Go to listing page

Cyware Daily Threat Intelligence February 7, 2019

Cyware Daily Threat Intelligence February 7, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Eskom leaks customer data
A security flaw in Eskom's billing software database has exposed the financial data of its customers. The database contained the full names, card type, partial card numbers, and CVV codes of customers. The incident occurred after an employee of the power firm Eskom downloaded a fake Sims 4 game onto her computer. This resulted in the compromise of her company credentials.

Student data leaked
The College of Science at the Cal Poly Pomona College of Science, in California, has reportedly leaked the personal information of 4,557 students. The leak occurred when an administrator intended to send its 940 students each a separate email containing their individual academic records. However, instead of sending their academic records, the administrator had sent a spreadsheet containing the academic details of every student.

Top Malware Reported in the Last 24 Hours

Denarius Cryptocurrency project compromised
A backdoor version of Denarius Windows client v3.3.6 was uploaded by hackers by compromising the GitHub account of Denarius Cryptocurrency project. This backdoor version of Denarius Windows client installer was used to install the AZORult malware and conduct nefarious activities such as stealing browser cookies, browser passwords, chat history and passwords for FTP clients. 

GandCrab v5.1
The  GandCrab v5.1 comes with a variety of distribution changes and UX updates to the GandCrab TOR site. A variety of exploit kits including the Fallout EK are used to spread the malware. The ransomware’s TOR site comes with a hidden private chat that can be enabled using discount codes - which are actually ransoms.

IceID operators target retail sites
The IceID trojan is back in a new attack campaign that targets the e-commerce vendors in the US. The campaign uses a two-step injection attack, designed to steal credentials and payment card data of users. The attack is orchestrated via ATSEngine Injection Panel. It enables the attackers to make fraudulent purchases by using the user's identity.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in Android devices
Three newly discovered flaws in Android devices can allow threat actors to hack Android devices just by opening a PNG image file. These PNG files can be downloaded anywhere from the internet or can be received via messages or email apps. The flaws in the question are CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988. Google has recently patched these flaws in the Android Open Source Project (AOSP).

GoDaddy authentication flaw 
Hackers are still exploiting the authentication flaw in GoDaddy[.]com to distribute a large amount of spam through legitimate, dormant domains. Despite the disclosure of a recent incident that enabled hackers to compromise 78 known domains, GoDaddy has still not taken concrete steps to address the flaw. On January 22, it was discovered that crooks had taken control of these domains to perform two massive spam campaigns - one sextortion campaign and the other bomb threat spam campaign.

Top Scams Reported in the last 24 Hours

Norton tech-support scam
Scammers are leveraging the sophisticated fake Norton scans campaign to steal money from users. As a result, they have managed to earn thousands of dollars. In this campaign,  a fake Windows alert is first displayed on targeted systems, which urges users to perform a ‘quick scan’. The potential victims are asked not to make phone calls and instead should download unwanted applications that contain malicious JavaScript and HTML code. Like most tech-support scams, this one depends on catching a victim off-guard. Tens of thousands of users are believed to have fallen victim to the scam. 


iceid trojan
gandcrab v51
customer data
fake norton scans
android open source project aosp

Posted on: February 07, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.