Cyware Daily Threat Intelligence April 23, 2018

Top Vulnerabilities Reported in the Last 24 Hours
Vulnerabilities in APC UPS
Several security vulnerabilities have been discovered in management cards for APC by Schneider Electric hardware. One of the vulnerabilities (CVE-2018-7243) is found in the built-in web server (port 80/443/TCP) and allows a remote attacker to bypass the authentication system. Users are advised to replace vulnerable management cards with NMC kit G5K9635CH on the Galaxy 5000, Galaxy 6000, and Galaxy 9000 to stay safe.

Patches for SAML implementation bug
Cisco released security patches addressing the SAML implementation bug found in its SAML Single sign-on (SSO) authentication for Cisco’s ASA, Firepower, and Any Connect software. The flaw (CVE-2018-0229) exists due to the absence of any defense mechanism for the ASA and FTD software. A successful exploit could allow the attacker to hijack a valid authentication token.

IE zero-day exploited
A Windows zero-day vulnerability was spotted by security researchers from Chinese AV maker Qihoo 360, in the Internet Explorer kernel code. This zero-day uses a so-called ‘double-kill’ vulnerability in order to infect victim's systems with malware.

Top Breaches Reported in the Last 24 Hours
Cyber attack on Careem
Careen, the popular ride-sharing service in Dubai, was recently attacked by hackers resulting in a data breach incident. Personal information of about 14 million people in the Middle East, North Africa, Pakistan, and Turkey was stolen. On the brighter side, there's no evidence of password or credit card numbers of the users being stolen. No fraud activity using the stolen information has been registered yet.

Chinese hackers target Japanese defense companies
Japanese defense firms are being targeted in order to steal information on Tokyo’s policy toward resolving the North Korean nuclear impasse. Security experts believe that a China-based espionage group, APT 10 is behind these attacks. The group has historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan.

Database of 10,000 medics exposed
Health Stream, a US healthcare company, has supposedly exposed contact information for roughly 10,000 medical professionals on the public internet. The website is currently inaccessible. Even though the records were taken offline, leaked data is still available in different online caches.

Top Scams Reported in the Last 24 Hours
Fake gift messages on WhatsApp
The Communications and Information Technology Commission (CITC) in Saudi Arabia is warning all WhatsApp users to stay safe from a new scam spreading via WhatsApp messages. The messages contain malicious links and attachments, clicking on which will result in victims losing access to their accounts. Using these accounts, scammers trick the victim's friends and family members into buying online gift cards.

Chinese speakers in the US are being targetted
The Federal Trade Commission issued warning regarding a phone scam targeting Chinese speakers in the US. Users are receiving phone calls, claiming to be from the Chinese consulate, requesting them to pick up packages from or provide data. Users are urged not to disclose any personal data like banking, credit card, or Social Security information to anyone who calls up.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.