Share Blog post
Recently, a group of researchers has found that a series of phishing emails containing updated versions of CMSTAR malware family are targeting Belarus government institutions. Most of these malicious emails contain the subject line: Zapad 2017 (translated into English). Users should be careful when clicking on unknown email links.
The mass spam sending capabilities of the Linux-based Trojan Linux.ProxM has significantly improved over the time. The Linux.ProxyM Trojan runs a SOCKS proxy server on an infected IoT device and is capable of detecting honeypots to stay hidden from malware researchers. You should use a reliable security solution to stay protected from the Trojan.
The popular smart home systems Wink’s Hub 2 and Insteon’s Hub are plagued with a number of critical vulnerabilities. Hackers could exploit these flaws to gain control over the system and steal sensitive information and credentials from the users. Users should ensure they use full-disk encryption of mobile devices as these issues are yet to be addressed by the vendors.
The vulnerability where it allows malicious apps to view what users type in their address bar of their Internet Explorer browser. It could include search keywords, website URLs etc. It can leak potentially sensitive information that a user didn't intend to reveal. In addition, it can also expose search queries and web addresses to malicious websites, the user has presumed private.
In a startling revelation, Whole Foods Market is suspected of suffering a data breach involving leakage of payment information of customers who dined and drank in its full-service restaurants and taprooms. Whole Foods Market becomes the latest major US retailer to be targeted by hackers seeking consumer credit card information.
Healthcare center attacked
A ransomware attack has been launched against Arkansas Oral & Facial Surgery Center. The healthcare center notified 128,000 patients whose personal information may have been compromised. The exposed information includes patients’ name, address, contact number, email address, Social Security Numbers and medical insurance data. Imaging files like X-rays and other documents were impacted too.
One of the leading content discovery platforms, Taboola, is found to be laced with clickbait links at the end of the sponsored stories. Usually, after a story is read by scrolling down, there are several suggestions with the caption “You may like”. However, about 26 percent of those links are found to be clickbait.
The metadata of the photos that you post publicly on the social media might reveal excessive personal information than you intended to. By simply sifting through public images, cybercriminals can build a pretty accurate dossier on a target, complete with key personal dates, information about friends and colleagues, pets’ names, computer model, and more. To be safe, you need to disable permissions of the apps to access the metadata.
Posted on: September 29, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.