Cyware Daily Threat Intelligence, October 16, 2019

See All
Applying security patches on time offers better security against malware attacks. In the latest release of Patch Tuesday update, Adobe and Oracle have released security patches to address 219 and 81 flaws respectively found across their multiple products. While Adobe’s security patches fix vulnerabilities in its Experience Manager, Experience Manager Forms, Adobe Acrobat and Reader and Download Manager, Oracle has issued patches for flaws in its Financial Services Analytical Applications Infrastructure, Forms, Data Integrator, NoSQL Database and more. 

Two new malware designed to reap profits for cybercriminals have also been uncovered in the past 24 hours. The newly discovered malware are ‘Cutlet Maker’ and ‘Save Yourself’. While the ‘Cutlet Maker’ has helped attackers steal over $1.5 million from ATMs, ‘Save Yourself’ is being used to compromise bitcoin wallets and mine other cryptocurrencies.

Top Breaches Reported in the Last 24 Hours

Whirlpool exposes database
An unprotected MongoDB database belonging to Whirlpool has exposed more than 28 million records. The database was used to collect information from IoT connected home appliances such as customer email, smart appliance ID, model name and number, different attributes of the scanned appliance, etc. The leaky database was pulled down within 24 hours after the company was alerted.

BriansClub hacked
One of the web’s largest marketplaces, BriansClub, has been hacked. The underground store included more than 26 million stolen credit and debit card records from online and brick-and-mortar retailers. This data was stolen over the past four years. Between January and August 2019, BriansClub had added roughly 7.6 million records.

Top Malware Reported in the Last 24 Hours

‘Save Yourself’ malware
Researchers have warned about a previously-known malware strain named ‘Save-Yourself’ trying to extort victims. The malware has been designed to potentially compromise bitcoin wallets and mine other cryptocurrencies. The malware is distributed via an email that claims to have recorded inappropriate videos of recipients.

‘Cutlet Maker’ ATM malware
A new piece of malware named ‘Cutlet Maker’ was found to have helped cybercriminals in stealing over $1.5 million from different ATMs in Germany between February and November 2017. One of the major impacted banks was Santander. The bank used old and slow Windows systems, thus enabling the cybercriminals to hijack ATMs.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle patches 219 bugs
Oracle has rolled out security patches for a total of 219 flaws, 142 of which can be remotely exploited. The patches also fix an issue affecting Oracle NoSQL Database. The vulnerability has scored a maximum of 10 on the CVSS scale.

Adobe patches 81 flaws
Adobe has issued an out of band update for a total of 81 vulnerabilities affecting Experience Manager, Experience Manager Forms, Adobe Acrobat and Reader, and Download Manager. Acrobat and Reader have received the highest number of patches, fixing around 67 vulnerabilities. Adobe Experience Manager had 12 CVEs rated important or moderate.

Symantec fixes BSOD issue
Symantec has fixed an issue causing Blue Screen of Death (BSOD) condition for customers running the company’s Endpoint Protection Client software. The software impacts the systems running the Windows operating system from version 7 to 10.

Faulty bank card 
Discovery Bank credit cards were affected by a security vulnerability that allowed customers to make online purchases without knowing a specific bank card’s CVV. The CVV issue was fixed by the bank on Monday, along with the one-time PIN issue. The bank has stated that they mitigated the issues soon after learning about the flaws.

Top Scams Reported in the Last 24 Hours

Fake Checkra1n iOS Jailbreak
Cybercriminals are using a fake Checkra1n iOS jailbreak tool in a new click fraud campaign. Checkra1n is a recently developed iOS jailbreak tool that makes use of the Checkm8 jailbreak-enabling iOS bootrom exploit to modify the bootrom and load a jailbroken image onto the iPhone. The campaign primarily targets users in the US, the UK, France, Nigeria, Iraq, Vietnam, Venezuela, Egypt, Georgia, Australia, Canada, Turkey, Netherlands, and Italy.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, October 17, 2019
Next
Cyware Daily Threat Intelligence, October 15, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.