department of Human Services (DHS) suffered a data breach compromising private data of over 350,000 clients.

Apart from the data breaches that are being witnessed on a daily basis, there are also a few new threats that have been reported in the last 24 hours. Researchers uncovered that a compromised iPhone app was infecting users’ devices with malware. Researchers also detected almost 18 security vulnerabilities in the reference implementation of Java Card technology. In the meantime, the U.S. Food and Drug Administration (FDA) disclosed that security vulnerabilities were detected in Medtronic devices.

Top Breaches Reported in the Last 24 Hours

Ransomware attack
The Police Federation of England and Wales (PFEW) has been hit by a ransomware attack. The ransomware attack encrypted several databases and servers, making data and email services inaccessible. The impacted databases and servers include the PFEW national members database, claims case management system, and the booking system for conference and hotel facilities.

Nokia 7 Plus devices collected and sent user data to China
HMD Global, the company that sublicensed the Nokia smartphones inadvertantly included a data collection package inside some Nokia 7 Plus devices' firmware that collected device owners' information and sent to a server located in China.

DHS Data Breach
Oregon’s Department of Human Services (DHS) suffered a data breach compromising private data of over 350,000 clients. The breach was a result of attackers gaining access to employees’ email accounts. The compromised information includes first and last names, addresses, dates of birth, Social Security numbers, and case numbers.

Top Malware Reported in the Last 24 Hours

iPhone app contains malware
Researchers from The Media Trust uncovered that a compromised iPhone app which had been downloaded by millions of users was infecting users’ devices with malware. The malware which is hidden within the ad’s style sheet calls almost 22 malicious servers to deliver payloads.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerabilities in Java Card
Researchers detected almost 18 security vulnerabilities in the reference implementation of Java Card technology from Oracle which is used in financial, government, transportation, and telecommunication organizations.

Cisco patches critical vulnerabilities
Cisco has released patches to fix the cross-site request forgery vulnerabilities. The vulnerabilities were detected in Cisco’s IP Phone 8800 Series and IP Phone 7800 series. The vulnerabilities could allow attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

FDA discloses vulnerabilities
The U.S. Food and Drug Administration (FDA) disclosed that security vulnerabilities were detected in Medtronic Plc's implantable cardiac devices, clinic programmers, and home monitors. The medical device maker Medtronic is working on security updates to patch the vulnerabilities.

Top Scams Reported in the Last 24 Hours

Bitcoin scammer arrested
Italian authorities recently arrested a Genoa-based bitcoin scammer who impersonated a Swiss crypto firm and tricked Italian investors into investing in bitcoin via gold and cash deposits. The scammer has earned a total of $300,000.





  • Share this blog:
Previous
Cyware Daily Threat Intelligence, March 25, 2019
Next
Cyware Daily Threat Intelligence, March 21, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.