Cyware Daily Threat Intelligence February 6, 2019

See All
Top Breaches Reported in the Last 24 Hours

US universities targeted
The FBI has arrested and extradited Nigerian hackers who were involved in hacking various US university computer systems to steal paychecks and tax returns. The law enforcement agency found the hackers' computer contained data of employees working in around 140 schools. They used this data to sent fraudulent emails to various institutions in an attempt to gain system credentials. 

British MP's email hack attempt
An attempt was made to access British MP's email and phone contacts. Experts say that this malicious hack campaign was performed to access the contact lists of the victims and sends texts and emails to all their private contacts. Parliamentary authorities are currently investigating the apparent hack. 

Crosby ISD hacked
Crosby ISD recently reported that the district's IT system has been hit with a ransomware virus. As a result of the attack, school officials are found to have no access to technology, including telephone services. For now, the district officials are in contact with each other via cellphone for campus operations.

Top Malware Reported in the Last 24 Hours

Outlaw Shellbot
A Shellbot named Outlaw has been found targeting Linux systems to mine cryptocurrencies. Apart from mining cryptocurrencies, the Shellbot is also capable of collecting system and personal data, terminating tasks and processes, downloading additional payloads and sending stolen information to a C2 server. The bot can affect a variety of IoT devices as well. 

Hackers target Dutch firms
According to a recent research by Anamoli Labs, threat actors are increasingly abusing the Mali country code top-level domain (ccTLD), “.ml” to host malicious sites that resembles the Dutch-based organizations. The most targeted firms are the financial firms, Professional/Consultancy Services, and Telecommunications industries across the globe. These companies either have a Dutch headquarter or are globally dispersed.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in the Cisco Identity Services Engine
Multiple vulnerabilities have been discovered in the web-based management interface of the Cisco Identity Services Engine (ISE). The bugs can allow attackers to conduct cross-site scripting (XSS) attack or a reflected attack. Two of the vulnerabilities found in the Cisco ISE are CVE-2018-15440 and CVE-2018-15463. 

Bugs in Marvell Avastar wireless SoC
Several flaws have been discovered in Marvell Avastar wireless system on chip (SoC) systems. The security issues impact the SoCs models 88W8787, 88W8797, 88W8801, and 88W8897. These bugs can be exploited without user interaction. 

Smart Scale DoS bug
Flaws in consumer smart scale could allow hackers to launch a variety of attacks, ranging from man-in-the-middle to denial of service (DoS) attacks. The most severe of all these flaws is a DoS vulnerability and exists in the Bluetooth service of the device.

Top Scams Reported in the Last 24 hours

Gmail Dot feature abused for scam
Cyber-criminal groups are exploiting a Gmail feature - Dot Accounts - to file for fraudulent unemployment benefits, fake tax returns, and bypass trial periods for online services. Scammers are leveraging this feature to create multiple accounts on a single website which then direct all communication to a single Gmail account. Recently, a scammer group used Gmail ‘Dot accounts’ to trick Netflix account owners into adding card details to scammers' accounts. The legitimate Netflix notification ‘update your card details’ would arrive in the real user's inbox, who would later update the scammer's account unknowingly.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence February 7, 2019
Next
Cyware Daily Threat Intelligence February 5, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.