Go to listing page

Cyware Daily Threat Intelligence February 18, 2019

Cyware Daily Threat Intelligence February 18, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

91 million user records on sale
A hacker who goes by the name of Gnosticplayers has released the third set of databases on the Dream Market forum. The biggest victims in the current list are GfyCat, ClassPass and StreetEasy. A total of 91 million users records are available for sale in the third round of data breaches. The hacker is selling the data for 2.6 Bitcoin, or about $9,350. 

Ixigo data breach
Around 18 million user data belonging to Ixigo, the popular online travel aggregation platform, is up for sale on Dark Web. The stolen information mainly includes account holders’ names, email addresses and hashed passwords. The company claims that no payment card data or financial information has been stolen in the breach. 

An active phishing campaign
Security researchers have observed an active phishing campaign masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The spoofed portal is being hosted on a suspected compromised server used by a North Carolina-based dance studio group. The campaign is believed to be active since at least the beginning of February 2019.

Top Malware Reported in the Last 24 Hours

LUNAR SPIDER found distributing TrickBot
LUNAR SPIDER threat actor group has been spotted distributing WIZARD SPIDER's TrickBot trojan in a new attack campaign. The LUNAR SPIDER, who is known for creating BokBot malware, is using a custom variant of TrickBot trojan to perform credential theft and wire fraud. The custom variant has an embedded, Base64-encoded Portable Executable (PE) file. 

New macOS malware
A new strain of macOS malware that disguises as a Windows executable file (.EXE) to evade detection, has been discovered by security researchers. The malware infects the users in the United Kingdom, Australia, Armenia, Luxembourg, South Africa, and the United States. The .EXE file delivers a malicious payload that overrides Mac's built-in protection mechanism named Gatekeeper.  

FINRA warns about a phishing attack
Financial Industry Regulatory Authority (FINRA) has issued a notice, warning the brokerage firms about an ongoing phishing attack. The attack is found to have targeted multiple brokerage firms with malicious email spams. The email is found to come from a purported BSA-AML compliance officer of an Indiana-based credit union.

Top Vulnerabilities Reported in the Last 24 Hours

CSRF vulnerability
A white hat hacker has discovered a critical CSRF vulnerability on Facebook. It is believed that the flaw could have been leveraged to bypass CSRF protections and perform actions on a user’s behalf by tricking them into accessing a malicious URL. The flaw resides in the Facebook[.]com/comet/dialog_DONOTUSE/. The bug could have allowed malicious users to send requests with CSRF tokens to arbitrary endpoints on Facebook which could lead to victims’ account takeover. 

Spectre flaw exploitation
After analyzing the impact of the data-leaking Spectre vulnerabilities, Google security experts have come to the conclusion that software alone cannot prevent exploitations due to Spectre flaw. They have been able to exploit the Spectre flaws present in various CPU families, allowing attacker-supplied code running in a thread to read all memory in the same address space and steal data. They found that a malicious web page's JavaScript code executing in a web browser thread can potentially snoop on another web page's JavaScript running in another thread.


lunar spider threat group
spectre flaw
phishing campaign
wizard spider threat group

Posted on: February 18, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.