907-788-6495

India’s largest bank has secured an unprotected server that allowed
anyone to access financial information on millions of its customers, like
bank balances and recent transactions. The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick,
a text message and call-based system used to request basic information
about their bank accounts by customers of the government-owned
State Bank of India (SBI), the largest bank in the country and a highly
ranked company in the Fortune 500

Source

Airbus data breach

European airplane maker Airbus admitted on 30.01.2019 a data breach
of its “Commercial Aircraft business” information systems that allowed
intruders to gain access to some of its employees’ personal
information. Though the company did not elaborate on the nature of
the hack, it claimed that the security breach did not affect its
commercial operations and there is no impact on aircraft production.

Source

Credential stuffing attack against Dailymotion

Video platform website Dailymotion announced that some accounts
were the target of a credential stuffing attack, which started on 19
January and kept going for several days. A notification was sent to the
potentially impacted users and their passwords have been reset.

Source

Recommendations

  • Reset the password on the affected website if applicable. Follow
    the instructions sent by Dailymotion (in terms of password
    resetting procedure).
  • Make sure your Dailymotion password was unique and never used
    on other services. Otherwise, change the password on other
    services as well.

Custom malware targeting Iran.

An Iran-linked APT known as Chafer has been targeting various entities
based in Iran with an enhanced version of a custom malware.
Meanwhile the victimology suggests the threat group is waging a
cyber-espionage operation against diplomats there.

Source

Recommendations

  • Make sure your AV solution is up-to-date.
  • Make sure your employees attend regular security awareness
    trainings, especially related to the phishing attacks (done by various media, not only through the email) and are instructed how
    to act in case of malware infection.

Q4 threat report by Proofpoint

The fourth quarter of 2018 saw continued high volumes of banking
Trojans, downloaders, and information stealers relative to other
malware families. Remote access Trojans (RATs) became increasingly
pervasive, email fraud doubled quarter over quarter, and social media
support fraud continued its steady growth.

Source

Recommendations

  • Make sure your AV solution is up-to-date.
  • Make sure your employees attend regular security awareness
    trainings, especially related to the phishing attacks (done by
    various media, not only through the email) and are instructed how
    to act in case of malware infection.
  • Consider extending F-Secure’s Rapid Detection Service
    deployment in order to increase suspicious system activities
    visibility.

Crypto miners malware report

According to the Check Point Software report, 40 percent of
organizations were impacted by crypto miners last year, making it the
most prominent malware infection used by threat actors. The report
also found that crypto jackers are becoming more creative and
deceptive, using methods like drive-by attacks.

Source

Recommendations

  • Make sure your AV solution is up-to-date.
  • Make sure your employees attend regular security awareness
    trainings, especially related to the phishing attacks (done by
    various media, not only through the email) and are instructed how
    to act in case of malware infection.
  • Consider extending F-Secure’s Rapid Detection Service
    deployment in order to increase suspicious system activities
    visibility.

9104414071

Apple has released iOS 12.1.4, fixing two vulnerabilities that were
found to be exploited in-the-wild. CVE-2019-7286 is a memory
corruption bug in the iOS Foundation component and allows an
attacker to gain elevated privileges, while CVE-2019-72867 is an RCE
bug in the I/O Kit. It is unclear yet in which type of attacks these zerodays
were used. Also included is a fix for the FaceTime bug that allowed
users to eavesdrop on others using group FaceTime calls.

Source

Recommendations

  • Update your Apple device as soon as possible.

trampess

Australia’s leading cybersecurity agency is investigating a breach of the
country’s federal parliamentary computing network amid speculation
of hacking by a foreign nation. Lawmakers and staff in the capital,
Canberra, were made to change their passwords on the system after
the overnight breach. A joint statement from House of Representatives
Speaker Tony Smith and Senate President Scott Ryan says there’s no
evidence that data had been accessed in the breach, but investigations
are continuing.

Source

Cyberespionage campaign

A sustained cyberespionage campaign targeting at least three
companies in the United States and Europe was uncovered by
Recorded Future and Rapid7 between November 2017 and September. Based on the technical data uncovered, and in light of recent
disclosures by the U.S. Department of Justice on the ongoing activities
of Chinese state-sponsored threat actors, Recorded Future assesses
with high confidence that these incidents were conducted by APT10
(also known as Stone Panda, menuPass, CVNX) in an effort to gain
access to networks and steal valuable intellectual property or gain
commercial advantage.

Source

Recommendations

  • Make sure your AV solution is up-to-date.
  • Make sure your employees attend regular security awareness
    trainings, especially related to the phishing attacks (done by
    various media, not only through the email) and are instructed how
    to act in case of malware infection.
  • Consider extending F-Secure’s Rapid Detection Service
    deployment in order to increase suspicious system activities
    visibility.