Cyware Daily Threat Intelligence October 12, 2018

Top Malware Reported in the Last 24 Hours


CartThief malware
A new variant of the Magecart malware, called CartThief, was found targeting various e-commerce platforms. Mainly the payment pages of the legitimate Magento-hosted retail sites were targeted by this malware. When unsuspected users enter their payment card numbers into the checkout page of the sites and submit them, the data gets collected and encrypted. The PIIs are sent to the C&C server controlled by threat actors. When the malware enters the systems, it is able to insert rogue files into the legitimate HTML codes. This allows them to access the payment page of the retail sites.

Gplayed Android Trojan
Gplayed Trojan was found offering adaptability features to the operators in order to perform various tasks. As a result, the operators can inject scripts and send the .NET code to the vulnerable Android device. This Trojan contains lots of native capabilities that help in spying and exfiltrating data. It can also display USSD messages, wipe the device contacts, collect payment card data, and set a new password.

Top Breaches Reported in the Last 24 Hours


FitMetrix data breach
Researchers recently found that millions of user information were exposed from FitMetrix, a fitness technology and performance tracking company. The breach occurred via a cluster of ElasticSearch servers. This unsecured server allowed anyone knowing their IP address to access data. Various PIIs were exposed but no login credentials, passwords, credit card data, or personal health info were compromised.

Rebound Orthopedics breach
A data breach took place in the Vancouver, Wash-based Rebound Orthopedics & Neurosurgery. As a result, personal info of about 2800 employees and patients got compromised. This incident happened as attackers were able to hack an employee’s email account via a phishing email. Information like patient names, dates of birth, Social Security Numbers, driver’s license numbers, and financial account info were exposed.

Experian glitch
A flaw in Experian’s online account recovery process exposed the recovery PINs which are required to unlock frozen accounts. So, the crooks can potentially apply for loans and credit cards as their victims using the PINs. The bug has since been fixed.

Top Vulnerabilities Reported in the Last 24 Hours


Pointer corruption bugs in Intel
Pointer corruption bugs have been discovered in the Intel Unified Shader compiler for the Intel Graphics Accelerator. The flaw resides in the ‘igdusc64’ DLL in the Intel Graphics Accelerator. The flaws may lead to arbitrary code execution and DoS conditions triggered by a VMware guest affecting VMware host. Users are advised to update their Intel Graphic Drivers to version 25.20.100.6326.

VMware 3D DoS flaw
The VMware 3D DoS flaw is found to make VMware products prone to DoS attacks. The flaw exists in the 3D acceleration feature of the VMware. An attacker can exploit this flaw (CVE-2018-6977) by using a 3D-rendering shader on a targeted system. VMware ESXi 6.0.0, 6.5.0 & 6.7.0; VMware Fusion 10.0. to 11.0; VMware Workstation Player 14.0 to 15.0 & VMware Workstation Pro 14.0 to 15.0 are affected.

Security flaws in 5G standard
Several security gaps were found in the 5G AKA protocol. As a result, criminals can access the communication between a device and a network in order to intercept conversations or steal data. Poor implementation of the standard can allow attackers to offload usable charges to other users. Researchers are working on a fix.






  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.