Cyware Daily Threat Intelligence, August 13, 2019

See All
Multiple security issues affecting 4G routers manufactured by different vendors have come to light in the past 24 hours. The vulnerabilities affect ZTE’s MF910 and MF65+ routers, Netgear’s Nighthawk M1 Mobile router, and TP-LINK's M7350 4G LTE router. The flaws can be exploited by malicious actors to steal user data and launch command execution attacks. 

In malware, the notorious Troldesh ransomware has evolved to use PHP files of compromised websites for propagation. Earlier, the malware was distributed via phishing emails or social media posts. Security researchers have also come across a new wave of phishing attacks against the hotel industry in North America. The attackers leveraging these attacks to distribute NetWiredRC trojan.  

The past 24 hours also saw the emergence of a new scammer group called Curious Orca. The group has been found using unsolicited blank emails to create a list of target employees for launching BEC attacks. The emails are sent with the subject line ‘i’ to target the victims.

Top Breaches Reported in the Last 24 Hours

Sweet Chat affects over 10 million users
A China-based Android app, Sweet Chat, has exposed chats and private photos of over 10 million users due to an unprotected server. The information can be viewed online using common MQTT related tools. The developer of the app, uFotoSoft has implemented a temporary fix to address the issue. 

Charleston County data breach
Charleston County has accidentally exposed the personal details of its 824 employees after an employee from the Human Resource department shared a list with a former employee. The list included data such as names, birth dates, gender, salary, social security numbers and hiring dates of former and current employees. County has informed the sheriff's office about the matter.

Bismarck Public schools data breach
Personal information of about 18,500 current and former students of Bismarck Public Schools have been exposed in a data breach. It is a part of the data breach that occurred due to Pearson Clinical Assessment's software called AIMSweb 1.0. The breach is believed to have occurred in November 2018.    
 
Top Malware Reported in the Last 24 Hours

Phishing attacks target hotel industry
A series of phishing email attacks that target the hotel industry in North America has been observed by security researchers. The purpose of the attacks is to infect the target company with NetWiredRC trojan which is capable of stealing system information and login credentials. 

Troldesh ransomware
A new variant of Troldesh ransomware has been found using PHP files of compromised websites to infect victims’ systems. Earlier, it used malicious emails and social media posts for propagation. Once a victim visits the compromised website, a JScript file is downloaded to victims’ computers. This malicious file acts as a dropper from Troldesh ransomware.   

Cerberus RAT
A new Android trojan dubbed Cerberus has emerged recently. The malware allows a remote attacker to take total control over the infected Android devices. It’s capabilities include harvesting contact list and messages.   

Phishing attack through WhatsApp
An unnamed Turkish hacker group has launched a massive phishing attack on Instagram. The attack is conducted through a phishing link sent on WhatsApp. The link takes the visitors to a fake Instagram login page, asking them to provide their username and password. The purpose of the attack is to take control of victims’ accounts to perform other malicious activities.  
 
Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable BACnet data communication protocol
A zero-day vulnerability found in BACnet data communication protocol can be exploited by hackers to take control of a building control system. The vulnerability has been tracked as CVE-2019-9569 and is a buffer overflow that leads to remote code execution if properly exploited.   

Vulnerable 4G routers
Multiple vulnerabilities have been discovered in several 4G routers manufactured by several companies. The affected products are ZTE’s MF910 and MF65+ routers, Netgear’s Nighthawk M1 Mobile router, and TP-LINK's M7350 4G LTE router. The bugs can expose users to information leaks and command execution attacks.    

Vulnerable dating apps affect 10 million users
Four popular dating apps - 3Fun, Grindr, Romeo, and Recon - have been found to contain security flaws that could allow attackers to collect GPS locations of users. The issues may impact up to 10 million users globally. Apart from GPS data, the vulnerabilities in the apps could be exploited to collect users’ birth dates, pictures and chat data.  

Warning issued for BlueKeep
The Australian Cyber Security Center (ACSC) has issued a warning related to BlueKeep vulnerability. The vulnerability is believed to have affected some 50,000 Windows devices in Australia. The flaw can allow attackers to steal or modify data, install malware and conduct other malicious activities. 
 
Top Scams Reported in the Last 24 Hours

Curious Orca scammer group
A newly discovered scammer group from Nigeria has been observed using unsolicited blank emails to validate the identity of targets before launching BEC attacks. As a part of the attack chain, the crooks dubbed as Curious Orca are first creating a  raw list of employees they can target. For this, they are sending blank emails with the subject line ‘i’ to the target which includes the CEO, CFO and other higher authorities of an organization. The group’s purpose is to trick one or more employees into wiring money to their accounts. 

Mystery shopper job scam
Scammers are conning users and stealing money from them in a new mystery shopper job scam. The scam involves scammers sending fake checks and asking users to purchase gift cards such as iTunes cards. The victims believe the checks to be real and purchase the gift cards to send a picture of the same to the scammers.     




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 14, 2019
Next
Cyware Daily Threat Intelligence, August 12, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.