Cyware Weekly Cyber Threat Intelligence September 24-28, 2018

The Good
Friday is here again and once again its time to take a look at all the biggest cybersecurity stories of the week. Let’s begin with all the positive, ground-breaking advancements that took place this past week.  Fujitsu announced its partnership with University Technical Colleges (UTCs) to help teenagers prepare for a career in cybersecurity. More organizations are using blockchain to combat cyberattacks and VirusTotal received a major upgrade that includes an advanced malware search a 100 times faster than before.

  • Fujitsu announced its partnership with University Technical Colleges (UTCs) to help teenagers prepare for a career in cybersecurity. The soon-to-be-launched UTC Cyber Security Group is aimed at helping 500 hundred cybersecurity students every year aged 14 to 19 years. The new organization aims to bridge the gap in security resource and skills currently impacting the industry.
  • More organizations are using blockchain to combat cyberattacks. For instance, the government of Estonia recently adopted a blockchain system to ensure that citizens’ healthcare data is protected.
  • VirusTotal received a major upgrade that includes an advanced malware search a 100 times faster than before. The platform now comes with three new features - Private Graph, Advanced Malware Search and Enterprise User Management. The new features are aimed at boosting an organization's ability to detect and mitigate threats.
  • The Indian government is planning on establishing tri-service organizations to handle the critical domains of cyberspace, space and modern-day warfare. The new organization is aimed at streamlining the nation’s defense operations.

The Bad
Several major data breaches and leaks occurred over the past week. NewsNow suffered a data breach that compromised users’ encrypted passwords. The Port of Barcelona was hit by an attack that took down its servers and the online shopping firm SHEIN was hit by hackers who 6.42 million users emails and encrypted passwords.

  • NewsNow suffered a data breach that compromised users’ encrypted passwords. NewsNow has yet to determine the number of user account passwords compromised by the breach. However, the news aggregator claimed that no financial data was impacted by the breach.
  • The Port of Barcelona was hit by a cyberattack that took down its servers and IT systems. It is still unclear as to whether the organization suffered a malware, DDoS or some other kind of attack. The identity of the attacker(s) behind the attack is also currently unknown. However, maritime and land operations were unaffected by the attack.
  • The online shopping firm SHEIN was hit by hackers who 6.42 million users emails and encrypted passwords. Although the firm discovered the breach earlier this month, it is believed that the attack may have begun in June. The firm said that the attackers carried out a well-planned strategy to infiltrate the security protections of their computers.
  • The UN inadvertently exposed the resumes of thousands of hopeful job applicants. The breach was caused by two vulnerabilities that were discovered in one of the UN’s WordPress websites. Although the UN was alerted about the breach, it failed to resolve the issue for over a month.

New Threats
Several new and sophisticated malware and vulnerabilities emerged over the past week. The new Torii IoT botnet was just discovered and is considered to be the “most sophisticated botnet” to have ever emerged. A new Android spyware was found with the ability to steal WhatsApp data, contacts, photos and more. Meanwhile, the newly discovered FragmentSmack flaw impacts around 88 Cisco products.

  • The new Torii IoT botnet was just discovered and is considered to be the “most sophisticated botnet” to have ever emerged. The malware author(s) appears to have designed Torii to be stealthy and persistent. In comparison with other IoT botnet such as VPNFilter and Hide and Seek, which focus on high persistence attacks, security researchers believe that Torii supports one of the largest sets of architectures they’ve seen so far.
  • A new Android spyware was found with the ability to steal WhatsApp data, contacts, photos and more. The malware comes packed with numerous surveillance features and its code is currently publicly available. The malware is also capable of activating an infected device’s camera to take photos, record calls and take screenshots.
  • The newly discovered FragmentSmack flaw impacts around 88 Cisco products. FragementSmack can allow attackers to create a DoS condition on affected devices. Although FragmentSmack was originally discovered on Linux, the flaw, when combined with its sibling SegmentSmack, can also impact Windows systems.
  • A new Adwind RAT campaign was found using new tricks to bypass antivirus software. The malware has been targeting Windows, Linux and Mac OSX users. Adwind, also known as AlienSpy and JSocket, contains multiple functions. The malware can not only steal credentials but is also capable of keylogging, taking screenshots, as well as recording audio and video.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.