Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence February 14, 2019 - Featured Image

Daily Threat Briefing Feb 14, 2019

Top Breaches Reported in the Last 24 Hours

Image-I-Nation Technologies breached

Image-I-Nation Technologies was breached in a possible supply chain attack. The attack occurred sometime in November 2018, resulting in the compromise of the consumer report database. The compromised database contained customers’ sensitive information such as their full names, dates of birth, home addresses, and social security numbers.

DataCamp breach

Online data science learning platform DataCamp has reported a data breach. The breach occurred on February 11, 2019, after hackers gained unauthorized access to its systems. The information compromised in the breach includes customers' names, email addresses, locations, company, biography, education details and pictures.

Bank of Valletta suffers an attack

Recently, a massive cyber-attack was carried out against the Bank of Valletta, where 13 million Euros got transferred out of the bank via false international transactions. Transactions were made to bank accounts in four countries–the US, the UK, Czechia, and Hong Kong. Upon discovery, the firm took immediate action and blocked the transactions.

Top Malware Reported in the Last 24 Hours

New phishing campaign

A new phishing campaign that claims the recipients' that their email is blacklisted has been discovered recently. The campaign goes with the subject line of 'security@myonlinesecurity.co.uk BLACKLISTED’and uses phishing links that contains almost 1,000 characters. The email pretends to be from the victim’s mail domain's support department and states that the email has been blacklisted due to multiple login failures.

New** variant of Astaroth trojan**

A new variant of Astaroth trojan has been spotted by security researchers. The malware is capable of bypassing the antivirus software to steal user credentials. The trojan disguises as .JPEG, .GIF, or an extensionless file to avoid detection when executed on a machine. It is distributed through spam campaigns. Once installed, it connects with a C2 server and exfiltrates data about the infected computer.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft Office bugs

Security researchers have discovered several bugs in Microsoft Office features that can be exploited to perform a range of attack techniques. These flaws discovered are information disclosure vulnerability (CVE-2019-0561) and bypass flaw (CVE-2019-0540) While the first flaw exists when Word macro buttons are improperly used, the second flaw exists when Office doesn't validate URLs.

Apache OpenOffice flaw patched

A remote code execution vulnerability affecting the Apache OpenOffice open source productivity suite has received an unofficial security patch. The flaw in question is tracked as CVE-2018-16858 can allow an attacker to execute code by getting the targeted user to open a specially crafted document.

Cisco patches NAE vulnerability

Cisco has released a security update to address a vulnerability in Network Assurance Engine (NAE). An attacker can exploit this vulnerability - dubbed as CVE-2019-1688 - to obtain sensitive information. The flaw exists due to a fault in the password management system of NAE.

Top Scams Reported in the Last 24 Hours

Online romance scams

The Federal Trade Commission (FTC) is alerting users about internet romance scams. In this type of scam, scammers gain the confidence of their victims and later trick them into sending money. FTC has advised people to be cautious while using online dating sites and that they should never send money or gifts to someone not known personally. The images of the person must be checked meticulously. The texts must also be observed as scammers often stick to a specific script while deceiving multiple people at one time.

Related Threat Briefings