Go to listing page

Cyware Daily Threat Intelligence, February 19, 2021

Cyware Daily Threat Intelligence, February 19, 2021

Share Blog Post

Ransomware attacks have become a cold reality. Cybercriminals attack private and public sector organizations and as a consequence, government agencies come up with warnings and mitigations. It’s a vicious cycle. Following the ransomware attack on AFTS that affected cities and agencies in California and Washington, the California DMV warned its people about a potential data breach.

Gamblers are addicted to betting and risking their lives by putting valuable assets at stake. But, what do they do when their personal data and assets are stolen from the gambling community and dumped on a hacker forum? Sensitive data of more than 257,000 gamblers were sold on a popular hacker forum in exchange for a payment in bitcoins.

Meanwhile, new exploit details emerged about a zero-day vulnerability in Microsoft’s Internet Explorer that can be triggered through a malicious website or an ad. When you look for logic bugs, but end up discovering a stored XSS vulnerability, and get paid for it, it’s called serendipity! In an attempt to find issues on Apple’s iCloud.com, a bug bounty hunter reported an XSS flaw and was rewarded by the company. 

Top Breaches Reported in the Last 24 Hours

Ransomware hits AFTS
The Cuba gang targeted the payment processor Automatic Funds Transfer Services (AFTS) in a ransomware attack that impacted numerous cities and agencies within Washington and California. The hackers have allegedly stolen unencrypted AFTS files and started selling them on their data leak site. Following the attack, California’s Department of Motor Vehicles (DMV) has started warning about a potential data breach.

Travelers’ data exposed
Due to an unprotected cloud storage server, a Jamaican website, JamCOVID19, exposed immigration records and COVID-19 test results of thousands of travelers, mostly Americans. The website was built to publish daily COVID-19-related updates and pre-approve travel applications to Jamaica during the pandemic.

Gamblers’ data for sale
A user was found selling sensitive data of over 257,000 gamblers from a Lithuanian online betting service Olybet[.]lt on a popular hacker forum. The login details of 257,510 gambler accounts are being sold for $100 in bitcoin whereas five copies of another archive containing personal data such as passports, credit card details, and ID card scans of more than a quarter-million users are priced at $1,500 in bitcoin.

Hackers exploit instant quotes
The New York State Department of Financial Services issued an alert against hackers targeting flaws in websites offering instant quotes. The attackers are specifically targeting websites providing auto insurance rates to steal driver’s license numbers and other PII.

Top Malware Reported in the Last 24 Hours

Advisory against AppleJeus
A joint advisory by the FBI, CISA, and Department of Treasury highlighted the cyber threat to cryptocurrency posed by North Korea and provided mitigations. The agencies assess that North Korean APT group Lazarus is targeting individuals, cryptocurrency exchanges, and financial service companies with AppleJeus, a cryptocurrency malware.

Attackers abuse Google Apps Script
Hackers are abusing Google’s business application development platform, Apps Script, to steal credit card details submitted by customers while shopping online on e-commerce websites. By using the script.google.com domain, the hackers could successfully conceal their malicious activity and bypass CSP controls.

Top Vulnerabilities Reported in the Last 24 Hours

New details for IE zero-day bug
New exploit details have been discovered about an unpatched bug in Microsoft’s Internet Explorer that was recently leveraged in a campaign against security researchers. The IE zero-day vulnerability can be triggered through a malicious website or an ad, resulting in data theft and code execution.

iCloud XSS flaw 
Reportedly, a bug bounty hunter has earned $5,000 from Apple for identifying a stored cross-site scripting (XSS) flaw on Apple’s iCloud.com. In his attempt to find insecure direct object reference (IDOR), cross-site request forgery (CSRF), logic bugs, and other issues on icloud.com, the researcher ended up discovering a stored XSS vulnerability.


 Tags

jamcovid19 website
icloudcom
applejeus
instant quote websites
internet explorer vulnerability
automatic funds transfer services afts
olybet

Posted on: February 19, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.