Cyware Daily Threat Intelligence, October 28, 2019

Share Blog post

In one of the interesting news from the day, a researcher has unearthed vulnerabilities in Xiaomi FurryTail smart pet feeders. These flaws when exploited can allow malicious actors to hijack pet feeders into a botnet. In another news, an Adobe database that was not password protected, exposed the data of nearly 7.5 million users. This data, belonging to Adobe Creative Cloud users, is said to be related to the customers’ accounts.

Another big breach that took place impacted UniCredit, which disclosed that data belonging to 3 million customers was potentially affected. The company said that the breach involved a file created in 2015 and that an investigation had been launched.

Top Breaches Reported in the Last 24 Hours

Adobe Creative Cloud breached
An unsecured database exposed the data of nearly 7.5 million Adobe Creative Cloud users. The exposed details are said to be related to customer accounts, and no passwords or financial information has been compromised. Adobe was notified of this data exposure by researchers, and the server was secured on the same day.

TrialWorks ransomware attack
A ransomware attack hit TrialWorks, a legal case management software provider, rendering the hosted legal documents inaccessible. This attack is said to have happened earlier this month, following which the company notified its customer via email. Several cybersecurity firms have been hired to investigate and remediate this incident.

UniCredit data breach
UniCredit has disclosed a data breach involving a file created in 2015. This file is said to contain data belonging to 3 million customers. The firm said that relevant authorities were informed and an investigation has been launched. The potentially compromised information includes names, email addresses, telephone numbers, and cities.

P&G’s First Aid Beauty site hacked
A MageCart script in Proctor and Gamble’s site First Aid Beauty was discovered to be stealing payment card details. This script is believed to be injected in May and has remained undetected until now. It selects its victims from the U.S. and remains inactive if users from any other country are providing card details.

DDoS attack on Afrihost
South African internet provider Afrihost fell victim to a massive DDoS attack. The firm notified its customers that its network was experiencing connectivity issues. Afrihost’s CEO said that locally hosted content including Gmail and Netflix would be working normally.

Top Malware Reported in the Last 24 Hours

New campaign delivers AutoIT-compiled payloads
Researchers spotted a malicious campaign with AutoIT-compiled payloads including spyware Agent Tesla and Ave Maria RAT. This campaign propagates via phishing emails with fake shipment advisory and financial documents. It steals logs keystrokes and steals saved credentials and system information.

New ransomware resembles Cerber ransomware
A new ransomware called FuxSocy has been observed to share a lot of similarities with the Cerber Ransomware. After encrypting files on the infected machine, this ransomware asks the victim to contact the responsible threat actors via the ToxChat messaging app.

ATM Jackpotting attacks spread
Security experts have discovered that the ATM jackpotting attacks have spread to many parts of the world. Involving the ‘Cutlet Maker’ malware, these attacks do not target a single region, bank, or machine. Although certain incidents have video evidence, the investigation is still an ongoing process.

Top Vulnerabilities Reported in the Last 24 Hours

Remote execution vulnerability in PHP 7
Researchers have disclosed a remote execution vulnerability in PHP 7 that potentially allows a hacker to execute arbitrary code by accessing a crafted URL. Tracked as CVE-2019-11043, this vulnerability only affected NGINX servers with PHP-FPM extension. There are reports of this security flaw being exploited in the wild to take over servers.

Vulnerable smart pet feeders
A security expert has discovered vulnerabilities in the backend API and firmware of Xiaomi FurryTail smart pet feeders. These vulnerabilities allowed the researcher to locate 10,950 devices across the world, on which feeding schedules could be reportedly modified without a password. Attackers can possibly exploit these flaws to hijack the feeders into an IoT DDoS botnet.

Top Scams Reported in the Last 24 Hours

Steam scams
Hackers have been observed to lure users to sites pretending to be Steam, a video game distribution platform, to hijack victims’ accounts. The victim is presented with a fake Steam login page. When credentials are entered, the two-factor authentication code is generated which is also harvested by the attackers.

Vendor email compromise scam
A new email scam called Vendor Email Compromise (VEC) improves on the Business Email Compromise (BEC) technique. A cybercriminal group called Silent Starling launched these malicious campaigns that involved targeting the employees of vendor companies. They compromised the email accounts of employees in the target organization’s finance department, gathered data, and sent them payment requests with fake invoices.

 Tags

xiaomi furrytail
unicredit
adobe
php 7
vendor email compromise

Posted on: October 28, 2019

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!