Threat Reports

Silobreaker Daily Cyber Digest – 3 March 2016

Wendy’s Breach: The Aftermath(?)
Krebs has reported that several credit unions are experiencing an unusually high volume of debit card fraud from the Wendy’s POS breach.

One of Krebs’ sources, the CEO of the National Association of Federal Credit Unions, claims that the number of compromised accounts stemming from Wendy’s has easily eclipsed those that resulted from the Target or Home Depot breaches.

The accounts targeted and the speed at which they were drained suggests that this breach is the work of an experienced group. Credit card issuers are apparently having difficulty issuing new cards to customers, who return to Wendy’s and have their card details stolen again.

Operation Fingerprint is a project by Malwarebytes and GeoEdge that looks at the role that fingerprinting plays in malvertising campaigns.

Fingerprinting is used by exploit kits like Angler to assess victims’ computers and make sure that they are valid targets, rather than honeypots or other research/security-based tools. This can be done via small amounts of code embedded in website ads.

The full whitepaper is available here.

RSA’s Flawed Android App
Apparently the Samsung Galaxy S4 smartphones given to exhibitors at this year’s RSA conference have a plaintext, default password embedded in their badge scanning app.

The phones are meant to run in ‘kiosk mode’, which means that only the customised badge scanning app is usable. After discovering the default password, researchers at Bluebox Security gained access the app’s settings and put the device into developer mode, giving them full access to the phones.

The badge scanning app was developed by an unnamed third party and the flaw, while amusing, is unlikely to cause problems.

Visa Credit Card Spam Campaign
Spam campaigns that use credit card reward schemes to entrap people are hardly unique in the world of cyber crime. There is, however, a particularly nasty spam operation currently circulating that tricks individuals into downloading the Teslacrypt Ransomware.

The campaign is an email-based phishing attack that touts the benefits of the Visa Total Reward credit card. The email contains an attachment that purports to be a document explaining the range of benefits open to users if they sign up for a Visa credit card. In reality the attachment is an obfuscated JavaScript file that downloads Teslacrypt 2.0.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 22 March 2019

      Ongoing Campaigns Dr Web reports Flexnet banking trojan targeting users of Android devices Flexnet banking trojan is reportedly based on GM bot trojan...
  • Silobreaker Daily Cyber Digest – 21 March 2019

      Malware New Carbanak Gang tools discovered by Flashpoint Flashpoint researchers reported on newly discovered tools used by the Carbanak Gang in a campaign...
  • Silobreaker Daily Cyber Digest – 20 March 2019

      Malware Malicious Office document analysed by ZLAB Researchers at Cybaze-Yoroi ZLAB discovered a malicious Office document with a payload capable of bypassing AppLocker...
View all News

Request a demo

Get in touch