Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 27, 2019

Top Breaches Reported in the Last 24 Hours

2.09 million EOS coins stolen

A hacker stole 2.09 million EOS coin (around $7.7 million) after a maintainer of an EOS blacklist failed to do its job. The hack came to light on February 23. on February 22, a new EOS Block Producer called games.eos reportedly failed to update its blacklist for EOS accounts. This led to the loss of 2.09 million EOS from one of the user's account. After the discovery of the hack, global cryptocurrency exchange Huobi has stepped in to extend its help.

Attack on the Australian Parliament House

The Australian Parliament House suffered a catastrophic cyber attack, resulting in the compromise of networks of several political parties. This attack has exposed the vulnerabilities that lie in the country's digital infrastructure and highlights the need for a digital arsenal pact. Although there was no evidence of any information theft, the government claims that the Australian Cyber Security Center (ACSC) is working on securing the networks.

Top Malware Reported in the Last 24 Hours

Credit card-stealing scripts modified

Researchers have found that new variation of credit card-stealing scripts are being used by attackers to steal credit card details from Magento-based e-commerce sites. Attackers are leveraging fake Google Analytics and Angular scripts to evade detection. The malicious codes are injected into legitimate JS files to make the process easy. Around 40 sites have been to contain fake Angular scripts.

Phishing schemes target US contractors

Researchers have discovered two new online bidding phishing campaigns that target US federal government contractors. The attack campaigns are being carried out to steal personally identifiable information (PII) of contractors and do business with other US federal government agencies. Cybercriminals are leveraging fake domain transportation[.]gov[.]bidsync[.]kela[.]pw to conduct the campaigns.

New malvertising attack detected

A new form of Steganography technique has been detected recently. Researchers from DEVCON have observed a group of malvertisers is using polygot images to hide malicious ad payloads. Here, attackers are using .bmp images as their camouflages to trick a system into accepting the image.

Smoke Loader Botnet

The Smoke Loader Botnet, which is publicly available since 2011, is still active on the Dark Web. Around 1,500 active samples have been detected in the last six months. Researchers suggest that the malware continues to gain its popularity on the black market because of its ongoing innovation. The Smoke Loader botnet was the first malware to use PROPagate injection techniques to compromise Windows machines.

Top Vulnerabilities Reported in the Last 24 Hours

GPU Display Driver issue

Eight security flaws have been discovered in the NVIDIA GPU Display Driver software. One of these flaws affects both Linux and Windows systems. The vulnerabilities in question are CVE 2019 5665, CVE 2019 5666, CVE 2019 5667, CVE 2019 5668, CVE 2019 5669, CVE 2019 5670, CVE 2019 5671, and CVE 2018 6260.CVE-2019-5665. They can lead to code execution, escalation of privileges, denial of service attacks, and information disclosure. Users are urged to patch the affected systems with the latest software update through NVIDIA Driver Downloads.

WordPress RCE flaw

Two core remote code execution vulnerabilities - CVE-2019-8942 and CVE-2019-8943 - have been identified in WordPress. These security flaws can enable attackers to gain root privileges and take control of the site. The versions of WordPress affected by these flaws include versions 5 (prior to 5.0.1) and 4 (prior to 4.9.9). In order to stay safe, users are advised to update their WordPress sites to the latest version.

Related Threat Briefings