Threat Reports

Silobreaker Daily Cyber Digest – 3 March 2016

Wendy’s Breach: The Aftermath(?)
Krebs has reported that several credit unions are experiencing an unusually high volume of debit card fraud from the Wendy’s POS breach.

One of Krebs’ sources, the CEO of the National Association of Federal Credit Unions, claims that the number of compromised accounts stemming from Wendy’s has easily eclipsed those that resulted from the Target or Home Depot breaches.

The accounts targeted and the speed at which they were drained suggests that this breach is the work of an experienced group. Credit card issuers are apparently having difficulty issuing new cards to customers, who return to Wendy’s and have their card details stolen again.

Fingerprinting
Operation Fingerprint is a project by Malwarebytes and GeoEdge that looks at the role that fingerprinting plays in malvertising campaigns.

Fingerprinting is used by exploit kits like Angler to assess victims’ computers and make sure that they are valid targets, rather than honeypots or other research/security-based tools. This can be done via small amounts of code embedded in website ads.

The full whitepaper is available here.

RSA’s Flawed Android App
Apparently the Samsung Galaxy S4 smartphones given to exhibitors at this year’s RSA conference have a plaintext, default password embedded in their badge scanning app.

The phones are meant to run in ‘kiosk mode’, which means that only the customised badge scanning app is usable. After discovering the default password, researchers at Bluebox Security gained access the app’s settings and put the device into developer mode, giving them full access to the phones.

The badge scanning app was developed by an unnamed third party and the flaw, while amusing, is unlikely to cause problems.

Visa Credit Card Spam Campaign
Spam campaigns that use credit card reward schemes to entrap people are hardly unique in the world of cyber crime. There is, however, a particularly nasty spam operation currently circulating that tricks individuals into downloading the Teslacrypt Ransomware.

The campaign is an email-based phishing attack that touts the benefits of the Visa Total Reward credit card. The email contains an attachment that purports to be a document explaining the range of benefits open to users if they sign up for a Visa credit card. In reality the attachment is an obfuscated JavaScript file that downloads Teslacrypt 2.0.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 14 June 2019

      Ongoing Campaigns Trend Micro discover new campaign using NSA leaked tools to deliver cryptominers Trend Micro researchers discovered an ongoing cryptojacking campaign infecting...
  • Silobreaker Daily Cyber Digest – 13 June 2019

    Malware Palo Alto’s Unit 42 report on evolving Hide ‘N Seek botnet Unit 42 have discovered a variant of the Hide ‘N Seek botnet...
  • Silobreaker Daily Cyber Digest – 11 June 2019

      Ongoing Campaigns MuddyWater uses multi-stage backdoor POWERSTATS V3 and new post-exploitation tools Trend Micro researchers detected new campaigns that appear to be operated...
View all News

Request a demo

Get in touch