Cyware Daily Threat Intelligence February 4, 2019

Top Breaches Reported in the Last 24 Hours

NZTA privacy breach
The New Zealand Transport Agency (NZTA) disclosed that it has been hit by another privacy breach. The firm accidentally revealed the private email addresses of almost 900 people in a mass traffic update email. The incident comes just months after NZTA reported about the loss of an unencrypted USB drive that contained the personal information of 1000 people. An email with a traffic update from the Southern Corridor Improvements project team was sent which left the email addresses of all recipients visible to other recipients. Security experts say accidentally including email addresses in a broadcast email is a serious security lapse. Meanwhile, NZTA has notified the Privacy Commissioner about the breach. It has also launched an internal investigation to understand the impact of the breach.

Top Malware Reported in the Last 24 Hours

Google removes 29 malicious photo apps
Security researchers have discovered 29 malicious apps on Google Play Store that aim to redirect users to phishing websites and collect their pictures. These apps were also discovered pushing adult content on the victims' phones. Some of these camera apps have over 1 million installs, with a large number of them found in India. The researchers have sorted these apps in two different categories. While few apps were the variants of the same camera applications, the rest allowed their users to apply photo filters on their snapshots. Beauty camera apps detected as ‘AndroidOS_BadCamera.HRX’ were capable of accessing remote ad configuration servers which can be used for malicious purposes. 

Top Scams Reported in the Last 24 Hours

Tax Scam
Australians are being warned about a new tax scam where fraudsters are pretending as Australian Taxation Office officials and tricking users into revealing their financial and personal details. The victims receive a fraudulent SMS message from an ATO number, asking them to click on a link and hand over their personal details in order to obtain a refund.

Account takeover scam
Scammers are targeting elderly citizens in Thailand in a new wave of call center scam. The scammers pose as a bank staff or state officials to gain personal details. The data is later used by the fraudsters to activate online or mobile banking accounts and perform fraudulent transactions. 

Sextortion scam
A new sextortion scam campaign that attempts to trick victims into believing that the popular adult site Xvideos[.]com has been hacked, has been discovered recently. The scam further claims that a malicious script has been installed on the victims' machines to record their activities through the webcam. Hackers threaten the victims that they will release the recorded videos in public if a ransom of $969 (in Bitcoins) is not paid. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence February 5, 2019
Next
Cyware Daily Threat Intelligence February 1, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.