Cyware Daily Threat Intelligence, April 22, 2019

See All
Data breaches due to misconfigured databases at healthcare centers are on a rise. Recently, ‘Steps To Recovery’, a rehab center, has exposed nearly 4.91 million sensitive documents due to an unprotected ElasticSearch database. It is believed the leaky database contained 1.45GB data belonging to roughly 146,316 patients. The information compromised in the incident includes patients’ birth dates, physical addresses, phone numbers and email addresses.

That’s not all. A security lapse has enabled a hacker to steal and post online over 4,800 sensitive records belonging to the Mexican embassy in Guatemala. The hacker had managed to steal the slew of records by compromising a vulnerable server of the agency. The stolen documents include photocopies of passports, visas, birth certificates and payment cards. The compromised records also contain information about diplomatic rights, privileges, medical expenses and other operational data of the staff.

The past 24 hours also saw a major security update for a rare vulnerability found in jQuery JavaScript library. The flaw is termed as ‘Prototype Pollution’ and can allow an attacker to modify a JavaScript object’s prototype.

Top Breaches Reported in the Last 24 Hours

Rehab center data leak
An unprotected ElasticSearch database has exposed 4.91 million sensitive documents belonging to ‘Steps To Recovery’ rehab center. The exposed information includes patients’ birthdates, physical addresses, phone numbers and email addresses. Roughly 146, 316 patients are estimated to be impacted by the data leak. The leaky database contained 1.45GB of data.

Mexican Embassy data leak
A hacker has posted online over 4,800 sensitive documents from the Mexican Embassy in Guatemala. The incident occurred after the hacker - who goes by the online name ‘@0x55Taylor’ - gained access to a vulnerable server of the agency. The leaked information includes photocopies of passports, visas, birth certificates and payment cards. It also contains information about diplomatic rights, privileges, medical expenses and other operational data of the staff.

EmCare suffers a data breach
A data breach at EmCare has exposed the personal information of about 60,000 individuals. The physician-staffing company revealed that it learned about the hack on February 19, 2019. The hackers had managed to pull it off by gaining unauthorized access to some employees’ email accounts. These emails contained email addresses of 60,000 individuals, out of which 30,000 are patients. Other information exposed in the breach includes names, birthdates, Social Security numbers and driver’s lincense numbers of patients.

Top Malware Reported in the Last 24 Hours

New macOS malware
Security researchers have discovered a new macOS sample of OceanLotus threat actor. The sample comes with two elements - BLOB and CAB - that enables the attackers to evade detection. The sample is delivered as a zip attachment within an email. The icon of the zip file is disguised to look like a PDF file. The subject line of the email reads, ‘Handbook of legal issues for human rights activists.’ Once the victims click on the file and begin reading the launched document, the dropper unpacks the real payload into C:\ProgramData\Microsoft Help. The dropper executable gets deleted after it drops the malware which manages to bypass UAC at the default level. The malware’s BLOB and CAB files are obfuscated using XOR algorithm.

Top Vulnerabilities Reported in the Last 24 Hours

Prototype Pollution flaw
jQuery team has released a security update to address a rare flaw in jQuery JavaScript library. The flaw is tracked as ‘Prototype Pollution’ and can allow an attacker to modify a JavaScript object’s prototype and launch several dangerous attacks. It can cause the applications to crash or be hijacked. Therefore, the web developers are urged to update their projects to the latest jQuery v3.4.0 version.

XXE injection vulnerability
A XML External Entity (XXE) injection vulnerability has been found in Microsoft Internet Explorer. The flaw can enable an attacker to steal confidential information or exfiltrate local files from the victim’s machine. The flaw works if a user opens a specially crafted .MHT file when interacting with the browser. Once the malicious .MHT file is opened on the IE, it automatically sends a GET request to the attacker’s server to download the malicious XML file. The malicious XML file contains details regarding the files specified for exfiltration, along with the uniform resource identifier (URI) of the attacker-controlled server.

Top Scams Reported in the Last 24 Hours

Fake donation scam
Scamsters are preying on the recent ‘Notre Dame’ tragedy to earn profits. They are leveraging multiple social engineering techniques to inform users worldwide about fake donation pages. These bad actors are using popular social media platforms, phishing emails and fake websites to amplify their fraud campaigns. In a majority of scams, the scammers are enticing targets to click on spam links that redirect to fraudulent donation websites. Therefore, the users are advised to review suggestions of crowdfunding sites before making any donation. This helps them identify if a site is legitimate or not. They should also be cautious of donation requests made by unfamiliar individuals or organizations through social media, email or phone.   




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, April 23, 2019
Next
Cyware Daily Threat Intelligence, April 19, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.