Cyware Daily Threat Intelligence, October 29, 2019

Share Blog post

Top Breaches Reported in the Last 24 Hours

St. Louis health center ransomware attack
Betty Jean Kerr People's Health Center in St. Louis disclosed that it suffered a ransomware attack potentially impacting the information belonging to 152,000 patients, medical providers, and employees. The impacted patient information includes social security numbers and addresses, and medical records were not affected.

Fast-food restaurant chain suffers security compromise
U.S. restaurant chain Krystal disclosed a security incident that affected some of its restaurants between July and September 2019. This incident is said to involve a payment processing system that some of its restaurants were using. An investigation is being conducted to determine the extent of damage this incident has caused.

Online fashion store hosts malicious script
Sixth June, an online fashion store, is said to be injected with a MageCart script that steals payment card information during checkout. A security researcher analyzed this code to find that the script collects enough details to make an online purchase, or log in to a victim’s account and reroute an order.

Huge number of payment card details on sale
More than 1.3 million payment card details were found to be up for sale on Joker’s Stash, a large carding shop on the internet. These card details were found to be primarily belonging to Indian card owners. Early analysis indicates the possibility of the details being obtained from skimming devices in POS systems or ATMs.

Georgia’s websites hit by a cyberattack
More than 15,000 websites have been defaced and taken offline in Georgia’s reportedly largest cyberattack. These websites belong to government agencies, media, banks, and courts, among others. The attack is said to have happened by breaching the network of a web-hosting provider Pro-Service.

American Cancer Society’s site infected with malware
The American Cancer Society’s online store was infected with credit card-stealing malware. The malware was found hidden in obfuscated code that pretended to be a legitimate analytics code. This code is believed to be injected into the site late last week.

Top Malware Reported in the Last 24 Hours

Microsoft warns about Fancy Bear attacks
Microsoft has published a report about the Fancy Bear threat group targeting anti-doping and sporting organizations across the world. According to this report, at least 16 sporting and anti-doping organizations were targeted by these attacks that began on September 16, 2019. The methods employed in these attacks have been found similar to those used by the Fancy Bear to launch attacks on several other organizations.

Top Vulnerabilities Reported in the Last 24 Hours

EU patches major vulnerabilities in eIDAS
Vulnerabilities in the electronic IDentification, Authentication and Trust Services (eIDAS) have been patched by European authorities today. These flaws potentially allow scammers to pose as any EU citizen or business.

Certain D-Link routers vulnerable to RCE
Security researchers reported that multiple D-Link routers are vulnerable to remote code execution. The vulnerabilities lie in the Common Gateway Interface (CGI) of the routers. There is no patch available for these flaws, and D-Link no longer supports the routers with the vulnerabilities.

Top Scams Reported in the Last 24 Hours

Banking fraud phone scam
A phone scam is targeting banking customers with the malicious actor pretending to be the bank’s fraud department. This involves the scammer asking about fake withdrawals that appear suspicious and sending a verification pin text from the bank’s number to appear credible. Then, the attacker asks the victim for the account’s PIN that allows the hijack of the victim’s account.

Blogging sites hacked for sextortion scam
Wordpress and Blogger sites are being targeted by attackers for a sextortion scam. They create a post on the hacked sites stating that the computer was hacked and that the blogger was recorded using an adult website. Security experts believe that hackers may be gaining access to the sites through credential stuffing attacks.

 Tags

d link router
pro service
apt28fancy bear
krystal
jokers stash market forum
sextortion scam
sixth june

Posted on: October 29, 2019

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!