Reading Time: ~2 min.

Dark Tequila Targets Mexican Financial Organizations

Over the past 5 years, one malware campaign has been plaguing the financial industries of Mexico: Dark Tequila. While many researchers have been monitoring samples for most of that time, only recently has the entire campaign come into focus, with over 30,000 unique targets in 2018 alone. Using mostly spear-phishing tactics, the malware is able to spread quickly and steal a significant amount of information with relative ease and, for its finale, a USB infector is copied to any removable drive enabling it to spread across offline channels.

Babysitting App’s Database Breached

Over 93,000 users of the popular child-sitting app Sitter are being notified after the MongoDB database the app uses was compromised. Most information on the app is considered highly sensitive, including names, home addresses, and even full address book contacts for thousands of users. It remains unclear how long the database remained unprotected and Sitter is now contacting all affected users.

Ryuk Ransomware Uses Highly Targeted Attacks

The authors behind the ransomware variant Ryuk have taken significant strides towards ensuring large ransom payouts by focusing exclusively on large corporations and demanding Bitcoin ransoms that only those organizations could even fathom paying. They have already received two ransoms ranging from 15 to 35 Bitcoins, or roughly $225,000, with a daily ransom increase of half a Bitcoin for each day unpaid.

American Healthcare Organization Hit by Phishing Attack

Recently, Augusta University Health announced that, in September 2017, they experienced a data breach that could possibly affect over 400,000 patients. Listing sensitive data from home addresses to social security numbers and other forms of ID, this breach could easily set up future phishing attacks on individuals. Officials are still working to determine how such a breach could have occurred (and remained undetected for nearly 10 months). Because of a lack of encryption, the breach was far more damaging than it otherwise would have been.

Cardio-Imaging Devices Vulnerable to Exploits

Several versions of Philips’ cardiovascular imaging devices have been found to contain multiple exploits that would easily allow an attacker to perform unauthorized code execution and cause the devices to malfunction. Fortunately, these devices are not remotely accessible, and the company has already begun putting new safeguards in place with their next major patch.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Facebook Comments
Share This