Cyware Daily Threat Intelligence February 15, 2019

A new batch of 127 million user records, originating from eight companies, has been put for sale on Dream Market forum. The individual involved in the selling of this data goes by the name of Gnosticplayers. The eight companies that have been breached are Ge.tt, Ixigo, Roll20.net, Houzz, Coinmama, Younow, StrongHoldKingdoms and Petflow. 

A China-based company named SenseNets has exposed the personal information of 2,565,724 users. The data leak occurred due to an unsecured MongoDB database that was left exposed online without authentication. The data leaked in the incident includes users' names, ID card numbers, ID card issue dates, nationality, home addresses, dates of birth and photos. 

Dating app Coffee Meets Bagel has suffered a data breach, resulting in the compromise of personal data of 6 million users. The breach occurred after hackers gained unauthorized access to its network. The compromised information includes only names and email addresses shared with the app before May 2018. 

Security researchers have come across a new variant of Shlayer trojan. It is capable of escalating privileges and disabling the Gatekeeper protection mechanism to run unsigned second-stage payloads. The malware affects all macOS versions from 10.10.5 to 10.14.3. It is distributed via fake update pop-ups. Most of the samples of this new Shlayer variant are propagated in the form of DMG files. However, there are few samples that are delivered in PKG, ISO, and ZIP files. 

The Mealybug threat actor group has enhanced the capabilities of Emotet trojan. They are distributing the trojan into different ways: First, via a URL hosted on attacker-controlled infrastructure; Second, as an email attachment. Once launched, the malware connects to a list of URLs - that connects to the attackers' C2 servers - to receive further instructions.

A critical flaw in the OKCupid dating app that can allow attackers to steal credentials or launch man-in-the-middle attacks, has been discovered by security experts. The flaw exists in the WebView feature of the dating app. By exploiting the flaw, the attackers can even gain access to a user's email address, date of birth, country, and ZIP code.

In its February 2019 Patch Tuesday, Microsoft has released security patches for more than 70 vulnerabilities discovered across its multiple products. The patches include fixes for a zero-day Internet Explorer vulnerability and a PrviExchange flaw in Exchange Server. Out of 74 vulnerabilities, 20 have been marked as critical. Users are urged to apply the Microsoft Patch Tuesday update immediately. 

A collection of security patches was released by SAP to address 13 flaws in its products. One of the patches released is for a Hot News flaw in SAP HANA Extended Application Services (XSA). The flaw affects XS Advanced selected versions in SAP HANA 1 and HANA 2.