Cyware Daily Threat Intelligence February 28, 2019

Top Breaches Reported in the Last 24 Hours

Bangladesh Embassy website compromised
Researchers discovered that cybercriminals have compromised the Bangladesh Embassy website in Cairo to mine cryptocurrencies. The attackers appear to have breached the website in October by exploiting known vulnerabilities. Upon investigation, it was found that when the users visited the website, it would force download a malicious Word document ‘Conference_Details.docx’, which is embedded with a malicious EPS script. The Bangladesh Embassy has been notified about the issue. However, the site still remains infected.

Topps affected by Formjacking attack
Sports company Topps is notifying its customers about an attack that resulted in the compromise of payment card details and other information. The incident is believed to have compromised the details of those customers who visited the website between November 19, 2018 and January 9, 2019. On January 10, 2019, the company confirmed that hackers had gained unauthorized access to the website Topps.com

Fin6 threat actor group
An unprotected Elasticsearch database has exposed over 2.4 million records of individuals and corporate entities owned by Dow Jones. The database contained several lists related to current and past elected officials, sanctioned people and companies, individuals with terrorist links and people convicted of financial crimes. It also included names, addresses, locations, dates of birth and physical descriptions of individuals.

Top Malware Reported in the Last 24 Hours

BSI warns of pre-installed malware
The German Federal Office for Information and Security (BSI) is warning users about pre-installed malware in tablets and smartphones that are purchased online in Germany. The tablet Eagle 804 from manufacturer Kruger and Matz, the smartphone S8 Pro from Ulefone and the smartphone A10 from Blackview are found to be affected by malware. BSI believes that malware can be used for spying on personal bank data.

Phishing campaigns use Azure Blob
Two different phishing campaigns that utilize Microsoft’s Azure Blob storage to steal the recipient’s Outlook and Microsoft account credentials have been spotted recently. The first phishing email campaign urges recipients to login to their Office 365 account in update information. The email comes with a subject line of "Action Required: [email_Address] information is outdated - Re-validate now!!". The second phishing email, which is used to steal a user's Microsoft account credentials, comes with a link that redirects users to a fake Microsoft landing page.

Fin6 threat actor group
Threat actor group Fin6 has been found using FrameworkPOS scraping malware to conduct a series of point-of-sale attacks recently. The group is primarily targeting finance, health care and insurance firms located in the United States, Japan and India. The malware can harvest user credentials, execute code, and evade EDR scanning techniques as well.

Top Vulnerabilities Reported in the Last 24 Hours

Thunderclap vulnerability
Researchers have discovered a new vulnerability named Thunderclap. The vulnerability is a collection of flaws residing in the Thunderbolt hardware interface designed by Apple and Intel. The Thunderclap flaws affect all the Apple laptops and desktops that were produced after 2011, with the exception of the 12-inch MacBook. The flaws also impact many Windows and Linux systems produced since 2016.

A flaw in Coinomi cryptocurrency wallet
A serious flaw has been discovered in the Coinomi cryptocurrency wallet. The flaw can result in the loss of user funds stored in the wallet. The bug exists in the automatic function of Coinomi’s textbox that runs spellcheck through googleapis[.]com when the passphrase or private key is entered.

A zero-day vulnerability in Chrome
Researchers have discovered several malicious PDF files that exploit a zero-day vulnerability in Chrome. The vulnerability could allow the sender of the PDF files to collect users’ information when users opened the PDF files via Google Chrome’s PDF viewer. Google has acknowledged the issue and promised to release a fix in late April.

Top Scams Reported in the Last 24 Hours

BEC scammers target gift cards
Researchers have lately discovered that business email compromise (BEC) scammers are targeting gift cards to make quick money. Small-town schools and school districts in Indiana and Wisconsin; U.S. and U.K. nonprofits including Boy Scouts of America and the Salvation Army; and universities in Florida, the United Kingdom, New Zealand, and Australia are some of the unfortunate victims affected by such scams.

Phishing scam
The company Superbalist is warning users about a recent phishing scam that’s been going around using their name. In this scam, customers are asked to update their credit card details via a fraudulent link, while the company assures it would never perform any actions like that. The company has urged users to be cautious when revealing personal information to strangers. It has also insisted to avoid clicking on links that look suspicious.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence March 01, 2019
Next
Cyware Daily Threat Intelligence February 27, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.