Cyware Weekly Cyber Threat Intelligence November 26 - 30, 2018

The Good
Friday is here again, which means it is once again time for us to help you bring up to speed on the biggest and most interesting cybersecurity news of the week. Before we delve into the latest malware, cyberattacks, and threat actors to emerge this past week, let's take a look at all the new and positive strides taken to improve global security. Security researchers developed a powerful new tool to root out security flaws. Germany has proposed a new law that will regulate the sales of routers across the nation. Meanwhile, the GCHQ embraced greater transparency, allowing the infosec community a peek into its vulnerability disclosure processes.

  • Security researchers developed a powerful new tool to root out security flaws. AFLSmart is a fuzzing software built on the powerful American Fuzzy Lop toolkit. It can detect twice as many bugs as AFL over a 24 hour period and has already uncovered a total of 42 zero-day vulnerabilities and has banked 17 CVE-listed holes.
  • Germany has proposed a new law that will regulate the sales of routers across the nation. The move comes after the 2016 Deutsche Telekom incident, which saw a dodgy firmware update crash almost a million routers.
  • The GCHQ embraced greater transparency, allowing the infosec community a peek into its vulnerability disclosure processes. The move will allow security researchers to look into the internal Equities Process, which is how it decides whether or not to tell tech vendors that its snoopers have discovered a hardware or software vulnerability.

The Bad

This past week several major data breaches and leaks emerged. Two of the biggest breaches witnessed this year occurred this past week. A misconfigured ElasticSearch server leaked the personal information of 57 million US citizens. Marriott was hit by a breach that compromised the personal data of 500 million guests. Meanwhile, SKY Brazil accidentally leaked 32 million customers’ personal information online.

  • A misconfigured ElasticSearch server leaked the personal information of 57 million US citizens. The database was left online for nearly two weeks. The leaky database contained over 73GB data, including first names, last names, employer IDs, job titles, email addresses, physical addresses, state, ZIP codes, phone numbers, and IP addresses.
  • The Marriott was hit by a breach that compromised the personal data of 500 million guests. The hotel chain discovered that its networks had been accessed by unauthorized parties since 2014. This breach is now being considered to be one of the largest to have ever been discovered.
  • A new phishing campaign was spotted targeting French industries. The campaign began in October and has targeted the French banking, aviation, IT, chemical manufacturing, automotive and other sectors.
  • Over 2 million patients’ personal data was impacted in a breach that affected Charlotte-based Atrium Health. The information compromised in the breach includes patients’ names, addresses, dates of birth, invoice numbers, account balances, dates of service, insurance policy information, and Social Security numbers.
  • SKY Brazil accidentally leaked 32 million customers’ personal information online. The data was left exposed online long enough for hackers to have likely stolen information. The leaked data also included the personal information of high-profile politicians, which may have already been accessed by hackers.
  • Dunkin’ Donuts was hit by hackers recently. The breach was caused by hackers who launched a credential stuffing attack. The information that may have been accessed by the hackers could include customers’ first and last names, email addresses, 16-digit DD Perks account numbers and more.

New Threats

Several new malware, vulnerabilities, and ransomware were discovered over the past week. A new Linux cryptominer that can steal root passwords and disable antivirus software was discovered. A cryptominer called KingMiner was uncovered that has already infected victims from Mexico to India and from Norway to Israel. Meanwhile, a new zero-day vulnerability in surveillance cameras was found affecting Nuuo’s surveillance firmware.

  • A new Linux cryptominer that can steal root passwords and disable antivirus software was discovered. The cryptominer dubbed Linux.BtcMine.174 contains over 1,000 lines of code and is also capable of searching for other miners and removing it.
  • A cryptominer called KingMiner was uncovered that has already infected victims from Mexico to India and from Norway to Israel. The malware targets Windows servers and mines for Monero.
  • A new zero-day vulnerability in surveillance cameras was found affecting Nuuo’s surveillance firmware. The bug could allow hackers to take control over surveillance cameras and tamper with footage and live feeds. It could also allow attackers to execute malicious code remotely after gaining root privileges to systems.
  • A new variant of the Bladabindi malware was discovered. The new variant of the RAT, Worm.Win32.BLADABINDI.AA., spread via removable drives and installs a fileless variant of the Bladabindi backdoor. Bladabindi comes with a variety of data-stealing capabilities. It can steal browser credentials, capture webcam footage, as well as download additional malicious files.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.