Cyware Daily Threat Intelligence February 8, 2019

A technical glitch in Mumsnet, a popular parenting forum, was exposing the account details of its users. The breach occurred due to a botched upgrade to the software - on which the forum is running. During that time, about 4,000 users had logged in. However, only 14 of those 4,000 reported the issue. 

A serious design flaw in the popular dating app called Jack'd enabled anyone to access millions of private photos, even if they didn't have an account on the app. The firm was notified about the flaw last year. However, it appeared to implement a fix only this week. Jack'd has more than five million downloads on the Google Play Store. 

Trakt, the makers of an app that monitors users' TV programme and movie viewing habits, is notifying its users about a data leak that occurred due to a PHP exploit. The incident occurred back in December 2014 and involved information such as user names, email addresses and encrypted passwords. In the wake of the data leak, the firm has reset the passwords for the affected users. 

Unauthorized access has affected the personal information of some employees working in the Bayside Covenant Church of Roseville, California. The information exposed in the breach includes names, addresses, Social Security Numbers, passport numbers, driver’s license numbers, financial account information, medical information, health insurance information, usernames and passwords for online accounts.

Geodo botnets have been found using a new spam campaign to deliver samples of QakBot malware and IceID trojan as its final payload. The attack begins with users receiving a phishing email that contains a weaponized Microsoft Office document. The attached file contains malicious macros, which when enabled, directly deliver Qakbot to the victim's device.

A new variant of Ursnif trojan that is distributed via steganography and AtomBombing techniques has been observed recently by researchers. The new variant is used to target Italian servers and arrives hidden in a Microsoft Office document. The AtomBombing technique enables attackers to exploit Windows AtomTable in order to inject malicious code into explorer[.]exe in a stealthy fashion.

Matrix ransomware, first spotted in late 2016, has evolved into a dangerous threat over the years. The ransomware targets endpoints through Windows Remote Desktop (RDP) services by brute-forcing passwords. Once installed, it encrypts files that include mdf, .ndf, .myd, .eql, . sql, .fdb, .vhd, .sqlite, .dbs, .docx, .doc, .odt, and .jpeg extensions.

The remote OS command injection vulnerabilities in some video conferencing products can allow hackers to remotely gain control of the devices and later use them as snooping tool. The vulnerabilities have been found affecting four Lifesize enterprise collaboration products - Lifesize Team, Lifesize Room, Lifesize Passport and Lifesize Networker. 

Security researchers have discovered serious flaws in the Kunbus Industrial Gateway. Dubbed as 2019-6527 and CVE-2019-6533, the flaws are related to improper authentication and improper input validation. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and/or cause a denial-of-service condition.

A new zero-day bug has been discovered in macOS. The bug can exposed passwords in Apple's Keychain software. It affects the latest version of macOS Mojave. The bug, if exploited, can allow attackers to grab passwords from login and system Keychain without root or administrator privileges.