Go to listing page

Cyware Daily Threat Intelligence February 1, 2019

Cyware Daily Threat Intelligence February 1, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Apple iCloud breach
Apple iCloud is believed to have suffered a security breach last year due to a bug. The flaw exists in its platform and can allow anyone to view the partial data of other users having an account in the iCloud. This can be done only by knowing the target's phone number. Since the flaw was in a section of iCloud settings for iOS devices, it was silently patched by Apple team without releasing an iOS update. 

Massive DDoS attack
Imperva has mitigated a massive DDoS attack against one of its clients. Believed to be one of the largest DDoS attacks, the client faced traffic exceeding 500 million packets per second. In this attack, the attackers attempted to halt the operations by flooding the systems with malicious packets. The attack was launched using two tools — one for the flood of regular SYN traffic and the other for the large SYN attack. 

KWIK FIT hit by a virus
KWIK FIT has confirmed that its computer systems were hit by a virus. This disrupted the ability to book in vehicle repairs and handle other customer requests. While the firm is working on fixing the issue, it has been found that no financial data was compromised in the attack

Top Malware Reported in the Last 24 Hours

Matrix ransomware
A report on Matrix ransomware has revealed that attackers are leveraging weak RDP endpoints to infect their targets. In 2016, the ransomware was propagated via RIG exploit kit. Unlike the other ransomware families, Matrix only targets a single machine on the network rather than spreading widely across the network. 

Joanap botnet
The DOJ along with the help of FBI and the Air Force Office of Special Investigation is making an effort to take down the Joanap botnet. The DOJ publicly announced the operation on January 30, 2019. The botnet is operated by a North Korean hacking group which is active since 2009. 

A new cryptocurrency-stealing malware named CookieMiner has been found targeting Mac users. The malware targets prominent exchanges that include Binance, Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet. Apart from stealing cryptocurrency wallets, the malware is also capable of planting a cryptojacker onto the infected machine.

Top Vulnerabilities Reported in the Last 24 Hours

5G vulnerability
A new vulnerability has been discovered in the 5G communications protocol. The flaw could also affect the 3G and 4G protocols. The vulnerability impacts the AKA protocol (Authentication and Key Agreement), which establishes keys for encrypting the communications between the device and the network. It allows identifying previous victims who have moved out of the catcher coverage area, who later return to the area.

Vulnerabilities in Thunderbird
Four vulnerabilities have been discovered in Thunderbird 60.5. These flaws can be exploited to execute remote code on systems. The four vulnerabilities detected by researchers are a use-after-free vulnerability (CVE-2018-18500), a privilege escalation vulnerability (CVE-2018-18505), a memory corruption vulnerability (CVE-2018-18501) and CVE-2016-5824 that is capable of triggering DoS attacks.

Top Scams Reported in the Last 24 Hours

YouTube fraud ad scheme
Researchers have found that attackers are using TheMoon botnet to conduct a YouTube ad fraud scheme. An undocumented module designed in the botnet is transformed to the infected routers and IoT devices for proxying the traffic. The new module is only deployed on MIPS devices, a common microprocessor architecture typically found in residential gateways and modems. 

Calendar spam
A new type of spam known as 'Calendar spam' that uses fake calendar appointments has been observed by researchers. This type of spam provides attackers with multiple opportunities to annoy victims such as sending unwanted appointments. To get rid of the calendar spam, users need to first create a new calendar and then move the calendar spam entry to the new calendar. Finally, they need to delete the created calendar including the fake date.

Sextortion scam
United States Army Installation Fort Gordon has issued a warning about a sextortion scam that blackmails users for watching online adult films. The email uses an old password dump to trick users into believing that the hackers have broken into their webcam and recorded them while they watched the movies. The scammers demand payment to keep the recorded videos confidential.


calendar spam
joanap botnet
privilege escalation vulnerability
memory corruption vulnerability
matrix ransomware

Posted on: February 01, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.