Cyware Daily Threat Intelligence November 12, 2018

Top Malware Reported in the Last 24 Hours

New cryptominer
A new cryptominer dubbed Coinminer.Linux.KORKERDS.AB has been discovered. The malware targets Linux systems and leverages a rootkit to hide its presence on the infected systems. Without the rootkit, admins can detect the malicious activity. However, once the rootkit is installed, the process causing the high CPU is not visible even though the total system utilization is still shown as 100%.

New Trickbot campaign
A new Trickbot campaign has been detected. The malware now has new capabilities - it can steal credentials and browser data, including cookies, browser histories and more. Trickbot is now distributed via a malicious Excel document. It also uses several anti-analysis techniques to evade detection. Trickbot’s new module “pwgrab32”, is designed to steal credentials from applications such as Microsoft Outlook, Filezilla, and WinSCP, as well as steal system information. The new additions to Trickbot indicate that the cybercriminals operating the malware have no intention of hanging up their boots.

Top Breaches Reported in the Last 24 Hours

Nordstrom
Nordstrom's flagship store in Seattle was hit by a breach that exposed the sensitive and personal data of some of its employees. The data compromised includes Social Security numbers, dates of birth, checking account and routing numbers, salaries and more. It is still unclear as to how many people were affected by the breach. Nordstrom claims that no data was misused. The firm is still investigating the breach. Nordstrom claims said that the breach was caused by a contract worker who improperly handled some Nordstrom's employees' data.

Health breach
Florida's Department of Health suffered a data breach that may have comprised the personal information of some patients in Escambia, Santa Rosa, Okaloosa and Walton counties. The breach occurred after a cybercriminal hacked into a Microsoft Outlook account of an employee of the Children’s Medical Services. The attack is believed to have taken place between October 8 and October 16. Officials said that no payment card information or personal data, like social security numbers, were compromised. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.