Cyware Daily Threat Intelligence February 25, 2019

Financial software company Intuit disclosed that its tax return information was breached in a credential stuffing attack. The incident occurred after an unauthorized party gained access to an undisclosed number of TurboTax tax preparation software accounts. By accessing the accounts, the unauthorized party may have obtained crucial information such as customers' Social Security numbers, addresses, dates of birth, driver's license numbers and financial data. 

Group-IB security firm has discovered two new sets of databases that have been put up for sale on the infamous Joker's Stash market forum. These databases contain a total of 69,186 stolen Pakistani banks’ cards, a majority of them belonging to Meezan Bank Ltd. The worth of the stolen banks' cards data is estimated to be nearly $3.5 million. While the price of a single payment card detail ranges from $10 to $40, the card that comes with a PIN code is sold at $50.

Researchers have discovered a new phishing campaign that leverages fake Google reCAPTCHA systems to distribute banking malware. The campaign employs both impersonation and panic/bait techniques within an email to lure victims into downloading banking malware. Hackers are using the campaign to target a Polish bank. 

A newly discovered Muncy malware has been found to be distributed via a DHL phishing campaign. The email that goes with a subject line of 'DHL SHIPMENT NOTIFICATION', contains a malicious PDF attachment. Once the victim opens the attachment, it drops the Muncy Trojan on the system. The malware later scans the entire C:\ drive in order to find sensitive files.

Researchers have discovered a new fake job offer phishing campaign that delivers the More-eggs backdoor malware. The campaign is carried out against various companies in the US. This includes the retail, entertainment and pharmacy firms. Before sending in the backdoor, the threat actor attempts to establish rapport with potential victims by abusing LinkedIn’s direct messaging service.

Three flaws have been discovered in 4G and 5G protocols. The flaws could be used to intercept phone calls and track someone's location. It can enable attackers to snoop on the users' phones. Researchers claim that any person with a little knowledge of cellular paging protocols can carry out this attack. 

A privilege escalation vulnerability has been found in the British Airways (BA) Entertainment System. The flaw, tracked as CVE-2019-9019, resides in the USB Handler component. The flaw can enable attackers to trigger a Chat buffer overflow or crash the application.

The Internet Systems Consortium (ISC) has released security updates to address several vulnerabilities in the multiple versions of ISC Berkeley Internet Name Domain (BIND). The flaws in the question are CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465. Attackers can exploit these flaws to take control of an affected system. 

Users are being warned about an ongoing telephone scam that tricks individuals into revealing their banking details. Here, the scammers pretending to be from Canada Revenue Agency (CRA) or the Internal Revenue Service and inform the receivers that their credit card was used in fraudulent activities. This creates a sense of panic among the victims and later assist the scammers in conducting a fraud investigation. In this way, the victims are tricked into giving away their payment card details.

A new report from cyber security firm Digital Shadows has found that some criminals are offering generous salaries to the tune of $360,000 on average to people who can help them target high-earning individuals such as company executives, lawyers, and doctors. Once they get the information, the fraudsters trick the high-value target into online relationships and later threaten them of revealing all their details, if a ransom is not paid.