Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 2, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 2, 2020
Vulnerable Click2Gov software continues to affect users paying utility bills online. In the past, the unpatched software has been exploited multiple times to affect residents in dozens of cities in the U.S. and this time it has affected the residents of Aurora city. It is believed that the residents who made water payments to the city between August 30 and October 14, 2019, through the Click2Gov system may be affected.
In other news, security researchers have uncovered a malicious Chrome extension named Shitcoin Wallet. Once the extension is installed, it requests permission to inject JavaScript code on 77 websites. This makes it easy for the extension to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.
Top Breaches Reported in the Last 24 Hours
Landry’s Inc. breached
Landry’s Inc. has issued a notice to alert the public of a recent security incident involving payment processing systems. An investigation has released that customers’ payment cards could have been mistakenly swiped on the order-entry systems instead of the PoS terminals. The firm reveals that the payment card swiped between March 13, 2019, and October 17, 2019, may have been affected in the incident.
Poloniex resets passwords
Cryptocurrency exchange Poloniex has enforced a password reset on users whose email addresses and passwords were leaked on Twitter. In an email shared with customers, Poloniex had shared a list of email addresses and passwords and claimed that they could be used to log in to Poloniex accounts.
Click2Gov payment system exploited again
Personal information of some Aurora Water customers may have been affected due to a breach of the Click2Gov payment system. The compromised information includes the customer’s first and last name, billing address, payment card type, payment card number, payment card verification value, and payment card expiration date.
Top Malware Reported in the Last 24 Hours
Shitcoin Wallet extension
A malicious extension named Shitcoin Wallet has been found stealing passwords and private keys from cryptocurrency wallets and cryptocurrency portals. To initiate the stealing process, the extension requests permission to inject JavaScript code on 77 websites. When users navigate to any of these 77 sites, the extension loads and injects an additional JS file from ‘https://erc20wallet[.]tk/js/content_.js’. The JS file contains the obfuscated code to trick users. Once activated, the malicious JS code records the user’s login credentials, searches for private keys, and finally sends the data to erc20wallet[.]tk.
Top Vulnerabilities Reported in the Last 24 Hours
Starbucks API key exposed
Developers at Starbucks left an API key exposed that could be used by attackers to access internal systems and manipulate the list of authorized users. The issue has been rated as ‘critical’ because it could allow attackers to execute commands on systems, add or remove users which have access to internal systems, and potentially AWS account takeover. The key was found in a public GitHub repository.
DTEN vulnerabilities
Multiple vulnerabilities have been uncovered in DTEN D5 and D7 conferencing and collaboration systems. The flaws could be exploited to expose sensitive data included in live meetings and saved artifacts like conversations, recordings, notes, and interactive whiteboards.
Top Scams Reported in the Last 24 Hours
Scammers use tricks to bypass email filters
Scammers involved in sextortion email scams are utilizing new tactics to bypass spam filters. These include sending emails in foreign languages or splitting bitcoin addresses into two parts. Adding these two tactics makes it more difficult for the recipient to understand what they are receiving. Usually, a sextortion email includes a message to scare the recipients. The email goes on to say that spyware has been installed on the recipient’s system and has captured several inappropriate images and videos of them.