Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 15, 2019

Top Breaches Reported in the Last 24 Hours

Misconfigured ElasticSearch database

An unprotected ElasticSearch database has exposed profiles of almost 33 million Chinese job seekers. The database contained around 57GB of data. Although the owner of the database is unknown, it is found that the databases contained critical information like job seeker’s username, gender, age, current city, home address, email address, phone number, marriage status, job history, education history, and salary history. Upon discovery, the leaky database was secured by security experts.

Sizmek’s account breach

Sizmek, an American online advertising platform, has confirmed that hackers are reselling access to a user account that can enable anyone to modify the existing ads and offers. The compromised user account is posted on a Russian-language cybercrime forum at a price starting at $800. If threat actors gain access to the account, they can add new users to the ad system by injecting malicious scripts into the HTML code. Following the discovery of the breach, Sizmek has forced a password reset on all internal employee accounts.

Pakistan government site compromised

Attackers have compromised Pakistan’s Passport Application Tracking site. This allowed them to log the keystrokes of visitors entering their personal information into the site. Details like names, addresses, and phone numbers of passport applicants may have been captured by the attackers.

Top Malware Reported in the Last 24 Hours

GandCrab 5.2 ransomware

Attackers are leveraging ‘Fake CDC flu warnings’ to distribute GandCrab 5.2 ransomware. The attackers send phishing emails under the subject line of ‘Flu Pandemic Warning’. However, a close look reveals that the email comes from a sender ‘Peter@eatpraynope[.]com’ which has nothing to do with the Center for Disease Control (CDC).

JS Sniffer malware

Researchers have come across seven sites in the US and the UK that have been infected by a new JS (JavaScript) Sniffer. The malware is designed to secretly swoop into the sites and steal payment card details of visitors. The companies that are affected by the malware are Fila, Jungleeny, Forshaw, Absolute New York, Cajungrocer, Get RXd and Sharbor.

DanaBot control panel decoded

In the latest research, researchers have discovered the control panel application of DanaBot trojan. The control panel is written in Delphi language. Once the threat actors buy access to the control panel system, they can create and configure their own DanaBot malware and use it to steal data like credentials, financial accounts and more.

Top Vulnerabilities Reported in the Last 24 Hours

Nasty WinRAR bug

Cybercriminals are still exploiting a recently patched critical remote code execution vulnerability (CVE-2018-20250) in WinRAR. The vulnerability was patched in February 2019. However, many users are still using the unpatched versions of WinRAR, leaving them vulnerable to several cyber attacks. Successful exploitation can enable attackers to take full control of targeted systems.

Cisco issues security advisories

Cisco has issued security advisories for two critical vulnerabilities - CVE-2018-0389 and CVE-2019-1723. While the first flaw exists in Cisco Small Business SPA514G IP phones, the second flaw is in the Cisco Common Services Platform Collector releases 2.7.2 through 2.7.4.5. Cisco has issued a patch for only CVE-2019-1723.

Ubuntu 14.04 LTS updated

Canonical has released a Linux kernel security update for Ubuntu 14.04 LTS (Trusty Tahr) operating system series, and its derivatives. This includes Kubuntu, Xubuntu, Lubuntu, Ubuntu Kylin, Ubuntu Studio, Mythbuntu, and others. The update is for the recently disclosed zero-day vulnerability CVE-2019-6133. All the users of Ubuntu 14.04 LTS (Trusty Tahr) are urged to update their installations to “Linux-image 3.13.0-166.216” for 32-bit, 64-bit, and PowerPC 64-bit installations.

Top Scams Reported in the Last 24 Hours

Phone scams

The US Drug Enforcement Agency (DEA) is alerting users about a new phone scam in which scammers are impersonating the agency’s employees. The scam aims at stealing payment and personal information from users and DEA-registered medical practitioners. The scammers claim to be well-known DEA senior officials or offer fake names and badge numbers, and take an urgent, aggressive tone with the prospective victims. They threaten the users that they will be sent to prison if a fine is not paid. Scammers pressure potential victims to pay via wire transfer or gift cards. However, users should know that DEA never contacts the public by phone to demand money or any other form of payment.

Related Threat Briefings