Cyware Daily Threat Intelligence August 23, 2018

Top Malware Reported in the Last 24 Hours
BackSwap malware
The BackSwap banking malware has recently been observed targeting banks in Poland. The malware first appeared in March and has previously targeted Spanish banks. BackSwap Trojan primarily relies on web injection. The malware is capable of bypassing browser protections as well as the targeted bank's third-party security protocols. The malware also allows attackers to conduct man-in-the-browser (MITB) attacks to execute malicious scripts that alter what appears on the targeted bank's website.

Triout malware
A new Android malware called Triout has been discovered. Triout contains spyware capabilities and can surreptitiously capture photos, record videos, and phone calls. The spyware can also track victims' location and log text messages. The malware's spying capabilities can also be bundled into benign apps, which hints that it may be used as part of a cyberespionage campaign.

Top Vulnerabilities Reported in the Last 24 Hours
Open SSH bug
A critical vulnerability has been discovered in all versions of OpenSSH. The flaw affects every version of OpenSSH ever released since 1999 when the application was first released. The flaw allows attackers the ability to guess the usernames registered on an OpenSSH server. Essentially, attackers could exploit the bug to authenticate on an OpenSSH endpoint via a malformed authentication request. The vulnerability has been patched. Users are advised to update to the latest version. If patches cannot be installed, users are advised to disable OpenSSH's "public key authentication" method, which is where the vulnerable code resides.

Airmail 3 flaws
Airmail 3 for MacOS contains security loopholes that could allow attackers to pilfer files using plug-ins or by sending malicious emails. Airmail 3 stores data in easy-to-guess paths, which could be exploited to extract files. Hackers could bypass HTML plug-ins, which in turn, could steal data in the form of attachments. Airmail has issued a patch to fix the bug. Users are advised to update to the latest version of Airmail.

Top Breaches Reported in the Last 24 Hours
Sitter app breach
Popular babysitting app Sitter, which connects babysitters with parents, inadvertently exposed around 2GB of user data. The data exposure was caused due to an unsecured MongoDB database, which was left open to the internet. The personal information of around 93,000 users is believed to have been leaked due to the breach. The exposed data included information such as encrypted passwords, the number of children per family, user home addresses, phone numbers, user’s address book contacts, and partial payment card numbers. Sitter has notified the affected users about the breach.

Dark web data sales
Stolen credentials of customers of popular streaming services like Netflix, Hulu and HBO GO have been discovered on the dark web. Security researchers discovered 854 listings of stolen credentials being sold by 69 unique dark web vendors across over 15 dark web marketplaces. The stolen credentials were made available for an average one-time price of $8.81. some dark web sellers also offered bundles of credentials for several services at higher prices. Users are advised to change their account passwords.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.