Go to listing page

Cyware Daily Threat Intelligence November 29, 2018

Cyware Daily Threat Intelligence November 29, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Hackers leverage leaked NSA toolkits 
Hackers have been observed using leaked NSA exploit kits to expand their cyber attacks. In a new finding from Akamai researchers, it has been revealed that around 45,000 devices have been compromised by abusing the Universal Plug and Play network protocol using leaked NSA exploit kits - EternalBlue and EternalRed. The campaign is dubbed as 'Eternal Silence' and targets the routers connected to TCP ports 445 and 139. 

Brazilian-made banking trojan named Spy.Banker or Banload has been found targeting banks in more than 60 countries. The malware was created in 2015 and has been available on GitHub. It utilizes the well-known URL shorteners like Bitly or TinyURL to spread into a victim's system. This short URL comes attached in a phishing email. 

A malware strain dubbed AndroidOS_FraudBot.OPS has been observed personally identifiable information (PII) from users via fake surveys and fraudulent gift card offers. The malware is distributed via seven malicious Android apps that pose as legitimate voice messenger platforms. Instead, these apps come with suspicious automated pop-ups of fake surveys and fraudulent ad clicks.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerability in Sennheiser headphones
A critical flaw in Sennheiser headphones could allow attackers to use the hardware as Trojan horse. The flaw exists in Sennheiser’s HeadSetup software. The bug allows hackers to sign and issue technically trustworthy certificates. Users affected by this implementation bug can become victims of certificate forgery, allowing an attacker to send trustworthy signed software, or acting as an authority authorized by Sennheiser.

ICS flaws in Modicon Quantum PLC
Researchers have discovered multiple ICS flaws in Schneider’s Modicon Quantum PLC. The flaws affect all M340, Quantum PLCs, and BMXNOR0200 products and could allow attackers to change both user and administrator passwords. The flaw can also enable a threat actor to delete or replace the existing admin credentials and reset web server credentials. Schneider has issued a security notification for these flaws and advised users to configure the access control lists in order to restrict web server access.

Top Breaches Reported in the Last 24 Hours

Dell suffers a breach
Dell Inc. has reset all customer passwords after hackers made an unauthorized attempt to breach the company's network. The incident occurred on November 9 and it is believed that attackers might have gained access to names, email addresses and hashed passwords of customers and employees. The breach did not affect any Dell products and services.

Dunkin' Donuts hacked
Dunkin' Donuts has become the latest victim of credential stuffing attack. It is notifying its 'DD Perks' customers whose data may have been compromised in the hack. The fast-food chain believes that hackers may have gained access to several sensitive information such as customers’ first and last names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes.

ElasticSearch server data leak
A misconfigured ElasticSearch server has exposed 73GB of data belonging to nearly 57 million US citizens. The exposed information includes first name, last name, employer ID, job title, email address, physical address, state, ZIP code, phone number and IP address. The leaky server was indexed by Shodan search engine.

Top Scams Reported in the Last 24 Hours

'No Talk' Phone Scam
Scammers have been found using a new profitable phone scam where they do not need to talk to the victim. The scam is named 'No Talk' and is being used against big businesses including banks. Here a scammer compromises a call center section of a business and then verifies a customer's identity with basic questions. This makes it easy to gain control over a customer's account.

Fake tech-support scam
A recent survey by Microsoft has revealed that one in five recipients actually fall victim to fake tech-support scams related to the company. Here a scammer sends a pop-up on a victim's system using a fake Microsoft logo. The pop-up comes with a warning message that reads, “Your computer has been infected with a virus. Call our toll-free number immediately for help.” The victim calls on the given number and then is offered a service package ranging from $99 to $1000.


credential stuffing attack
no talk phone scam
androidos fraudbotops

Posted on: November 29, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.