Go to listing page

Cyware Daily Threat Intelligence, November 15, 2021

Cyware Daily Threat Intelligence, November 15, 2021

Share Blog Post

No cardholder ever wants to receive a data breach notification, but the run-up to the Black Friday sale is just about the least convenient time to receive one. Unfortunately, for some customers associated with Costco, that’s exactly what has happened. The retail giant disclosed that around five skimmers were planted on payment card devices to pilfer card numbers, CVV, and expiration dates of users.

In other threats, a new alert from the CISA is urging multiple ICS system manufacturers to patch their products that use the vulnerable Data Distribution Service (DDS) protocol. The development comes after a group of researchers demonstrated that more than a dozen vulnerabilities found in the DDS standard could be exploited to launch DoS attacks or cause buffer overflow conditions.

Top Breaches Reported in the Last 24 Hours

Misconfigured server issue
The FBI fixed a misconfigured server that allowed hacktivists to send thousands of fake emails to recipients. According to federal authorities, the misconfiguration issue allowed threat actors to temporarily hijack the Law Enforcement Enterprise Portal (LEEP) from where they executed malicious activities.

Card skimming attack
Retail giant Costco confirmed a card skimming attack that affected less than 500 users. Around five skimmers were planted on payment card devices across four Chicago-based warehouses. This enabled attackers to capture information such as names, card numbers, CVV and expiration dates of users. In other news, researchers revealed that more than 1,000 online shops are vulnerable to web skimming attacks. The sites are related to insurance, financial services, pharma, media, security, and retail.

PYSA gang dumps data of over 50 victims
The PYSA ransomware gang dumped sensitive data associated with over 50 victims on its leak site. The gang is known for attacks on educational institutions, including K-12 schools. Other affected organizations include foreign government entities and the healthcare sector.

Top Malware Reported in the Last 24 Hours

GravityRAT spotted
GravityRAT was spotted in a malicious campaign that primarily targeted Indian users. The malware was distributed via a fake SoSafe chat app. The campaign is designed to target military officials.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed ICS systems
The CISA issued an alert about a series of vulnerabilities impacting the Data Distribution Service (DDS) protocol used by multiple ICS vendors. Successful exploitation of these flaws can result in a DoS attack or buffer overflow condition. The affected products have been patched by most of the vendors.

Flaws in Diebold Nixdorf ATMs
Two flaws impacting Diebold Nixdorf ATMs could have allowed to replace the firmware on the system and withdraw cash. Researchers uncovered that security measures meant for the flaws CVE-2018-9000 and CVE-2018-9100 could be bypassed to spew cash out of the machines.   


data distribution service protocol
buffer overflow conditions
pysa ransomware gang

Posted on: November 15, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.