Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 16, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 16, 2018
Dating app breach
Security issues were found in a new dating app for Trump supporters called ‘Donald Daters’. An entire database of users’ data was leaked on the very first day of its launch. The simple misconfiguration flaws in the app allowed attackers to download the entire user database. The data was accessible from a public and exposed Firebase data repository, which was hardcoded in the app. One can be able to collect private data and the access tokens to log into their accounts. Now, it appears that the app’s developers had secured the database.
US voter registration database leaked
A widespread unauthorized information disclosure of the US voter registration database took place recently. An estimated 35 million US voter records from 19 states are found to be put up for sale. The compromised databases included PIIs, voting history, and other voting-related data.
iPhone VoiceOver bug
A passcode bypass flaw was seen in the Apple iOS VoiceOver feature that can be exploited to gain access to a victim’s photos. This flaw is present in the latest version of iOS 12. The very first step of the attack is when attackers call the victim’s phone by asking the Siri voice assistant to read out the number. When a call is made, the attacker taps on ‘Answer by SMS’ and selects the ‘personalize/custom’ button to send a word. At this point, Siri is asked to turn on the VoiceOver. A successful attack turns the device’s screen black. Restricted elements on the user interface can be accessed. The images can be stolen and sent to the attackers own mobile device.
Exploit chains modified to drop payloads
Cybercriminals are found modifying the known exploit chains to drop different payloads like Agent Tesla, Loki, and Gamarue. Multiple malware families are delivered via two public exploits from Microsoft Word flaws (CVE-2017-0199 and CVE-2017-11882). The modification allows the documents to download the malware and bypass any detections by AV solutions. The OLE Object header’s values are changed as well.
Facebook request scam
Scammers are found targeting Facebook users by luring the victims into clicking on ‘Like’ buttons. They are using Facebook to send the unsuspecting users to fraudulent dating sites. Victims are receiving requests from fake profiles which have followers and likes in excess of 6500. Various indecent videos are used as a lure to direct the victims into the malicious sites. Then, the users are instructed to enter their credit card numbers in order to proceed.
Hezbollah hacking operation
The Czech Security Intelligence Service (BIS) recently found and stopped servers used by the Hezbollah operatives to target and infect users around the world. In this new scam, the servers infected users by deploying mobile malware. Hezbollah agents were found using Facebook profiles for attractive women to trick targets into installing spyware-infected apps. After steering the conversation to increasingly sensual topics, the profiles would then ask the user to install a ‘more private and secure application’. Then, the scammers would get access to sensitive data of the victims.