Go to listing page

Cyware Daily Threat Intelligence, December 30, 2019

Cyware Daily Threat Intelligence, December 30, 2019

Share Blog Post

Ransomware has become the number one security risk to businesses and users. The past 24 hours witnessed several such attacks on different organizations. The victim organizations were Synoptek, the US Coast Guard Maritime facility, and Maastricht University. While Synoptek was hit by Sodinokibi ransomware, the US Coast Guard Maritime facility had to suffer disruptions due to Ryuk ransomware. On the other hand, Maastricht University (UM) announced that it was attacked by ransomware on December 23. The ransomware had encrypted almost all of the university’s Windows systems.

A new trojan named Lampion targeting Portuguese users was also identified in the past 24 hours. The trojan is distributed via phishing emails that appear to come from the Portuguese Government Finance & Tax. It uses anti-debug and anti-VM techniques to avoid being detected by security solutions.

Top Breaches Reported in the Last 24 Hours

Moss Adams breached
Unauthorized access to an employee email account of Moss Adams has affected the PII of customers or employees. Some of the information contained in the breached account includes names and Social Security numbers. The company is in the process of notifying the affected individuals.

Wyze Labs’ data breached
Smart home tech makers Wyze Labs confirmed a data leak impacting over 2.4 million of its users. The incident had occurred due to an unguarded Elasticsearch database. The database was left open for over three weeks, from December 4 to December 26.

Unsecured Amazon S3 bucket
The logomaker service Vistaprint had exposed more than 638,000 files due to an unprotected Amazon S3 bucket. Many of the leaked files were default logomaker images, while the remaining were logos made by users of the Vistaprint logomaker service. The problem was fixed as soon as the issue was noticed by Vistaprint.

CHSC and RGH attacked
San Antonio’s Center for Health Care Services (CHSC) and Roosevelt General Hospital (RGH) in New Mexico, were forced to take down their computing systems following malware attacks. While RGH suffered malware infection on November 14, CHSC was impacted by a handful of attacks during December.

Top Malware Reported in the Last 24 Hours

Lampion trojan
A new trojan called Lampion has been found targeting Portuguese users. The trojan is distributed via email templates based on the Portuguese Government Finance & Tax. The email includes a link which, when clicked, initiates the download of the malware. The downloaded files include a compressed file called FacturaNovembro-4492154-2019-10_8.zip.

Ransomware attacks
The corporate IT network of a US Coast Guard’s maritime facility was taken down for more than 30 hours after being affected by Ryuk ransomware. In another incident, cloud hosting and managed IT services provider Synoptek was hit by Sodinokibi ransomware. The company paid the ransom in a bid to restore operations. The Maastricht University also announced to have fallen victim to a ransomware attack on December 23, 2019.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Ruckus wireless routers
Three critical remote code execution vulnerabilities in Ruckus Wireless routers have been discovered by security researchers. The flaws can let malicious hackers bypass the routers and take control of it remotely. The vulnerabilities exist in the web-based interface. Ruckus has fixed the security flaws with the release of a new version. Customers are advised to update their router and apply the patch.


lampion trojan
moss adams
wyze labs

Posted on: December 30, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite