Industrial Equipment Manufacturers
Several manufacturers have reported problems with the patches distributed for the Meltdown and Spectre vulnerabilities. For example, Rockwell Automation reported a dozen errors that appeared after installing Microsoft’s patches for their Windows systems. To read more: http://www.zdnet.com/article/meltdown-spectre-more-businesses-warned-off-patching-over-stability-issues/
Lumens BlackWallet
A DNS server connected to the domain of the browser based wallet application, BlackWallet, was compromised. The Stellar Lumens cryptocurrency was the target of the attack and the theft resulted in $400,000 in stolen funds. To read more: http://www.zdnet.com/article/400000-stolen-in-lumens-blackwallet-theft/
Jason’s Deli
The Texas-based restaurant chain fell victim to a data breach that impacted customers in 15 states. The attackers used RAM-scraping malware on the restaurant’s payment processing systems. To read more: http://www.wesh.com/article/jasons-deli-data-breach-impacts-up-to-2-million-customers/15384812
OnePlus
The phone maker, OnePlus, has confirmed that its systems were breached. The company alerted customers via email that their credit card information may have been compromised in the attack. To read more: http://www.zdnet.com/article/oneplus-confirms-hack-exposed-credit-cards-of-phone-buyers/
MaMi Malware
A researcher discovered a strain of malware targeting Mac OS X users. The researcher noticed a forum post where a user said a colleague “accidentally installed something”, which led to his/her DNS being hijacked. The malware is currently not sophisticated and may be recently developed. To read more: http://www.zdnet.com/article/mami-malware-targets-mac-os-x-dns-settings/
Skygofree
Skygofree is a mobile malware strain named after one of the domains used in the campaign. The malware spreads through web pages that mimic leading mobile networking operators. To read more: https://www.theregister.co.uk/2018/01/16/skygofree_android_spyware/
Satori variant
A new variant of Satori was spotted in the wild. The variant specializes in targeting vulnerable ETH mining rigs. The botnet searches for Claymore Miner software and replaces the wallet address on the hosts with its own wallet address. To read more: http://www.zdnet.com/article/satori-botnet-successor-targets-ethereum-mining-rigs/
Chrome extensions
Security researchers discovered four new malicious extensions in the Chrome Web Store. Three of the extensions have since been removed. To read more: https://threatpost.com/google-chrome-once-again-target-of-malicious-extensions/129443/
VTech
New InnoTab child learning devices were found to have the same security flaw as other connected toys from two years ago. VTech was already fined $650,000 by the FTC because of this security vulnerability. To read more: https://www.theregister.co.uk/2018/01/18/innotab_kid_tech_still_vulnerable/
Intel
The firmware fixes issued for Spectre and Meltdown are causing an uptick in system reboots and other unexpected behaviors. While only thought to affect older chips, researchers have now determined that newer chips are also vulnerable. To read more: https://threatpost.com/intel-says-firmware-fixes-for-spectre-and-meltdown-affecting-newer-chips/129512/
GhostTeam
Researchers uncovered GhostTeam malware, which tries to steal Facebook login credentials and has been targeting Android users. Since April of 2017, 53 different Android applications have been identified as distributors of the malware. To read more: http://www.zdnet.com/article/this-android-malware-wants-to-steal-your-facebook-login-and-bombard-you-with-ads/
Dark Caracal
Dark Caracal is multi-platform and linked to 26 desktop malware IOCs, Android malware and 60 domain based IOCs. The advanced persistent threat campaign stole hundreds of gigabytes of data including personal information and IP from more than 21 countries. To read more: https://threatpost.com/sprawling-mobile-espionage-campaign-targets-android-devices/129524/
Dridex
The Dridex banking Trojan has evolved and is now compromising FTP websites. The malware spreads through both phishing campaigns and web injections. To read more: http://www.zdnet.com/article/dridex-banking-trojan-compromises-ftp-sites-in-new-campaign/
Uber
Uber is ignoring a security bug that allows an attacker to bypass the app’s two-factor authentication. Uber marked the bypass bug as “informative”, which means it contains useful information but does not warrant immediate action. To read more: http://www.zdnet.com/article/uber-security-flaw-two-factor-login-bypass/
ChaiOS
A software developer found a text-related bug in iOS that crashes the operating system with a simple chunk of HTML code. The recipient doesn’t even need to open the link for the device to crash. To read more: https://www.techrepublic.com/article/new-ios-text-bomb-cyberattack-can-crash-restart-your-iphone/
Sign up below and receive weekly breach reports directly in your inbox.