Cyware Daily Threat Intelligence February 4, 2019

Share Blog post

Top Breaches Reported in the Last 24 Hours

NZTA privacy breach
The New Zealand Transport Agency (NZTA) disclosed that it has been hit by another privacy breach. The firm accidentally revealed the private email addresses of almost 900 people in a mass traffic update email. The incident comes just months after NZTA reported about the loss of an unencrypted USB drive that contained the personal information of 1000 people. An email with a traffic update from the Southern Corridor Improvements project team was sent which left the email addresses of all recipients visible to other recipients. Security experts say accidentally including email addresses in a broadcast email is a serious security lapse. Meanwhile, NZTA has notified the Privacy Commissioner about the breach. It has also launched an internal investigation to understand the impact of the breach.

Top Malware Reported in the Last 24 Hours

Google removes 29 malicious photo apps
Security researchers have discovered 29 malicious apps on Google Play Store that aim to redirect users to phishing websites and collect their pictures. These apps were also discovered pushing adult content on the victims' phones. Some of these camera apps have over 1 million installs, with a large number of them found in India. The researchers have sorted these apps in two different categories. While few apps were the variants of the same camera applications, the rest allowed their users to apply photo filters on their snapshots. Beauty camera apps detected as ‘AndroidOS_BadCamera.HRX’ were capable of accessing remote ad configuration servers which can be used for malicious purposes. 

Top Scams Reported in the Last 24 Hours

Tax Scam
Australians are being warned about a new tax scam where fraudsters are pretending as Australian Taxation Office officials and tricking users into revealing their financial and personal details. The victims receive a fraudulent SMS message from an ATO number, asking them to click on a link and hand over their personal details in order to obtain a refund.

Account takeover scam
Scammers are targeting elderly citizens in Thailand in a new wave of call center scam. The scammers pose as a bank staff or state officials to gain personal details. The data is later used by the fraudsters to activate online or mobile banking accounts and perform fraudulent transactions. 

Sextortion scam
A new sextortion scam campaign that attempts to trick victims into believing that the popular adult site Xvideos[.]com has been hacked, has been discovered recently. The scam further claims that a malicious script has been installed on the victims' machines to record their activities through the webcam. Hackers threaten the victims that they will release the recorded videos in public if a ransom of $969 (in Bitcoins) is not paid. 

 Tags

unencrypted usb drive
google play store
phishing websites
malicious apps
sextortion scam

Posted on: February 04, 2019

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!