Cyware Daily Threat Intelligence December 7, 2018

Top Breaches Reported in the Last 24 Hours

Cloud data leak
An unsecured MongoDB server exposed data belonging to more than 66 million users. The exposed data included people’s names, emails, location details, skills, employment history. Experts believe that this data may have been scrapped from LinkedIn. The unprotected MongoDB database could be accessed by anyone without authentication. The exposed data could be used by attackers to conduct phishing attacks and identity scams. Fortunately, the exposed database is no longer online and the scraped data is uploaded to the HaveIBeenPwned service.

Cyber attack on Genomics England
Foreign hackers have attempted to access the genetic blueprints of thousands of NHS patients. Genomics England, established by the UK Department of Health, suffered multiple cyber attacks on its flagship project —Genomes England Project. All data is believed to be safe as individual data is not released. Instead, de-identified data is analyzed by research users within a monitored environment. Till date, none of the well-known viral attacks have succeeded in causing any dysfunction in Genomics England, claims the project.

Top Malware Reported in the Last 24 Hours

Azorult
The Azorult data-stealing malware is back in action. A new variant, which uses advanced obfuscation techniques, was recently discovered. This variant steals information from more number of cryptocurrency wallets and software compared to previous variants of Azorult. The attacker can also control the infected system remotely. The new Azorult variant uses API flooding, control flow flattening & process hollowing techniques to evade detection. The malware is being propagated via the Fallout exploit kit. 

Linux malware
21 new Linux malware families that operate in the same manner as trojanized versions of the OpenSSH client, were recently discovered. 18 out of the 21 families have a credential-stealing feature, making it possible to steal passwords and/or keys. 17 out of the 21 families featured a backdoor mode, allowing the attacker a stealthy and persistent way to connect back to the compromised machine. Meanwhile, 12 of the 21 malware variants were previously undocumented. 

Top Vulnerabilities Reported in the Last 24 Hours

PolicyKit bugs
A bug was discovered in PoliyKit. The vulnerability allows low-privileged user accounts on most Linux operating systems to execute any systemctl command. The vulnerability affects PolicyKit version 0.115, which comes pre-installed on most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS. The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX. If a user is able to create an account on affected Linux systems with any UID greater than INT_MAX value, the PolicyKit component allows him/her to execute any systemctl command successfully.

Android flaws
Google issued out patches for over 50 vulnerabilities in the latest Android Security Bulletin. Several critical and high severity bugs have been addressed. The update includes a large number of functional patches. The update also addresses performance, memory, audio, and camera related functionality of Google devices.

Top Scams Reported in the Last 24 Hours

Tax scam
A tax refund phishing scam is making the rounds across Ireland. The phishing scam could allow criminals to access financial information from unwitting victims and exploit them directly or by engineering other scams. The scammers were spotted sending out emails that pose as coming from the Revenue department. The phishing emails contain a link that when clicked takes the victim to a credible-looking fake Irish tax and customs page. The site asks users for the name on their credit or debit card, and the funds currently available on it. Experts are advising users to delete the email without clicking on any links and mark it as spam.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.