Cyware Weekly Cyber Threat Intelligence October 15 -19, 2018

The Good


Every week, cybercrime is becoming rampant as attacks get fiercer and hackers more sophisticated. Still, this week saw some new initiatives being taken in the field of cyber technology. Researchers from the MIT created a new system to protect against Meltdown and Spectre attacks. Shanghai’s International Airport introduced a new facial recognition technology based system to check-in passengers. This technology may have a huge impact in shaping the security industry in the future. The Army started working towards a new strategy that would leverage Artificial Intelligence.

  • Researchers from MIT have created a new system which is able to reduce the risk of memory-based attacks such as Meltdown and Spectre. Lebedev and his team at MIT CSAIL are working on a system which they say is a more effective alternative to protecting modern PC architecture against timing attacks, and the invention has proven to be more secure than Intel's "Cache Allocation Technology" (CAT). The system labeled as the Dynamically Allocated Way Guard (DAWG)  splits the cache into multiple buckets.
  • Passengers checking into flights at Shanghai's Hongqiao International Airport can now use their face to prove their identity thanks to the rollout of facial recognition technology. The airport this week unveiled self-service kiosks for flight and baggage check-in, security clearance, and boarding powered by facial recognition technology.
  • The Army’s Research, Development and Engineering Command is laying the groundwork for its artificial intelligence plans with a newly crafted strategy. The RDECOM strategy, which has not been made public, details where the command currently is regarding the development of AI capabilities, where it wants to go in the future, and defines taxonomy associated with the technology.


The Bad


This week, numerous data breaches came to light including exposure of US Voter records that impacted around 35 million people. Furthermore, a misconfigured AWS server operated by the Tea Party resulted in the leakage of sensitive details of around half a million people. In another incident, a water company already dealing with the aftermath of Hurricane Florence was attacked by a ransomware campaign resulting in one-of-its-kind a joint physical and a cyber disaster.

  • The Slovak Foreign and European Affairs Ministry has become the target of a massive cyber attack, Slovak Prime Minister Peter Pellegrini said on Wednesday, adding that at the moment it's not possible to specify who is behind the attack. The prime minister added that the issues concerning the identity of attackers and the subject of their interest are currently the main objective of the ongoing investigation.
  • Around 35 million US voter records from the year 2018, were found on a popular hacking forum for sale. The seller was demanding $42,200 dollars for all the records from 19 states. The advertisement on the hacking forum says that the data sold is from updated statewide voter lists and contains vulnerable information including phone numbers, full addresses, and names of millions of US residents.
  • A water company in the US state of North Carolina already dealing with the aftermath of Hurricane Florence was left to juggle a complete database rebuild because of a nasty ransomware infection. ONWASA said that the attack began on October 4 when Emotet was first spotted on the utility's network. IT staff had thought to have contained the initial infection, only to see a second attack kick off in the wee hours of Saturday, October 13.
  • More than half a million people were impacted when names and phone numbers, plus other sensitive files, were accidentally spilled onto the internet by a misconfigured server operated by the Tea Party Patriots Citizens Fund. The fund exposed names, contact numbers, states of residence, and voter ID numbers for more than 527,000 people, as well as strategy documents, marketing assets, and other files used to fire up voters to the open internet.

New Threats


A fresh batch of nasty vulnerabilities was unearthed this week including the simple RID hijacking technique that allows a hacker to cause privilege escalation. In another incident, Libssh library was found vulnerable to a flaw that put thousands of servers vulnerable to attacks. Finally, a new data reconnaissance campaign leveraging attack techniques dating back to the year 2010 and first used by APT1 was discovered.

  • A new data reconnaissance campaign, named Oceansalt, targeting Korean-speaking users has now spread to US and Canada. The threat actors involved in these campaigns are linked to the Chinese military. The campaign was found majorly targeting South Korea in the month of May, where five waves of campaigns were launched targeting various organization in the country.
  • A technique dubbed ‘RID hijacking’ allows a hacker to assign admin rights to low-level user accounts and boot persistence on a Windows PC. The technique was initially found to be detailed in December 2017. Despite the added benefits and ease of exploitation offered by the technique, it has not been used by the attackers for at least 10 months now.
  • Libssh, a popular library used for supporting the Secure Shell (SSH) authentication protocol, contains a vulnerability which allows an attacker to bypass authentication procedures and obtain access to servers with an SSH connection enabled. This reportedly leaves thousands of enterprise servers open to attacks.
  • ?Oracle has released a wide range of critical security updates (CPU) to address a total of 301 CVE-listed vulnerabilities, in its different enterprise products. The updates have been released as part of Q3 2018, October edition of the updates. Out of the 301 vulnerabilities, 45 had a severity rating of 9.8 (on a scale of 10). One of the vulnerability also received the maximum severity rating score of 10.










  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.