Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 18, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 18, 2019
Top Breaches Reported in the Last 24 Hours
91 million user records on sale
A hacker who goes by the name of Gnosticplayers has released the third set of databases on the Dream Market forum. The biggest victims in the current list are GfyCat, ClassPass and StreetEasy. A total of 91 million users records are available for sale in the third round of data breaches. The hacker is selling the data for 2.6 Bitcoin, or about $9,350.
Ixigo data breach
Around 18 million user data belonging to Ixigo, the popular online travel aggregation platform, is up for sale on Dark Web. The stolen information mainly includes account holders’ names, email addresses and hashed passwords. The company claims that no payment card data or financial information has been stolen in the breach.
An active phishing campaign
Security researchers have observed an active phishing campaign masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The spoofed portal is being hosted on a suspected compromised server used by a North Carolina-based dance studio group. The campaign is believed to be active since at least the beginning of February 2019.
Top Malware Reported in the Last 24 Hours
**LUNAR SPIDER found distributing **TrickBot
LUNAR SPIDER threat actor group has been spotted distributing WIZARD SPIDER's TrickBot trojan in a new attack campaign. The LUNAR SPIDER, who is known for creating BokBot malware, is using a custom variant of TrickBot trojan to perform credential theft and wire fraud. The custom variant has an embedded, Base64-encoded Portable Executable (PE) file.
New macOS malware
A new strain of macOS malware that disguises as a Windows executable file (.EXE) to evade detection, has been discovered by security researchers. The malware infects the users in the United Kingdom, Australia, Armenia, Luxembourg, South Africa, and the United States. The .EXE file delivers a malicious payload that overrides Mac's built-in protection mechanism named Gatekeeper.
FINRA warns about a phishing attack
Financial Industry Regulatory Authority (FINRA) has issued a notice, warning the brokerage firms about an ongoing phishing attack. The attack is found to have targeted multiple brokerage firms with malicious email spams. The email is found to come from a purported BSA-AML compliance officer of an Indiana-based credit union.
Top Vulnerabilities Reported in the Last 24 Hours
CSRF vulnerability
A white hat hacker has discovered a critical CSRF vulnerability on Facebook. It is believed that the flaw could have been leveraged to bypass CSRF protections and perform actions on a user’s behalf by tricking them into accessing a malicious URL. The flaw resides in the Facebook[.]com/comet/dialog_DONOTUSE/. The bug could have allowed malicious users to send requests with CSRF tokens to arbitrary endpoints on Facebook which could lead to victims’ account takeover.
Spectre** flaw exploitation**
After analyzing the impact of the data-leaking Spectre vulnerabilities, Google security experts have come to the conclusion that software alone cannot prevent exploitations due to Spectre flaw. They have been able to exploit the Spectre flaws present in various CPU families, allowing attacker-supplied code running in a thread to read all memory in the same address space and steal data. They found that a malicious web page's JavaScript code executing in a web browser thread can potentially snoop on another web page's JavaScript running in another thread.