Cyware Daily Threat Intelligence, May 13, 2019

See All
Several new data breaches and security incidents have come to light in the past 24 hours. Attackers broke into several Pacers Sports & Entertainment (PSE) employees’ accounts and gained access to customers’ personal information. The Southeastern Council Alcoholism and Drug Dependence (SCADD) suffered a ransomware attack impacting patients’ personal and medical information. Meanwhile, FirstBank is canceling services for issued debit cards and is providing new ones after an external security incident impacted its customers’ bank accounts.

Apart from data breaches, there were also a few vulnerabilities that have been reported in the last 24 hours. A security researcher has uncovered almost 100 vulnerabilities in building management and access control systems. Researchers have detected a remote code execution (RCE) vulnerability in the window function functionality of SQLite3. Likewise, several vulnerabilities have also been found in an Alarm & GPS device that has been used by elderly patients across the world.

Researchers also observed the emergence of a malware strain. A legitimate looking site pretending to promote the popular KeePass password management software was found distributing malware.

Top Breaches Reported in the Last 24 Hours

Pacers Sports & Entertainment data breach
Attackers gained unauthorized access to several Pacers Sports & Entertainment (PSE) employee accounts between October 15, 2018, and December 4, 2018, and compromised customers’ personal records.  The exposed information includes names, addresses, dates of birth, passport numbers, health insurance information, driver's license/state identification numbers, account numbers, payment card numbers, digital signatures, login credentials, and Social Security numbers.

FirstBank data breach
FirstBank suffered an external security incident which led to the compromise of its account holders’ bank accounts. This incident has impacted nearly 50 FirstBank account holders. The bank is now canceling previously issued debit cards in order to reduce the risk of improper access to bank accounts.

The Southeastern Council on Alcoholism and Drug Dependence ransomware attack
The Southeastern Council Alcoholism and Drug Dependence (SCADD) suffered a ransomware attack impacting certain personal information of patients. The ransomware infected system contained patient data such as names, addresses, Social Security numbers, as well as medical history and treatment information. The organization is providing free credit monitoring and identity protection services to all potentially affected individuals.

UMC Southwest Gastroenterology data breach
UMC physicians are notifying patients about a data breach that occurred due to an unsecured cloud storage network. Two employees have created a Google shared drive each to track follow-up tasks related to patient care such as lab results, appointments, procedures, and therapies. Furthermore, one employee has forwarded emails to an unsecured Google Gmail account. This has led to the compromise of patients’ PHI (Protected Health Information).


Top Malware Reported in the Last 24 Hours

Fake site promoting KeePass drops malware
A legitimate looking site that pretends to promote the popular KeePass password management software is distributing malware on unsuspecting visitors. This site is part of a larger network of sites that distribute adware bundles including information-stealer trojans, miners, ransomware, and backdoors.


Top Vulnerabilities Reported in the Last 24 Hours

100 vulnerabilities in building management and access control systems
A security researcher has uncovered almost 100 vulnerabilities in building management and access control systems from four major vendors including Nortek, Prima Systems, Optergy, and Computrols. The vulnerabilities include default and hardcoded credentials, command injection, cross-site scripting (XSS), path traversal, unrestricted file upload, privilege escalation, authorization bypass, clear-text storage of passwords, cross-site request forgery (CSRF), arbitrary code execution, authentication bypass, information disclosure, open redirect, user enumeration, and backdoors.

Vulnerability in SQLite3
Researchers have detected a vulnerability in the window function functionality of SQLite3 which could allow attackers to perform remote code execution. Attackers can send a malicious SQL command to trigger this vulnerability. The vulnerability tracked as (CVE-2019-5018) impacts the SQLite3 version 3.26.0.

Several vulnerabilities found in popular Alarm & GPS device
Several vulnerabilities have been found in an Alarm & GPS device that has been used by elderly patients across the world. The vulnerabilities in this constantly-rebranded device could allow an attacker to call the device and have the call automatically answered, edit or delete all emergency contacts, disable GPRS, disable motion alarm and fall detection, as well as shut down the device.


Top Scams Reported in the Last 24 Hours

SIM swapping scammers arrested
The US Department of Justice (DOJ) has charged 6 scammers with a maximum penalty of 20 years in prison for committing a SIM swapping fraud. These 6 scammers belonging to a hacking group named “The Community” have earned a total of $2.5 million worth of cryptocurrency from this campaign.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, May 14, 2019
Next
Cyware Daily Threat Intelligence, May 10, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.