Cyware Daily Threat Intelligence May 08, 2018

May Android updates
Android Security Patches for May 2018 have been released by Google for supported Pixel and Nexus devices. The updates fixed around 22 security vulnerabilities across various components and also added improvements. The update is being released in a phased manner and will be available for all users in a few days.

Security flaw in 7Zip
A serious security vulnerability has been discovered in all versions of 7Zip prior to 18.05. By exploiting this vulnerability, hackers can install programs on victim’s PC, view, edit, or delete data, or create new user accounts with full access rights. Mac users aren't affected by the flaw. Windows users are advised to apply the ‘Principle of Least Privilege’ to all systems and services.

baseStriker method
Cyber criminals have come up with a new attack method, dubbed base Striker, to ensure that the URLs included in phishing emails bypass the Safe Links security feature in Office 365. Even though currently this method is just used to launch phishing attacks, researchers believe that this can be used to deliver malware. Data breach at Fleetcor Technologies
Fleetcor Technologies released a statement that the company's gift card systems were accessed by an unauthorized party, who stole a huge number of gift cards and PIN numbers. The incident likely occurred last month. Good news: there's no evidence of any other breach in the company network.

Data breach at Sheffield Credit Union
A data breach at the Sheffield Credit Union impacted around 15,000 members. Personal information including names, telephone numbers, addresses, savings balances, loan agreements, national insurance numbers, bank sort codes and account numbers were accessed by the hackers. Members are warned to look out for possible phishing attacks and identity theft.

Drupal sites under attack
A major cryptojacking campaign has been uncovered by security researchers, targeting Drupal sites. Hackers exploited the two vulnerabilities--CVE-2018-7600 and CVE-2018-7602--that were found in over 1 million websites. The attack is said to have impacted at least 348 government and university websites all over the world.