Cyware Weekly Cyber Threat Intelligence December 10-14, 2018

Share Blog Post

The Good
Breath a sigh of relief for it is Friday again. Let's welcome the weekend with the most interesting cybersecurity news of the week. Let’s start with the good events that occurred over the week before getting into the details of cyberattacks and new malware threats that were identified this week. HYPR released its password-less security solution on MacOS. Adobe Sign has updated its digital ID authentication feature. Meanwhile, the Democrat Senate group has introduced Data Care Act.
  • HYPR released its employee access solution for MacOS, enabling businesses to secure password-less access to employees thereby eliminating password re-use, preventing phishing attacks, and improving workforce productivity worldwide.
  • Adobe Sign has updated its digital ID authentication feature aiming to enhance signer security using a smartphone or selfie. It has also introduced a new signer identification feature called ‘Government ID Authentication’, that allows users to snap a photo of their driver’s license or passport as a form of digital ID authentication.
  • The Democrat Senate group has introduced Data Care Act to protect Americans’ information online. The Act would require websites, apps, and other online providers to take responsibility for protecting personal sensitive information and preventing the misuse of users’ data.
The Bad
Several massive cyberattacks and data breaches have occurred over the past week. Oil firm Saipem’s servers in the Middle East were hit by a massive cyberattack. Hackers stole login credentials from over 40,000 government authority accounts. Meanwhile, a misconfigured cloud server exposed taxpayer ID numbers of almost 120 million Brazilians.
  • Oil firm Saipem’s servers in the Middle East hit by a massive cyberattack. Saipem detected a cyberattack that affected its servers in the Middle East, including the United Arab Emirates, Kuwait, and Saudi Arabia. It’s servers in its main operating centers in Italy, France, and Britain were not affected.
  • Bethesda inadvertently leaked Fallout 76 customers’ data. Bethesda accidentally shared its Fallout 76 support ticket information to other players using its help desk. The support ticket information included private data of players such as receipts, names, home addresses, email addresses, and credit card information.
  • Hackers stole login credentials from over 40,000 government authority accounts. The stolen data includes usernames and passwords in plain text. More than half of the stolen accounts (52 percent) belonged to Italian government officials.
  • Data breach at Baylor Scott and White medical center impacted nearly 47,000 patients. Data that may have been accessed in the breach includes names, mailing addresses, phone numbers, dates of birth, medical record numbers and more.
  • The healthcare center claims that no social security numbers and medical record information were compromised in the breach.
  • Misconfigured cloud server exposed taxpayer ID numbers of almost 120 million Brazilians. A misconfigured Apache server containing CPF numbers of nearly 120 million Brazilians were exposed for an unknown period of time. The exposed CPF’s were linked to people’s sensitive information such as names, birth dates, emails, phone numbers, addresses, employment details, and more.
  • Save the Children Federation lost $1 million to a cyberscam that involved the use of fake invoices. The scammers gained unauthorized access to employees’ email accounts to send fake invoices and other fraudulent documents.  
New Threats
Over the past week, several vulnerabilities, malware, and ransomware were discovered. The new Satan ransomware variant Lucky was found exploiting over 10 server-side vulnerabilities. A new sextortion scam was uncovered that delivers the Azorult data-stealer and the GandCrab ransomware. Meanwhile, newly discovered Novidade exploit kit affected millions of SOHO and home routers.
  • The new Satan ransomware variant Lucky was found exploiting 10 server-side vulnerabilities. Its latest iteration was found exploiting multiple application vulnerabilities affecting both Windows and Linux-based servers.
  • A new sextortion scam delivers the AZORult data-stealer and the GandCrab ransomware. Among the myriad online scams, the so-called “sextortion” scams can be considered one of the scariest kind for victims due to the personal ramifications of such an attack. The scammers in such cases typically blackmail victims, threatening to expose incriminating evidence of illicit activities.
  • Three CSRF vulnerabilities were identified in the Samsung account management system. These vulnerabilities in Samsung could have allowed hackers to hijack users’ accounts.
  • OSX.DarthMiner: New malware combines EmPyre backdoor and Monero mining. A new Mac malware dubbed OSX.DarthMiner was recently discovered. combining the EmPyre backdoor and a Monero miner. The malware propagates via the fake version of the Adobe Zii app.
  • The Novidade exploit kit targeted home and office routers, attempting to steal banking information. This attack affected millions of routers, primarily in Brazil, and to a minor extent, the rest of the world. The attackers aimed to steal banking information by redirecting victims to cloned bank web pages.
  • Kremlin-linked cyber espionage group hit government agencies in four continents. The Sofacy hacker group attacked these government agencies with an attempt to infect the agencies with malware. The group used a new malware named Cannon to attack the government entities.
  • A new MacOS malware named LamePyre discovered. This malware tries to appear as a legitimate version of the Discord messenger to trick users. LamePyre is capable of taking screenshots and running a backdoor.


azorult stealer
data breaches
misconfigured cloud server
gandcrab ransomware
satan ransomware
empyre backdoor

Posted on: December 14, 2018

Get the Weekly Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!