Cyware Daily Threat Intelligence February 22, 2019

An unsecured MongoDB database has leaked the personal details of nearly half a million Indian citizens on the internet. The database named 'GNCTD' contained around 4.1 GB of data including citizens' Aadhaar numbers and voter ID numbers. The leaky database also contained data related to EB Users, households, registered users and other individuals. The table related to registered users included email addresses, hashed passwords, and usernames for admin access.

Car maker Toyota has suffered a cyber attack in Australia. As a result of the attack, the employees have lost access to cloud-based information. Some of the employees even lost access to their emails. The attempted cyber attack has impacted Toyota Australia's operations countrywide. The car maker has notified the law enforcement agencies about the attack.

A cyber attack at Cabrini Hospital in Melbourne has resulted in the loss of medical records of about 15,000 patients. The Melbourne-based Heart Hospital suffered the attack after a malware crippled the server and corrupted all its data. The malware used to penetrate the unit's security network is believed to be from North Korea or Russia, while the origin of the criminals behind the attack has not been revealed. 

Researchers have discovered a bunch of botnets targeting business video conferencing systems made by Polycom. The botnets in question are OMNI, Bushido, Hades & Yowai. They are distributed via Telnet by using brute-force password guessing techniques. Polycom has warned its customers that Polycom HDX endpoints running software versions older than 3.1.13 are affected by these botnet attacks.

Blind Eagle threat actor group has been found targeting Colombian organizations in its latest attack campaign. The threat actor group is using spear-phishing emails - that contain password protected RAR attachments - to target the entities. The phishing emails are purported to be from Colombian National Institutions such as the National Directorate of Taxes and Customs, the National Administrative Department of Statistics, the Colombian National Cyber Police, the Office of the Attorney General, the Colombia Migration, and the Colombian National Civil Registry.  

Adobe has released security updates to address a vulnerability in Adobe Acrobat and Reader. The flaw detected as CVE-2019-7089, could enable attackers to steal sensitive information. The software affected by the flaw are classic 2017 software Acrobat 2017 and Acrobat Reader 2017 (versions 2017.011.30120 and earlier) and classic 2015 software Acrobat DC and Acrobat Reader DC (versions 2015.006.30475 and earlier).

Drupal has released a security patch for a remote code execution vulnerability - CVE-2019-6340 - in its software. The bug could allow attackers to hijack a site and remotely run malicious code. For those running Drupal 8, the vulnerability can be patched by updating to version 8.6.10 or 8.5.11. Drupal has also released Drupal 8.6.10 and Drupal 8.5.11 to address this vulnerability. 

Cisco has released 15 security updates for some of its products. Two of the updates are for the two flaws that can allow attackers to gain root access on the device. These two flaws are CVE-2018-15380 and CVE-2019-1664 and affect Cisco HyperFlex software. The patches also include a fix for an authentication bypass vulnerability CVE-2019-1662.

According to the latest report on Independent, people on networking sites like LinkedIn are falling victim to sextortion scams. Researchers have found that cybercrime groups are offering annual salaries to accomplices who are helping them in finding high-worth individuals such as company executives, lawyers and doctors. Once they get the information, the fraudsters trick the high-value target into online relationships and later threaten them of revealing all their details, if a ransom is not paid. Minimizing personal and professional online exposure is essential for staying away from such group’s path.