Top Malware Reported in the Last 24 Hours
A newly discovered Mac malware dubbed OSX.SearchAwesome is capable of injecting malicious scripts, keylogging and cryptomining. The malware, which comes loaded in a fake app called spinstall, can also intercept encrypted web traffic to serve up ads. It can also install tools that allow attackers to conduct man-in-the-middle attacks. The Mac adware can also connect to a malicious website and download additional malware, siphon off sensitive data, and capture browsing data.
Chalubo is a recently discovered Linux malware that has been targeting attacks against Internet-facing SSH servers on Linux-based systems alongside IoT systems. The IoT malware contains obfuscation features and also borrows code from the Mirai and Xor.DDoS botnets.
A new malware campaign has been spotted targeting victims in Brazil. The phishing campaign drops a banking malware on targeted victims that only activates when it detects Portuguese as the language. The malware abuses two legitimate Windows files that manage certificates for the Windows operating system.
Top Breaches Reported in the Last 24 Hours
Hong Kong-based airline Cathay Pacific suffered a massive data breach. Around 9.4 million customers' data was compromised by the breach. The firm discovered that the data was stolen by hackers. The data stolen by the hackers include passengers' names, nationality, dates of birth, phone numbers, email, addresses, passport numbers, identity card numbers, frequent flyer program membership numbers, customer service remarks, and travel histories.
US Democratic Party data leaked
Rice Consulting, a consulting firm handling political fundraisers for the Democratic Party accidentally exposed corporate and customer data. The leaked data included databases storing voter records, which was stored on an unsecured network attached storage (NAS) device. The misconfigured NAS server contained detailed information on Rice Consulting clients, including in-depth details on thousands of past fundraisers. Exposed information included names, phones, emails, addresses, contracts, meeting notes, and more.
Posted on: October 25, 2018