Go to listing page

Cyware Daily Threat Intelligence, April 12, 2019

Cyware Daily Threat Intelligence, April 12, 2019

Share Blog Post

Data breach due to human error continues to be a major concern for many businesses. Recently, UK Home Office has come under fire after it accidentally leaked email addresses of  240 EU citizens seeking settled status in the UK as part of the ‘EU Settlement Scheme’ program. The incident occurred after a staff member forgot to mask the addresses of the applicants before sending the emails. As a result, all the recipients’ email addresses were included in the CC field instead of BCC.

Cyber attacks on two websites - VSDC and Matrix.org - were also reported in the past 24 hours. While the attack on VSDC was executed by inserting malware on the download links in the website, the Matrix.org was hacked by gaining unauthorized access to servers hosting Matrix.org. Around 1.3 million users are estimated to be affected by the attack on VSDC. The malware used in the hack, are tracked as Win32.Bolik.2 and Trojan.PWS.Stealer. Matrix, on the other hand, has pulled its main home server offline and has begun rebuilding its production infrastructure. The firm has advised its users to change their passwords as part of its security measure.    

Top Breaches Reported in the Last 24 Hours

UK Home Office leaks data
The UK Home Office has sent out an apology letter to 240 EU citizens for accidentally leaking their email addresses. The incident occurred due to an administrative error. The affected citizens were those who had placed a request under the ‘EU Settlement Scheme’ program. As part of the application process, the EU citizens had sent various details such as their proof of identities, proof of continuous residence and proof of relationship.

VSDC website hacked
The VSDC website has suffered a cyber attack again. This time, the hackers used the download links on the website to distribute a dangerous banking trojan and an info stealer. The two malware are Win32.Bolik.2 and Trojan.PWS.Stealer. Over 1.3 million users are estimated to be affected by the attack.   

Matrix.org hacked
Matrix.org, lately, has fallen victim to a cyberattack. This forced the organization to overhaul its entire production infrastructure and inform users of a widespread credentials leak. The incident occurred after an attacker gained unauthorized access to the servers hosting Matrix.org. This enabled the attacker to access the production databases, unencrypted message data, password hashes and access tokens. Upon discovery, the firm has pulled its home server offline.

City of Greenville infected with ransomware
A ransomware attack at the City of Greenville has resulted in the shut down of the City’s servers. The Public Information Officer of Greenville has confirmed the attack by revealing the name of the ransomware. Dubbed ‘Robinhood’, the ransomware spreads through malicious email attachments. The officials have notified the law enforcement agencies, National Guard, Strike Team, State IT and State Emergency Management about the attack.

Top Malware Reported in the Last 24 Hours

Uniden’s website serves Emotet
Cybercriminals have hacked the commercial security products website of Uniden to distribute variants of the infamous Emotet trojan. Researchers discovered that the cybercriminals were using the '/wp-admin/legale/' folder to store the malicious Word file. This file includes a macro that downloads the variants of Emotet. At least a dozen payloads related to Emotet have been identified on Uniden’s website.  

A new macOS malware sample
The prolific OceanLotus threat actor has been found using a new macOS malware sample to target Mac users. The new backdoor is the updated version of the OSX_OCEANLOTUS.D and is encrypted using AES-256-CBC CCCrypt function. The sample is packed with UPX in order to evade detection.

Analysis of a cyberattack that abused WinRAR flaw
Security researchers from 360 Total Security researchers have published a detail report of a cyber attack that used the 19-year-old WinRAR vulnerability to target organizations in the satellite and communication industry. The attack was conducted via a spear-phishing email purporting to be from the Ministry of Foreign Affairs of the Islamic Republic of Afghanistan. The email asked for resources, telecommunication services, and satellite maps.     

Top Vulnerabilities Reported in the Last 24 Hours

PoC released for a zero-day flaw in IE
A security researcher has published proof-of-concept for a zero-day flaw in Internet Explorer. The flaw can allow hackers to steal files and conduct remote reconnaissance on locally installed Program version on Windows systems. The vulnerability resides in the way Internet Explorer processes MHT files.    

A security flaw in Chrome version 73
A serious security flaw in Google Chrome version 73 is estimated to put at least a billion users at risk. While the firm has released a patch to address the bug in Chrome’s version 8 JavaScript Engine, a fix has not been developed for Chrome version 73. Until a fix is released, experts have provided a workaround. The vulnerability can be mitigated by disabling JavaScript execution via the Settings / Advanced settings / Privacy and security / Content settings menu.

Vulnerable VPN applications
A vulnerability has been identified in multiple Virtual Private Network (VPN) applications. Due to the bug, the applications are storing the session cookies insecurely in memory or log files. Dubbed as CWE-311, the flaw affects Palo Alto Networks GlobalProtect Agent, Pulse Secure Connect Secure, Cisco AnyConnect.

Top Scams Reported in the Last 24 Hours

Extortion Scam
ESET has recorded a new wave of extortion scam. The attackers in the email mention that the recipient's device has been hacked and claim to have an inappropriate video of the person while watching pornographic content. In order to conceal the compromising material, the attackers demand a ransom of around 0.43-.0.44 Bitcoin. The victim is directed to pay within 48 hours of opening the email.  

SIM swap fraud
Kaspersky Labs researchers have uncovered a large-scale SIM swap fraud targeting Brazilian and Mozambique users. The fraudsters are using social engineering, bribery and simple phishing attacks to steal money from victims. The scam begins with a fraudster collecting all information about the victim by using various sources. This includes phishing emails, buying information from organized crime groups and obtaining information following data leaks.


sim swap fraud
extortion scam
emotet trojan
vpn applications
uk home office

Posted on: April 12, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.