Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence February 8, 2019 - Featured Image

Daily Threat Briefing Feb 8, 2019

Top Breaches Reported in the Last 24 Hours

Mumsnet data breach

A technical glitch in Mumsnet, a popular parenting forum, was exposing the account details of its users. The breach occurred due to a botched upgrade to the software - on which the forum is running. During that time, about 4,000 users had logged in. However, only 14 of those 4,000 reported the issue.

Jack'd app data leak

A serious design flaw in the popular dating app called Jack'd enabled anyone to access millions of private photos, even if they didn't have an account on the app. The firm was notified about the flaw last year. However, it appeared to implement a fix only this week. Jack'd has more than five million downloads on the Google Play Store.

Trakt data breach

Trakt, the makers of an app that monitors users' TV programme and movie viewing habits, is notifying its users about a data leak that occurred due to a PHP exploit. The incident occurred back in December 2014 and involved information such as user names, email addresses and encrypted passwords. In the wake of the data leak, the firm has reset the passwords for the affected users.

Bayside Covenant Church data breach

Unauthorized access has affected the personal information of some employees working in the Bayside Covenant Church of Roseville, California. The information exposed in the breach includes names, addresses, Social Security Numbers, passport numbers, driver’s license numbers, financial account information, medical information, health insurance information, usernames and passwords for online accounts.

Top Malware Reported in the Last 24 Hours

QakBot malware

Geodo botnets have been found using a new spam campaign to deliver samples of QakBot malware and IceID trojan as its final payload. The attack begins with users receiving a phishing email that contains a weaponized Microsoft Office document. The attached file contains malicious macros, which when enabled, directly deliver Qakbot to the victim's device.

New Ursnif variant

A new variant of Ursnif trojan that is distributed via steganography and AtomBombing techniques has been observed recently by researchers. The new variant is used to target Italian servers and arrives hidden in a Microsoft Office document. The AtomBombing technique enables attackers to exploit Windows AtomTable in order to inject malicious code into explorer[.]exe in a stealthy fashion.

Matrix ransomware evolves

Matrix ransomware, first spotted in late 2016, has evolved into a dangerous threat over the years. The ransomware targets endpoints through Windows Remote Desktop (RDP) services by brute-forcing passwords. Once installed, it encrypts files that include mdf, .ndf, .myd, .eql, . sql, .fdb, .vhd, .sqlite, .dbs, .docx, .doc, .odt, and .jpeg extensions.

Top Vulnerabilities Reported in the Last 24 Hours

Bugs in video conferencing products

The remote OS command injection vulnerabilities in some video conferencing products can allow hackers to remotely gain control of the devices and later use them as snooping tool. The vulnerabilities have been found affecting four Lifesize enterprise collaboration products - Lifesize Team, Lifesize Room, Lifesize Passport and Lifesize Networker.

Flaws in Kunbus Industrial Gateway

Security researchers have discovered serious flaws in the Kunbus Industrial Gateway. Dubbed as 2019-6527 and CVE-2019-6533, the flaws are related to improper authentication and improper input validation. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and/or cause a denial-of-service condition.

macOS zero-day bug

A new zero-day bug has been discovered in macOS. The bug can exposed passwords in Apple's Keychain software. It affects the latest version of macOS Mojave. The bug, if exploited, can allow attackers to grab passwords from login and system Keychain without root or administrator privileges.

Related Threat Briefings