Cyware Daily Threat Intelligence September 12, 2018

Top Malware Reported in the Last 24 Hours

Kronos/Osiris
Security researchers have discovered a new variant of the Kronos banking trojan called Osiris. The malware is already being leveraged in three different campaigns targeting Germany, Poland, and Japan. The new variant contains features like TOR network command and control (C2), keylogging, and remote control via VNC. This is present alongside with older features like form grabbing and web-injection. Meanwhile, the Kronos malware's source code is being sold on the dark web for a whopping $7,000.

Lazarus backdoor
The prolific North Korean APT group Lazarus is continuing its barrage of attacks, despite the recent charges leveled at a member of the group by the US DoJ. The group was spotted using command-line backdoors and installers. In later years, wiper samples deployed by Lazarus group also contained command line forms of wiper tools. These wipers may have been designed to wipe traces of the attacker’s activities after the campaign has been completed, to leave as little evidence as possible. Researchers fear that the group is getting bolder and cleaning up its operational security to continue with the cyber espionage.

Top Breaches Reported in the Last 24 Hours

FreshMenu
India-based food delivery platform FreshMenu suffered a data breach in July 2016. The breach exposed personal data of over 110,000 customers. The exposed data includes customers' names, email addresses, phone numbers, home addresses, and order histories. It is currently not known whether any customer payment information was leaked from FreshMenu's database.
FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.

Veeam data leak
Veeam, the data backup, and recovery firm, inadvertently exposed over 200 GB of customer records that were stored in an unsecured database. The data exposed included names, email addresses, and some IP addresses. The breach also resulted in over 400 million Veeam customers' emails being leaked. Fortunately, the leaky database, which contained no password protection, was secured shortly after Veeam was notified about the breach. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.