Cyware Daily Threat Intelligence October 17, 2018

Top Breach Incidents Reported in the Last 24 Hours


MoD secrets exposed in multiple breaches
Ministry of Defence (MoD) secrets were exposed in dozens of cybersecurity breaches in 2017. Sky News reported 37 such incidents to have occurred last year. According to NCSC, the Chinese cyberespionage group APT10 is behind all these. The group has been accused of hacking IT suppliers to get military and intelligence data. This data was exposed to nation-state level cyber risks. All information was sent unprotected, so anyone eavesdropping could have easily picked them up.

Pentagon data breach
The US Department of Defence (DoD) recently suffered a data breach via a third-party vendor. This resulted in at least 30,000 service members and employees having some of their personal and payment card data being compromised. The type of compromised information has not been released yet. the vendor in question is still in contract, but DoD has taken steps to cut its ties with the company.

Top Vulnerabilities Reported in the Last 24 Hours


Linksys Eseries OS Command Injection flaws
Multiple OS Command Injection flaws in the Linksys Eseries wireless routers were uncovered by the security researchers. Specially crafted requests were sent to network configuration, causing an arbitrary execution of the system commands. this results in the full control of the system. Attackers can exploit the flaws and send an unauthenticated HTTP request to execute the system commands. Users are advised to update their routers to the latest versions released by the manufacturers.

libssh bug creates a fiasco
A flaw in the libssh library left thousands of enterprise servers open to the risk of hijacking. The flaw can allow an attacker to bypass authentication procedures and gain access to a server with an SSH connection without using a password. Libssh 0.6.0 version is affected by the flaw, which has already affected around 3,000 servers. The bug has been addressed in versions 0.8.4 and 0.7.6.

Top Malware Reported in the Last 24 Hours


ONWASA hit by Trojan and ransomware
North Carolina’s Onslow Water and Sewer Authority (ONWASA) recently got hit by Emotet Trojan, followed by an attack from Ryuk ransomware. The Emotet Trojan affected its internal system and allowed the infection to spread through much of its network. This was followed by a second wave of attack by the Ryuk ransomware. No customer info was compromised. However, all the damaged systems have to be restored. So, will be seeing slower service and have to pay their bills via phone rather than online.

Evolved GandCrab
The evolved form of GandCrab ransomware (version 5.0.2) has now given a choice to demand payment either in Dash or Bitcoin cryptocurrencies. It has developed a partnership with NTCrypt, a malware crypter service designed to alter the malicious code.

GreyEnergy campaign
New GreyEnergy malware campaign is found to target 3 energy and transport companies in Ukraine and Poland. It shows signs of being an evolved version of the BlackEnergy. The new one is more focused on stealth, with the modules only pushing for the targets when it is absolutely necessary. The campaign is believed to be run by GRU of Russia.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.