Cyware Weekly Threat Intelligence, April 29 - May 03, 2019

Weekly Threat Briefing • May 3, 2019
Weekly Threat Briefing • May 3, 2019
The Good
We’re back with the most interesting threat intel of the week. The past week witnessed several cybersecurity advancements, security incidents, as well as the emergence of new threats. To begin with, let’s first glance through all the good that has happened in cyberspace over the past week. The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have issued the Binding Operational Directive (BOD) 19-02 that requires federal agencies to ensure effective remediation of critical vulnerabilities. Canada’s major banks have launched a secure digital identity network ‘Verified.Me’. Meanwhile, Researchers from North Carolina State University and the University of Texas at Austin have developed a new technique for detecting types of malware that use a system’s architecture.
The Bad
Several data breaches and security incidents were witnessed over the past week. Researchers have detected an unprotected database that exposed personal information of almost 80 million US households. In another instance, an unprotected AWS-hosted Elasticsearch database belonging to a job recruitment site ‘Ladders’ has exposed profiles of almost 13 million job seekers. Last but not least, attackers have hacked an internet infrastructure firm CITYCOMP which provided services to several major companies including Oracle, Volkswagen, and Airbus.
New Threats
The past week also witnessed the occurrence of new malware strains and vulnerabilities. Security researchers have uncovered a new variant of the Linux Muhstik botnet that propagates by exploiting the latest WebLogic server vulnerability. In another instance, researchers have observed a new malvertising campaign that leverages Yandex.Direct network to distribute 6 different malware families onto victims’ computers. Meanwhile, a fake Windows PC cleaner tool ‘G-Cleaner’ also known as ‘Garbage Cleaner’ delivers the infamous ‘AZORult’ malware onto victims’ computer.