Go to listing page

Cyware Daily Threat Intelligence December 24, 2018

Cyware Daily Threat Intelligence December 24, 2018

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Children data sold on dark web markets
Security researchers have found a trove of personal data related to children on several dark web marketplaces. The data has been allegedly stolen from hospitals and pediatricians and belongs to children who were born between 2000 and 2010. Stolen information includes names, phone numbers, addresses and Social Security numbers of children. A bundle of sets of data is being sold on the dark web at a price of $490 or as high as $790, depending on the platform. An individual set costs $10. 

Saint John parking system breached
A breach on the online parking ticket payment system has exposed the PIIs of as many as 6000 individuals residing the City of Saint John. The city disclosed that it learned about the breach after 'Click2Gov', a widely used payment technology, was hacked. The product gives customers the option to pay parking tickets through the city's website. The payment website has been taken offline since the discovery of the breach. Customers who are believed to have been impacted are asked to closely monitor their financial accounts.

Top Malware Reported in the Last 24 Hours

Underminer EK evolves
The Underminer exploit kit has evolved with new capabilities. The EK was found leveraging CVE-2018-8174 and CVE-2018-4878 to target devices. The CVE-2018-4878 vulnerability exploited by the Underminer was easy to spot within network traffic. In the previous campaigns, the Underminer was found leveraging client-server key exchange while delivering the IE exploit.

ATP33 linked to Shamoon malware
FireEye has released a report that publishes a possible connection between the APT33 group and the Shamoon attacks. Researchers collected 168 PUPYRAT samples to analyze the APT33 hacks. The group leveraged stolen credentials and a publicly available tool to perform the cyberespionage. 

Island Hopping technique
Two Chinese nationals - associated with APT10 - were indicted in performing hacks on various companies worldwide. The investigation revealed that hackers targeted MSPs to gain entry into vulnerable systems. Spear phishing emails containing files relevant to work were sent to employees of the targeted companies. The technique used here for stealing data is called 'Island Hopping' and allowed attackers to gain access to one company in order to breach another entity.

Top Vulnerabilities Reported in the Last 24 Hours

A flaw in Orange modem
A flaw in Orange modems has exposed the WiFi credentials of nearly 19,500 Orange Livebox ASDL modems. The flaw can allow hackers to obtain the device's SSID number abd WiFi password. The flaw tracked as CVE-2018-20377 was first used in 2012. It can be exploited to obtain phone numbers connected to the modem and conduct other serious exploits. Most of the affected devices were found to be on the network of Orange Espana(AS12479).

Flaw in Twitter
A British security researcher has uncovered a critical flaw in Twitter that can allow threat actors to send tweets, private messages, images and videos from other users' accounts. The flaw is very easy to exploit and can expose any account that has an associated mobile phone number. Researchers believe that the flaw can be exploited by scammers to perform scams on Twitter. 

Google adds new USBGuard 
Google has added a new security feature in the Chrome OS which will block the attackers to access the USB when the device is locked. This feature is called USBGuard and is touted to prevent attacks from a variety of USB-based attacks. Users can enable the feature by modifying the ‘chrome://flags/#enable-usbguard’ Chrome OS flag.


wifi password
shamoon malware
island hopping technique
dark web marketplaces

Posted on: December 24, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite