Go to listing page

Cyware Daily Threat Intelligence, November 09, 2020

Cyware Daily Threat Intelligence, November 09, 2020

Share Blog Post

Data breaches have become a part of the daily routine, it seems. A developer of hotel booking software, Prestige Software, leaked 10 million log files owing to a misconfigured Amazon S3 bucket. Meanwhile, cybercriminals were found selling a database containing 20 million user records, which was allegedly stolen from BigBasket, an online grocery delivery service.

In other news, the xHunt campaign was discovered to be using two new PowerShell-based backdoors, TriFive and Snugy, for unauthorized access to Microsoft Exchange Servers. Also, the HMRC was impersonated again via an SMS-based scam purporting to be tax rebate messages, leading targeted victims to phishing pages.

Top Breaches Reported in the Last 24 Hours

Luxottica discloses breach
Luxottica has disclosed a data breach that exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed. The breach, which took place on August 5, stemmed from a web-based appointment scheduling platform used by the group companies.

BigBasket data leaked
BigBasket, India’s largest online grocery delivery company, became the victim of a massive data breach. Cybercriminals were allegedly found selling a trove of data belonging to the company on the dark web. The leak contained a 15GB database containing 20 million user records, including users’ names, email addresses, password hashes, contact numbers, addresses, and location, among others.

Hotel software firm suffers breach
Prestige Software, the Spain-based hotel booking software provider, exposed over 10 million log files dating back to 2013, due to a misconfigured Amazon S3 bucket. The leaked data included hotel guests’ full names, email addresses, contact details, national ID numbers, and, in some cases, even their payment information.

Ransomware disrupts X-Cart
E-commerce software vendor X-Cart was hit by a ransomware attack at the end of October. Threat actors, reportedly, exploited a flaw in third-party software to gain access to and disrupt the firm’s store hosting systems. Some stores hosted by the platform suffered downtime, while others reported issues with sending email alerts.

Top Malware Reported in the Last 24 Hours

xHunt malware campaign
Researchers found the xHunt campaign using the PowerShell script-based backdoors, TriFive and Snugy, to gain access to compromised Microsoft Exchange servers. The campaign has been reportedly active since at least July 2018 and targeting the Kuwait government, along with shipping and transportation organizations.

Ghimob banking trojan
A new banking trojan, dubbed Ghimob, was found infecting mobile devices to target financial apps from banks, exchanges, and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique. It is the latest creation of Guildma, the threat actor behind the Tétrade family of banking trojans.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress plugin flaw
A security vulnerability in the Welcart e-Commerce plugin could allow adversaries to launch code injection attacks against vulnerable websites. The high-severity bug is a PHP object-injection vulnerability, which exists in the way the platform handles cookies. The plugin has garnered over 20,000 installations, with a large market share in Japan.

Top Scams Reported in the Last 24 Hours

Tax rebate scam
An SMS phishing scam was found targeting U.K residents with tax rebate-themed messages that contain links to phishing pages. The phishing pages mimicked the HM Revenue and Customs (HMRC) web interface and also, contained fake online banking workflows to trick users.


xhunt campaign
luxottica group
x cart
tax rebate scam
ghimob banking trojan
welcart e commerce plugin
prestige software

Posted on: November 09, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite