Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 18, 2019

Malvertising has always been one of the common attack vectors among cybercriminals to generate revenues or to spread malware. Recently, researchers have come across a malvertising campaign that was carried out by a Hong Kong-based threat actor group. The group has pushed around 100 million malicious ads that redirected users to scams, malware and adware bundles. These ads were being displayed through Windows 10 apps and Microsoft games.

The past 24 hours saw a major data leak due to an unprotected Elasticsearch database. The leaky database contained over 899GB of personal related to Chinese citizens. This data was associated with more than 100 loan apps.

The BlueKeep vulnerability, discovered in May 2019, continues to pose a risk for more than 805,000 computers. Researchers have found that these systems are still using the older versions of Windows - XP, 7, Server 2003 and Server 2008 - that can make them vulnerable to the flaw.

Top Breaches Reported in the Last 24 Hours

899GB data leaked

An unprotected Elasticsearch database was found exposing over 899GB of data on the internet for two weeks. The database contained data from more than 100 loan-related apps. The exposed data included personal information of Chinese citizens such as their names, phone numbers, and addresses. The database also included financial data such as loan records, risk management data, and ID numbers.

Microsoft notifies around 10,000 customers

Microsoft has recently disclosed that it has notified nearly 10,000 customers that they were targeted by state-sponsored hackers last year. Most of these attacks had come from hacker groups based in Iran, North Korea, and Russia.**** While 84% of these attacks carried out by these threat actors targeted its enterprise customers, about 16% were aimed at home consumers and their personal email accounts.

Top Malware Reported in the Last 24 Hours

**One billion fake ad impressions **

Researchers have revealed a new malware framework that targets major browsers installed on Windows machines. It has generated more than one billion false Google AdSense impressions in the past three months alone. The framework has been designed to monitor statistics on social sites and ad impressions, creating revenue for its operators who are using botnets.

EvilGnome backdoor

Researchers have uncovered a new backdoor dubbed ‘EvilGnome’ that targets Linux users by impersonating a Gnome shell extension. This Linux malware is capable of spying on users, taking desktop screenshots, capturing audio recordings from the user’s microphone, stealing files, and downloading additional modules.

Seven Stalkerware apps removed

Google has removed seven Stalkerware apps from its Play Store that allowed people to stalk employees, partners, or kids. These Stalkerware apps were capable of spying on victims and tracking a person’s location, SMS, call history. These apps can also collect victims’ contact details. These apps were installed by over 130,000 users before they were removed.

Malvertising campaign

A Hong Kong-based threat actor group has been found using Windows 10 apps and Microsoft games to push 100 million malicious ads in 2019. These ads displayed tech support scams, phishing pages, and fake sweepstakes.

Top Vulnerabilities Reported in the Last 24 Hours

Drupal patches vulnerability

Drupal CMS team has released a security update to address a critical bypass vulnerability in the CMS’ core component. The flaw could allow attackers to take control of impacted sites. It affected all versions of Drupal prior to 8.7.4. However, Drupal 8.6.x and 7.x are not affected by the flaw.

BlueKeep vulnerability still affects computers

More than 805,000 internet-facing systems using older versions of Windows are still vulnerable to BlueKeep vulnerability. The vulnerability was uncovered in May 2019 and since then the number of systems likely to be affected by BlueKeep has dropped to 17%. The BlueKeep flaw affects RDP services in older versions of Windows OS such as XP, 7, Server 2003 and Server 2008.

Vulnerable Jenkins server

The researchers of Trend Micro have discovered that the default settings of Jenkins software, along with its matrix-based security, suffer from security problems that can result in remote code execution attacks. By leveraging these issues, attackers can execute remote code on the master machine and completely overwrite it.

Related Threat Briefings