Cyware Weekly Cyber Threat Intelligence October 8-12, 2018

The Good

Friday is here again, which means its time to kick back and relax as we help you catch up on the biggest cybersecurity news of the week. Before we delve into the latest malware, breaches and threat actors to have emerged over the past week, let's take a minute out to tip our hats to all the organizations and law enforcement agencies who took strides to enhance security, even as cybercriminals continue to evolve and become more advanced. California passed a new law that aims at boosting IoT security, The Wall Street Journal launched a programme designed to help small businesses improve their security. Meanwhile, US authorities charged a Chinese intelligence agent over corporate espionage.

  • California passed a new law that aims at boosting IoT security. The new law makes it illegal for connected device manufacturers to ship devices with default passwords. The law also makes it mandatory for manufacturers to create a unique credential for each device, or ensure that the user is forced to create a unique password when they boot up the device for the first time.
  • The Wall Street Journal launched a programme designed to help small businesses improve their security. The WSJ Pro Cybersecurity program offers small business information about cyberthreats, security response methods, and more via its website and newsletters.
  • US authorities charged a Chinese intelligence agent over corporate espionage. The suspect, Yanjun Xu, is a high-ranking director in China’s Ministry of State Security (MSS) - the country’s counter-intelligence and foreign intelligence agency. The US justice department is seeking his arrest and extradition on charges of economic espionage and attempting to steal trade secrets from several U.S aviation and aerospace companies.
  • The Italian police solved the five-year-old mystery of who hacked the Nasa website. The suspect claimed to be a part of the Master Italian Hackers Team and also defaced 60 other websites. The Italian police tracked him down after he opened up in social media about being part of the NASA 2013 website defacement attacks.

The Bad

Several major data breaches and leaks emerged over the past week that caused substantial damage to organizations and customers. The breach of the week award goes to Google - the tech giant’s aging social media network will shut down next year after a breach exposed 500,000 customers’ data. Vancouver-based Rebound Orthopedics & Neurosurgery suffered a breach that may have compromised 2,800 patients’ records. Garmin-owned Navionics inadvertently exposed customer and corporate information.

  • The breach of the week award goes to Google - the tech giant’s aging social media network will shut down next year after a breach exposed 500,000 customers’ data. The breach was caused by an API bug, which, if exploited, could allow third-party apps to gain access to public profile information of Google Plus users’ friends.
  • Vancouver-based Rebound Orthopedics & Neurosurgery suffered a breach that may have compromised 2,800 patients’ records. The healthcare organization said that an unidentified person gained access to an employee’s email account on May 22.
  • Garmin-owned Navionics inadvertently exposed customer and corporate information. The electronic marine navigation charts manufacturer was found using a misconfigured MongoDB server that exposed 19GB of information exposed to anyone on the internet.
  • Shopper Approved suffered a breach after the notorious Magecart threat group launched an attack against the third-party application. The attackers skimmed payment information from multiple online stores instead of directly targeting a store.

New Threats

Multiple new malware, vulnerabilities and threat actors came out of the woodwork this past week. A previously unknown threat group called Gallmaker was brought to light by security experts. Multiple critical vulnerabilities were discovered in Sony smart TVs and a new Panda Banker malware campaign targeting the US, Canada, and Japan was discovered.

  • A previously unknown threat group called Gallmaker was brought to light by security experts. Gallmaker has been active since 2017 and was found targeting government, military and defense agencies across the globe.The hacker group uses living-off-the-land (LotL) tactics - employing publicly available hacking tools, instead of malware in its operations.
  • Multiple vulnerabilities were discovered  in Sony smart TVs. One of the three bugs discovered, a critical vulnerability,could allow an attacker to could conduct command-injection attacks. A successful attack could lead to attackers compromising TVs, and could even allow attackers the ability to hijack the targeted device and enslave it as part of a massive botnet.
  • A new Panda Banker malware campaign was discovered targeting the US, Canada, and Japan. The trojan was also observed being distributed via the Emotet banking malware’s distribution platform, presumably to hide its activities. The malware, which is a variant of the Zeus, first emerged in 2016.
  • ?A new phishing campaign delivering the URSNIF malware has been discovered. The cybercriminals behind the campaign used hijacked email accounts to send malware inserted within email responses, that are a part of ongoing conversations.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.