Cyware Daily Threat Intelligence May 18, 2018

Nethammer attack
After Throwhammer, researchers have now demonstrated a second network-based remote technique named Nethammer. The attack can be used on systems that use uncached memory or flush instructions while handling network requests. This can help attackers to execute arbitary code on the targeted systems by rapidly writing and rewriting memory used for packet processing.

MEWKit phishing attack
A criminal group has developed a new sophisticated scheme to hijack Ethereum wallets. Dubbed as MEWKit, the phishing campaign mimics the MyEtherWallet site with an intention to steal credentials and later uses it to transfer funds without the knowledge of users. The back end of MEWKit allows the attackers to monitor the amount of Ethereum collected and keep a record of private user keys and passwords which can be used for further attacks.

Dharma ransomware variant
A new variant of Dharma/Crysis ransomware has been discovered to use the .Bip extension. The new variant is propagated via spam emails. Upon installation, it encrypts the files on victims' computer and later appends them with .Bip extension. This is done to extort victims to pay in Bitcoin for their encrypted files. LocationSmart leaks location
LocationSmart, a US-based company that accumulates real-time data about the location of mobile phone devices, has been leaking information due to a buggy component on its website. The bug revealed the location of users using AT&T, Sprint, T-Mobile and Verizon phones.

Data breach at L.A. County
A misconfigured Amazon web server at a nonprofit organization that operates Los Angeles County's social service hotline, has resulted in the exposure of personal information of its customer. The leaked data includes names, email addresses & passwords of users operating the 211 system. It also includes records of 3.5 million calls and 33,000 Social Security numbers.

CBC's data compromised
Around 20,000 people including employees might have been affected by a data breach that took place at CBC (Canadian Broadcasting Corporation). The breach occurred when an intruder broke into a secure area of CBC and stole a piece of computer equipment. Though the stolen equipment was password-protected, it is believed that the system contained electronic files including some financial information.