Cyware Weekly Cyber Threat Intelligence November 12 - 16, 2018

The Good

Take a deep breath of relief because its Friday and that means its time to welcome the weekend with our weekly roundup of the most interesting cybersecurity news. As is our custom, let’s begin with the good things that happened over the past week. The US Congress approved a bill that approves the creation of a new centralized, federal cybersecurity agency. Google and Microsoft backed French President Emmanuel Macron’s call for greater internet security. Meanwhile, researchers are working on using brainwaves as the new generation of passwords.

  • The US Congress approved a bill that approves the creation of a new centralized, federal cybersecurity agency. The move would reconfigure the Department of Homeland Security’s National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency (CISA).
  • Google, Microsoft, and other tech giants have backed French President Emmanuel Macron’s call for greater internet security. The initiative, known as the “Paris Call for Trust and Security in Cyberspace,” is aimed at tightening internet regulations and boosting protections against cyberattacks, election interference, and more.
  • Researchers are working on using brainwaves as the new generation of passwords. Biometrics are increasingly replacing traditional passwords and the new research involves developing a flexible and secure biometric alternative to current, traditional passwords.

The Bad

Over the past week, numerous new massive data breaches and leaks have occurred. New Jersey-based charity Kars4Kids accidentally exposed over 21,000 customers’ and donors’ personal details. Google services went down briefly after the tech giant’s internet traffic was hijacked. Meanwhile, a California-based communications firm exposed a massive database containing millions of text messages and more.

  • New Jersey-based charity Kars4Kids accidentally exposed over 21,000 customers’ and donors’ personal details. The breach was caused by an unprotected Mongo database. The exposed data includes the emails and personal information of customers and donors.
  • Google services went down briefly after the tech giant’s internet traffic was hijacked by a Nigerian ISP. Google’s user traffic was routed via Russia and Nigeria before the tech giant’s IP prefixes were leaked to the Chinese state-owned telecom provider called China Telecom.
  • A California-based communications firm called Voxox exposed a massive database containing millions of text messages and more. The breach was caused by an unprotected Amazon Elasticsearch server. The database contained tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
  • Health First was hit by a data breach that may have compromised the personal data of around 42,000 customers. The firm claimed that the data breached included customers’ Social Security Numbers, addresses and dates of birth.

New Threats

The past week saw various new malware, vulnerabilities and threat actors pop up. The TA505 threat actor was found testing out a new reconnaissance malware dubbed tRAT. A new malware called DarkGate, that can function as a keylogger, a ransomware and cryptominer, has been discovered. Meanwhile, the Mylobot botnet was found distributing the Khalesi malware.

  • The TA505 threat actor was found testing out a new reconnaissance malware dubbed tRAT. tRAT is a modular malware, written in Delphi, that is currently being used in a reconnaissance campaign targeting financial institutions.
  • A new malware called DarkGate, that can function as a keylogger, a ransomware, and cryptominer, has been discovered. The malware is currently being delivered via Torrent files and is targeting victims in Spain and France. The malware also uses several advanced anti-analysis techniques, such as using vendor-specific checks, to evade detection.
  • The Mylobot botnet was found distributing the Khalesi malware. Mybolot belongs to a sophisticated malware family and is classified as a downloader. Meanwhile, Khalesi is considered to be one of the fastest growing malware variants of the year.
  • Researchers discovered multiple vulnerabilities in iPhone X, Samsung Galaxy S9, and Xiaomi Mi6. Few of the models manufactured by these companies have been found to contain serious vulnerabilities that could allow cybercriminals to gain control over the devices.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.