Go to listing page

Cyware Daily Threat Intelligence, April 10, 2019

Cyware Daily Threat Intelligence, April 10, 2019

Share Blog Post

Critical patch updates and security advisories are crucial as they tend to make vulnerable devices or products more secure and resilient against cyber attacks. Lately, Microsoft and Adobe have released a pool of security patches as a part of their Patch Tuesday updates for April 2019. While Microsoft has issued security updates to fix a total of 74 flaws across a wide range of its products, Adobe has addressed 43 vulnerabilities affecting its eight products. The updates released by Microsoft also include patches for two actively exploited zero-day privilege escalation flaws that exist in the Win32k component of the Windows operating system.

Threat actors, on the other hand, continue to perpetrate large scale attacks. In a recent investigation, a team of researchers has uncovered that several multinational firms spread in different parts of the globe is affected by a massive credential dumping campaign. The attackers behind the campaign are using malicious scripts to automate attacks on misconfigured servers. In another major attack campaign, a total of 189 Australian banks and cryptocurrency exchanges have been found to be targeted by a malware called Gustuff in an attempt to steal credentials from users.  

Top Breaches Reported in the Last 24 Hours

Minnesota state agency breach
Minnesota Department of Human Services officials has revealed that a data breach at the agency may have exposed the personal information of about 11,000 people. The incident occurred in March 2018 after hackers gained unauthorized access to an employee’s email account. The agency has no evidence if the personal information contained in the hacked email account was only viewed, downloaded or misused in any way. 

Baystate Medical Center data breach
Baystate Medical Center reportedly has suffered a data breach between Feb 7 and March 7, 2018. This might have impacted about 12,000 patients. Although no medical record database was affected by the breach, the firm says that the hackers may have stolen personal information of patients. This includes patients’ names, birth dates, health information, and Social Security numbers.

New Genesis market sells digital fingerprints
Security researchers have uncovered a new cybercrime marketplace known as Genesis that is being used by cybercriminals to sell digital fingerprints of over 60,000 users. Genesis was first launched in the fall of 2018, as a forum to sell stolen payment card details. However, lately, the cybercrooks have expanded the potential of the market and are selling credentials along with victims’ online behavior footprints. The price of a stolen legitimate digital identity on the market is anywhere between $5 and $200. 

Top Malware Reported in the Last 24 Hours

Credential dumping campaign
Researchers at IBM X-Force have come across a massive credential dumping campaign that targets multinational corporations in various sectors. The attack is carried out by injecting malicious scripts into misconfigured servers. This enables the attackers to exfiltrate sensitive corporate credentials from infected networks. Apart from credential theft, the attackers are also leveraging the campaign to mine cryptocurrencies.

Gustuff android trojan
Cisco’s Talos Intelligence is warning Australian consumers and businesses about the Android malware named Gustuff. The trojan has targeted a total of 189 Australian financial services organizations in an attempt to harvest credentials from Australian users. The malware is distributed via SMSes bearing dodgy links.

Dissecting Triton’s notorious activity
FireEye researchers have provided an extensive report on the Triton attack that was carried out against a Russian-owned technical research institute. The malware operators had leveraged a customized hacking tool, SecHack and a publicly available tool, Mimikatz for credential harvesting. Based on the analysis of the actors’ custom intrusion tool, it is found that the group has been in operation since as early as 2014.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 74 bugs
Microsoft has released a series of security patches as a part of its Patch Tuesday for April 2019. The patches include fixes for bugs in Win32K component, Office, Exchange server, Edge, Graphics component, Windows, Scripting Engine and Database Engine. This is the second time in a row that the firm has patched two zero-day flaws after patching two similar issues last month.

Adobe patches 43 flaws
Adobe has issued security updates for 43 flaws across eight of its products. The vulnerabilities affected Acrobat and Reader, Flash Player, Shockwave Player, Dreamweaver, XD, InDesign, Experience Manager Forms and Bridge CC products. 21 of these bugs existed in Adobe’s Acrobat & Reader, while eight were found in the Bridge CC digital asset management app.    

A flaw in Verizon Fios Quantum Gateway
A critical vulnerability has been discovered in Verizon Fios Quantum Gateway. The flaw has been discovered alongside a login replay and password salt disclosure vulnerability. It can allow attackers to gain root level access to infected devices. Users are urged to update their router to version to address the issue.

Top Scams Reported in the Last 24 Hours

New wire fraud scam
KVC Health Systems has fallen victim to a new type of wire fraud scam. The scam is conducted via phishing emails with an aim to re-route employees’ paycheck. In order to make it less suspicious, these phishing emails appear to come from the CEO, CFO or payroll director of the company and are usually well-written with negligible grammar mistakes. In the email, the scammers try to convince the human resource personnel to change the bank account of the target employee in order to have his paychecks directly deposited in their account.

WhatsApp scam
More than 150 users in Hong Kong have been duped of $340,000 in different WhatsApp scams in the first quarter of 2019. Fraudsters were found devising new methods to trick victims into transferring money or sending personal information to them. In one of the tactics, the victims were lured into making profits by buying false point cards for online games. 


whatsapp scam
triton malware
credential dumping
gustuff android trojan
wire fraud scam
genesis market

Posted on: April 10, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.