Cyware Daily Threat Intelligence September 27, 2018

See All
Top Malware Reported in the Last 24 Hours

Turla backdoor
The Turla APT group's namesake backdoor, along with the group's Gazer backdoor is believed to have infected more victims than previously thought. The Turla relies on PowerShell scripts to load and execute the malware directly into computer memory. Recent versions of the backdoor have been targeting Microsoft Outlook and using PDF files to exfiltrate data. 

New Android spyware
A new Android spyware has been discovered that contains multiple surveillance features. The malware can steal WhatsApp data, contacts, browser history, as well as take screenshots and photos. The malware code is publicly available and is currently believed to be still in development. 

Cybercriminals operating the Dridex banking malware have now begun leveraging a custom ransomware variant in new attacks. The ransomware is customized to target individual victims and scrambles victims' files before demanding a ransom. The ransom demanded varies according to the victim's net-worth, indicating that the malware operators have been researching their victims. 

Top Breaches Reported in the Last 24 Hours

NewsNow hack
NewsNow suffered a data breach that may have compromised users' encrypted passwords. It is still unclear as how many users were affected. NewsNow is notifying its customers about the breach via email and has claimed that the breach has been resolved. The firm traced the intrusion to a line of attack that was possible because of a single line of code dating back eight years. The service provider took all affected servers offline.

The food delivery startup DoorDash reportedly received complaints from dozens of customers who claimed that their accounts have been hacked. However, DoorDash denied a breach, instead suggesting that the culprit may be a credential stuffing attack. DoorDash customers reported that their email addresses were altered and that the attackers placed fraudulent orders using their hacked accounts.  

Port of San Diego
The Port of San Diego was hit by a sophisticated attack that resulted in over 500 employees having limited access to systems. The attack also impacted the San Diego Harbor Police Department, the law enforcement arm of the Port. The department was forced to switch to using alternative systems to continue operations. 

  • Share this blog:
Cyware Daily Threat Intelligence September 28, 2018
Cyware Daily Threat Intelligence September 26, 2018
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.