Cyware Daily Threat Intelligence, December 11, 2019

See All
Security patches are crucial as they tend to make vulnerable devices and software more secure and resilient against cyber attacks. In the latest release of Patch Tuesday update, Microsoft, Adobe, and Intel have released a series of security patches to address several critical vulnerabilities found across their products. While Microsoft addressed a total of 36 security flaws affecting its Graphics Component, Office, and Visual Studio, Adobe had issued security patches for 17 flaws found in Photoshop, Reader, Brackets, and ColdFusion. Meanwhile, Intel had patched a total of 14 vulnerabilities, out of which one flaw resulted in the new Plundervolt attack. The flaw exists in Intel’s Software Guard Extensions (SGX).

In a major data leak revealed by researchers, it has been found that attackers had recently listed more than 460,000 payment card details for sale on the notorious Joker’s Stash marketplace. The stolen payment cards were issued by Turkish banks and were available in four databases. Each card was priced at $3 on the forum and included information like card number, expiration date, CVV number, and cardholder name.

Top Breaches Reported in the Last 24 Hours

Over 460K payment cards on sale
More than 460,000 Turkish payment cards were offered for sale on October 28 and November 27 on the popular Joker’s Stash marketplace. The cards were available in four databases, each containing 30,000 cards. Each card was offered at a price of $3 on the dark web forum. 85% to 90% of the compromised cards were valid and came with CVV numbers.

Iran banks leak data
Details of 15 million bank debit cards in Iran were published on social media last month in a massive data breach. The breach targeted customers of Iran’s three largest banks - Mellat, Tejarat and Sarmayeh. The number of affected accounts is close to a fifth of the country’s population. None of the three banks have issued public statements acknowledging the breach.

The city of Pascagoula attacked
The City of Pascagoula in Missippi is recovering from a ransomware attack that compromised the city’s computer system and resulted in the shut down of some phone lines. The city was infected with a malware payload from a third-party contractor connected to the city’s infrastructure.

Leaky Amazon S3 bucket
An unprotected Amazon S3 storage bucket belonging to iPR Software had exposed information on thousands of users. The compromised data included 477,000 email addresses and hashed passwords for around 35,000 of them. The bucket also contained business entity account information, documents, and administrative credentials. Upon discovery, the exposed bucket was secured on November 26.

Top Malware Reported in the Last 24 Hours

Hijacking Microsoft accounts
Attackers are now using Microsoft Office 365 OAuth apps to hijack a recipient’s account. The attack involves recipients receiving phishing emails that pretend to be shared OneDrive or SharePoint files that contain a link to the shared document. This link actually redirects the victim to a legitimate Microsoft URL that is used to display permission requests for OAuth apps. Once a user logs in, they will be shown a ‘Permission requested’ dialog for the ‘O365 Access’ app. It asks the user to allow the app to have permission to various data and actions on the user’s account.

Magecart fraud attack
Hundreds of fraudulent sites selling fake branded shoes have been found to be infected with web skimmer malware. This not only disappointed the shoppers with faux merchandise but also resulted in the loss of personal and financial data.

Top Vulnerabilities Reported in the Last 24 Hours

Intel patches Plundervolt and other issues
Intel has addressed 14 security vulnerabilities as a part of December 2019 Patch Tuesday. Seven of them had high and medium severity and impacted multiple platforms including Windows and Linux. The security update also includes a patch for a newly discovered Pulndervolt attack that abuses the CVE-2019-1157 vulnerability in the Intel Software Guard eXtensions (SGX).

Microsoft patches 36 flaws
Microsoft has released 2 advisories and updates for 36 vulnerabilities. Of these, 7 are classified as Critical, 27 as Important, 1 as Moderate, and 1 as Low. One of the ‘Important’ vulnerabilities fixed includes a zero-day privilege escalation vulnerability.

Adobe patches 17 flaws
Adobe has issued security patches for 17 critical vulnerabilities found in Photoshop, Reader, Brackets, and ColdFusion. The vulnerabilities could be exploited to trigger arbitrary code execution. The biggest batch of security updates revolves around Adobe Acrobat and Reader versions 2015, 2017, and DC.

AirDrop bug fixed
Apple has fixed a bug found in AirDrop in iOS version 13.3. The bug allows users to share files repeatedly between iOS devices that are within the wireless range. The issue has been mitigated by adding a rate-limit that prevents a barrage of requests over a short period of time. 
Amazon fixes issue
Multiple flaws in Amazon’s Blink XT2 cameras have been fixed recently. The vulnerabilities could be exploited by a friend or contractor to spy on the owner. The flaws can also lead to a MitM attack.

Top Scams Reported in the Last 24 Hours

Fake Bitcoin scam
Five men from BitClub Network are accused of a $72 million scam which lured victims to make an investment in a pool of bitcoin mining equipment. For this, the unsuspecting victim was invited to send BitClub Network cash, which would allow the company to buy mining equipment. The company also allegedly gave rewards to existing investors for introducing others to the circle. The scheme had begun in 2014 and continued until earlier this month.

See Our Products In Action

  • Share this blog:
Cyware Daily Threat Intelligence, December 12, 2019
Cyware Daily Threat Intelligence, December 10, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.