Cyware Daily Threat Intelligence February 25, 2019

Top Breaches Reported in the Last 24 Hours

Intuit suffers an attack
Financial software company Intuit disclosed that its tax return information was breached in a credential stuffing attack. The incident occurred after an unauthorized party gained access to an undisclosed number of TurboTax tax preparation software accounts. By accessing the accounts, the unauthorized party may have obtained crucial information such as customers' Social Security numbers, addresses, dates of birth, driver's license numbers and financial data. 

Pakistani banks' cards on sale
Group-IB security firm has discovered two new sets of databases that have been put up for sale on the infamous Joker's Stash market forum. These databases contain a total of 69,186 stolen Pakistani banks’ cards, a majority of them belonging to Meezan Bank Ltd. The worth of the stolen banks' cards data is estimated to be nearly $3.5 million. While the price of a single payment card detail ranges from $10 to $40, the card that comes with a PIN code is sold at $50.

Top Malware Reported in the Last 24 Hours

Google reCAPTCHA system hides malware
Researchers have discovered a new phishing campaign that leverages fake Google reCAPTCHA systems to distribute banking malware. The campaign employs both impersonation and panic/bait techniques within an email to lure victims into downloading banking malware. Hackers are using the campaign to target a Polish bank. 

Muncy malware
A newly discovered Muncy malware has been found to be distributed via a DHL phishing campaign. The email that goes with a subject line of 'DHL SHIPMENT NOTIFICATION', contains a malicious PDF attachment. Once the victim opens the attachment, it drops the Muncy Trojan on the system. The malware later scans the entire C:\ drive in order to find sensitive files.

More-eggs backdoor
Researchers have discovered a new fake job offer phishing campaign that delivers the More-eggs backdoor malware. The campaign is carried out against various companies in the US. This includes the retail, entertainment and pharmacy firms. Before sending in the backdoor, the threat actor attempts to establish rapport with potential victims by abusing LinkedIn’s direct messaging service.

Top Vulnerabilities Reported in the Last 24 Hours

4G and 5G in threat
Three flaws have been discovered in 4G and 5G protocols. The flaws could be used to intercept phone calls and track someone's location. It can enable attackers to snoop on the users' phones. Researchers claim that any person with a little knowledge of cellular paging protocols can carry out this attack. 

Privilege escalation issue
A privilege escalation vulnerability has been found in the British Airways (BA) Entertainment System. The flaw, tracked as CVE-2019-9019, resides in the USB Handler component. The flaw can enable attackers to trigger a Chat buffer overflow or crash the application.

Security updates for ISC BIND
The Internet Systems Consortium (ISC) has released security updates to address several vulnerabilities in the multiple versions of ISC Berkeley Internet Name Domain (BIND). The flaws in the question are CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465. Attackers can exploit these flaws to take control of an affected system. 

Top Scams Reported in the Last 24 Hours

Telephone Scam
Users are being warned about an ongoing telephone scam that tricks individuals into revealing their banking details. Here, the scammers pretending to be from Canada Revenue Agency (CRA) or the Internal Revenue Service and inform the receivers that their credit card was used in fraudulent activities. This creates a sense of panic among the victims and later assist the scammers in conducting a fraud investigation. In this way, the victims are tricked into giving away their payment card details.

Cybercriminals paying handsome salaries
A new report from cyber security firm Digital Shadows has found that some criminals are offering generous salaries to the tune of $360,000 on average to people who can help them target high-earning individuals such as company executives, lawyers, and doctors. Once they get the information, the fraudsters trick the high-value target into online relationships and later threaten them of revealing all their details, if a ransom is not paid. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence February 26, 2019
Next
Cyware Daily Threat Intelligence February 22, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.