Cyware Weekly Cyber Threat Intelligence November 12 - 16, 2018

The Good

• The US Congress approved a bill that approves the creation of a new centralized, federal cybersecurity agency. The move would reconfigure the Department of Homeland Security’s National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency (CISA).
• Google, Microsoft, and other tech giants have backed French President Emmanuel Macron’s call for greater internet security. The initiative, known as the “Paris Call for Trust and Security in Cyberspace,” is aimed at tightening internet regulations and boosting protections against cyberattacks, election interference, and more.
• Researchers are working on using brainwaves as the new generation of passwords. Biometrics are increasingly replacing traditional passwords and the new research involves developing a flexible and secure biometric alternative to current, traditional passwords.

The Bad

• New Jersey-based charity Kars4Kids accidentally exposed over 21,000 customers’ and donors’ personal details. The breach was caused by an unprotected Mongo database. The exposed data includes the emails and personal information of customers and donors.
• Google services went down briefly after the tech giant’s internet traffic was hijacked by a Nigerian ISP. Google’s user traffic was routed via Russia and Nigeria before the tech giant’s IP prefixes were leaked to the Chinese state-owned telecom provider called China Telecom.
• A California-based communications firm called Voxox exposed a massive database containing millions of text messages and more. The breach was caused by an unprotected Amazon Elasticsearch server. The database contained tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
• Health First was hit by a data breach that may have compromised the personal data of around 42,000 customers. The firm claimed that the data breached included customers’ Social Security Numbers, addresses and dates of birth.

New Threats

• The TA505 threat actor was found testing out a new reconnaissance malware dubbed tRAT. tRAT is a modular malware, written in Delphi, that is currently being used in a reconnaissance campaign targeting financial institutions.
• A new malware called DarkGate, that can function as a keylogger, a ransomware, and cryptominer, has been discovered. The malware is currently being delivered via Torrent files and is targeting victims in Spain and France. The malware also uses several advanced anti-analysis techniques, such as using vendor-specific checks, to evade detection.
• The Mylobot botnet was found distributing the Khalesi malware. Mybolot belongs to a sophisticated malware family and is classified as a downloader. Meanwhile, Khalesi is considered to be one of the fastest growing malware variants of the year.
• Researchers discovered multiple vulnerabilities in iPhone X, Samsung Galaxy S9, and Xiaomi Mi6. Few of the models manufactured by these companies have been found to contain serious vulnerabilities that could allow cybercriminals to gain control over the devices.