Cyware Daily Threat Intelligence, November 01, 2019

See All
State-sponsored hacking groups have increasingly become a major security threat for industrial systems and parts of critical national infrastructure globally. Now, researchers have discovered the new MessageTap malware created by the Chinese state-sponsored hacking group APT41. The malware targets the Short Message Service Center (SMSC) servers run by telecom operators in order to steal incoming SMS messages.

The past 24 hours also saw a first of its kind cyberattack on the Utah-based renewable energy provider sPower. The company was hit with a cyberattack exploiting unpatched firewall systems to disconnect the operator from its wind and solar power generation units.

Meanwhile, Google has disclosed a use-after-free zero-day vulnerability in the Chrome web browser. The bug, discovered by two Kaspersky researchers, was actively being exploited in the wild.

Top Breaches Reported in the Last 24 Hours

Cyberattack on energy provider
The Utah-based renewable energy provider sPower was hit with a cyberattack exploiting unpatched firewall systems to disconnect the operator from its wind and solar power generation units.

New Calypso APT
Researchers discovered a new APT group dubbed Calypso that uses a backdoor RAT to deliver exploit tools like Mimikatz, EternalBlue, and EternalRomance. The group has targeted government organizations in six countries including India, Brazil, Russia, Kazakhstan, Thailand, and Turkey since 2016.

San Marcos city hacked
San Marcos city in California was hit by a cyberattack that disrupted its email systems and other internal functions. However, the City has stated that no data was compromised in this incident.

Marriott reports breach
Marriott International has notified some of its associates regarding unauthorized access of their sensitive information by a third party. Official documents such as subpoenas and court documents, present on the systems of an outside vendor formerly used by Marriott were found to be compromised.

Top Malware Reported in the Last 24 Hours

New MessageTap malware
Researchers from FireEye have discovered the new MessageTap malware created by the Chinese state-sponsored hacking group APT41. The malware targets Short Message Service Center (SMSC) servers run by telecom operators in order to steal incoming SMS messages.

Gafgyt variant targets routers
A new variant of the Gafgyt malware has been found targeting routers made by Zyxel, Huawei, and Realtek. Over 32,000 routers are affected by the vulnerabilities (CVE-2017-18368, CVE-2017-17215, CVE-2014-8361) that are exploited by this malware. The malware exploits target devices to conduct botnet attacks against gaming servers.

Malicious keyboard app
A popular Android keyboard app a.type with over 40 million downloads has been found conducting fraudulent transactions from targeted devices. The app tried to execute 14 million transactions amounting to $18 million from 110,000 Android devices. The malicious app was removed from Google Play Store in June 2019.

Top Vulnerabilities Reported in the Last 24 Hours

Zero-day in Google Chrome
Google has disclosed an actively exploited zero-day vulnerability in the Chrome web browser. The vulnerability in question is a use-after-free bug designated as CVE-2019-13720. Google has fixed the issue in the new v78.0.3904.87 release of Chrome.

QNAP NAS device exploit
The German Computer Emergency Response Team (CERT-Bund) has warned that thousands of QNAP NAS devices are vulnerable to the QSnatch malware. The agency has discovered over 7000 devices infected with QSnatch in Germany alone.

Top Scams Reported in the Last 24 Hours

Uber and LinkedIn extortion scheme
Two hackers have pleaded guilty in an extortion scam targeting Uber and LinkedIn. Uber had paid the hackers $100,000 for preventing the release of stolen records related to 57 million of Uber’s passengers and drivers.

Amazon account fraud
In a new case, an online user’s Amazon account was targeted by hackers to make purchases using their stored credit card details. The hackers took advantage of the target account’s link to a non-Amazon device to continue the fraud despite preventive actions by the target user.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, November 04, 2019
Next
Cyware Daily Threat Intelligence, October 31, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.