Go to listing page

Cyware Daily Threat Intelligence, August 21, 2019

Cyware Daily Threat Intelligence, August 21, 2019

Share Blog Post

Another day, another new attempt of BEC scam. After the City of Saskatoon, Collier County has fallen victim to a BEC attack. This has resulted in a loss of $184,000. The scammers impersonated the Quality Enterprises USA Inc. to trick the officials of the county.

The past 24 hours also saw a new activity-related to web card skimming attack. The attackers behind the attack exploited an outdated Drupal module of the Poker Tracker website in order to inject Magecart script code and steal customers’ payment card details. 

A new ransomware family dubbed Syrk has been found targeting users of Fortnite game. The ransomware, which draws it source code from Hidden-Cry malware, appends the encrypted files on victims’ machines with .syrk extension. 

Top Breaches Reported in the Last 24 Hours

MoviePass exposes customers’ data
The popular movie-ticket subscription service, MoviePass has suffered a data breach due to a misconfigured database. The database contained some 161 million personal credit card details and over 50,000 customers’ card numbers related to MoviePass. The exposed records included details such as debit card numbers, expiry date, customer card balance, and their card activation date.

PayID records exposed
Australia’s New Payment Platform (NPP) has confirmed that PayID records and associated data in the Addressing Service were exposed due to a security flaw. The flaw existed at one of the financial institutions sponsored by Cuscal Limited. The exposed PayID records included PayID names and the associated account numbers.

Update on Pearson data breach
New details related to the Pearson data breach has emerged lately. It was found that Fargo Public schools and Rome City District school were also affected by the incident. The incident has compromised Fargo Public school students’ names, dates of birth, and student ID numbers. On the other hand, the Rome City District school had the personal data of its student compromised who attended the school between 2013 and 2014.

Top Malware Reported in the Last 24 Hours

Syrk ransomware 
A newly discovered ransomware called Syrk has been found targeting users of the Fortnite game in an attempt to monetize the attacks. The ransomware, once executed, encrypts files on victims’ machines and appends them with .syrk extension. The malware draws its source code from the open-source Hidden-Cry malware.

Malicious versions of Ruby libraries
Maintainers of the RubyGems have uncovered 18 malicious versions of 11 Ruby libraries that contain a backdoor mechanism. These malicious versions can be used to inject code on a victim’s machine for mining cryptocurrency. It has been found that these malicious library versions have amassed 3,584 downloads before being removed from RubyGems.

New card skimming activity detected
A new instance of web-based card skimming activity targeting Poker Tracker website has been detected. The attackers behind the attack have loaded a Magecart script code to steal payment information from poker players. The script is loaded on checkout pages of the website. The compromise was possible because the website was running an outdated version of Drupal. 

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Sphinx web servers
Attackers can take advantage of misconfigured Sphinx web servers to access, alter or remove data in the database. The issue exists in the server’s default settings. This can allow attackers to listen to the server on ports 9306/TCP and 9312/TCP. Thus, admins are advised to update the server with the current version of Sphinx. 

Microsoft updates its security advisory
Microsoft has updated its security advisory of an information disclosure vulnerability that previously impacted only Windows Remote Desktop Protocol clients. Now it has been found that the bug also affects the Microsoft Remote Desktop for Android app. The vulnerability is tracked as CVE-2019-1108 and has been rated as ‘Important.’

Vulnerable Kubernetes system
Two high severity vulnerabilities impacting all versions of the Kubernetes open-source system can allow an unauthorized attacker to launch a DoS attack. The two vulnerabilities are tracked as CVE-2019-9512 and CVE-2019-9514. Both have a score of 7.5 on the CVSS scale. Kubernetes has released patches to address the vulnerabilities. 
Top Scams Reported in the Last 24 Hours

Collier County falls to a scam
Collier County has disclosed that it has lost $184,000 to scammers in a phishing scheme. The scammers leveraged the BEC attack to trick the officials into transferring the amount to a bank account fraudulently represented as belonging to Quality Enterprises USA Inc. The amount was later recovered from insurance carriers and paid back to the organization. 


collier county
ruby libraries
payid records
syrk ransomware
kubernetes system

Posted on: August 21, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.