Threat Intelligence Blog

Posted January 24, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


“Dutch security enthusiast Tijme Gommers discovered a reflected cross-site scripting (XSS) vulnerability in the search functionality of the McDonald’s website. The flaw can be exploited through a known sandbox escape method in the AngularJS JavaScript framework, and it allows an attacker to load an external JavaScript file that can be designed to steal a user’s password.

According to the researcher, the McDonald’s website decrypts the password client side using a cookie that is valid for an entire year. Since the same key and initialization vector are used for every customer, it’s easy to obtain a password in plain text.”

– Security Week


“The Department of Health and Human Services has issued new health data privacy guidance and announced a contest to create an online “model privacy notice generator.” Plus, it’s issued a reminder about the importance of reviewing and securing audit logs to help prevent and detect breaches.

The issuance on Jan. 10 of new privacy guidance by HHS’ Office for Civil Rights is aimed at clarifying that the HIPAA Privacy Rule permits disclosures of health information to a patient’s loved ones regardless of whether they are recognized as relatives under applicable law.”

– Healthcare Info Security

Financial Services

“The infamous Carbanak malware is now capable of using Google services for command and control (C&C) communication, Forcepoint security researchers warn.

The malware is used by the Carbanak group (also known as Anunak), which was first exposed in 2015 as a financially motivated actor targeting mainly financial institutions. When first uncovered, the group was said to have stolen upwards of $1 billion from more than 100 banks across 30 countries. Historically, the group has been using targeted malware in their attacks, and researchers recently associated it with an attack campaign that leveraged weaponized Office documents hosted on mirrored domains for malware distribution.

The recent attack analyzed by Forcepoint Security Labs follows a similar path, as it uses a RTF document to distribute the Carbanak malware. The document was packed with an encoded Visual Basic Script (VBScript) previously associated with the Carbanak malware before.”

– Security Week

Law Enforcement

Asia faces one of the severest security situations in the world, with spreading international terrorism, regional conflicts and cybercrimes posing an unprecedented challenge for policing, the Interpol today said. The 190-member international police organization, however, said it was ready to work with police officers in Asia to contribute to Asian security, but called for improvement in law enforcement cooperation and security governance reforms.

– Interpol


French authorities have warned political parties of potential cyberattacks in the lead-up to the May elections, as the US accuses hackers with Russian ties of being involved in its election process.

While the National Agency for the Security of Information Systems (L’Agence nationale de la sécurité des systèmes d’information or ANSSI) refrained from pointing to a specific group or country that would gain from tampering with the election, ANSSI director Guillaume Poupard did mention that cyberattacks could be used as a tool.”

Hot for Security

You May Also Be Interested In…

Additional Posts

Webinar: scoutSHIELD™ Threat Intelligence Gateway

The cyber threat landscape is constantly evolving and conventional security products (Firewalls, ...

Weekly Phishing Activity: January 23, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...