Go to listing page

Cyware Daily Threat Intelligence February 8, 2019

Cyware Daily Threat Intelligence February 8, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Mumsnet data breach
A technical glitch in Mumsnet, a popular parenting forum, was exposing the account details of its users. The breach occurred due to a botched upgrade to the software - on which the forum is running. During that time, about 4,000 users had logged in. However, only 14 of those 4,000 reported the issue. 

Jack'd app data leak
A serious design flaw in the popular dating app called Jack'd enabled anyone to access millions of private photos, even if they didn't have an account on the app. The firm was notified about the flaw last year. However, it appeared to implement a fix only this week. Jack'd has more than five million downloads on the Google Play Store. 

Trakt data breach
Trakt, the makers of an app that monitors users' TV programme and movie viewing habits, is notifying its users about a data leak that occurred due to a PHP exploit. The incident occurred back in December 2014 and involved information such as user names, email addresses and encrypted passwords. In the wake of the data leak, the firm has reset the passwords for the affected users. 

Bayside Covenant Church data breach
Unauthorized access has affected the personal information of some employees working in the Bayside Covenant Church of Roseville, California. The information exposed in the breach includes names, addresses, Social Security Numbers, passport numbers, driver’s license numbers, financial account information, medical information, health insurance information, usernames and passwords for online accounts.

Top Malware Reported in the Last 24 Hours

QakBot malware
Geodo botnets have been found using a new spam campaign to deliver samples of QakBot malware and IceID trojan as its final payload. The attack begins with users receiving a phishing email that contains a weaponized Microsoft Office document. The attached file contains malicious macros, which when enabled, directly deliver Qakbot to the victim's device.

New Ursnif variant
A new variant of Ursnif trojan that is distributed via steganography and AtomBombing techniques has been observed recently by researchers. The new variant is used to target Italian servers and arrives hidden in a Microsoft Office document. The AtomBombing technique enables attackers to exploit Windows AtomTable in order to inject malicious code into explorer[.]exe in a stealthy fashion.

Matrix ransomware evolves
Matrix ransomware, first spotted in late 2016, has evolved into a dangerous threat over the years. The ransomware targets endpoints through Windows Remote Desktop (RDP) services by brute-forcing passwords. Once installed, it encrypts files that include mdf, .ndf, .myd, .eql, . sql, .fdb, .vhd, .sqlite, .dbs, .docx, .doc, .odt, and .jpeg extensions.

Top Vulnerabilities Reported in the Last 24 Hours

Bugs in video conferencing products
The remote OS command injection vulnerabilities in some video conferencing products can allow hackers to remotely gain control of the devices and later use them as snooping tool. The vulnerabilities have been found affecting four Lifesize enterprise collaboration products - Lifesize Team, Lifesize Room, Lifesize Passport and Lifesize Networker. 

Flaws in Kunbus Industrial Gateway
Security researchers have discovered serious flaws in the Kunbus Industrial Gateway. Dubbed as 2019-6527 and CVE-2019-6533, the flaws are related to improper authentication and improper input validation. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and/or cause a denial-of-service condition.

macOS zero-day bug
A new zero-day bug has been discovered in macOS. The bug can exposed passwords in Apple's Keychain software. It affects the latest version of macOS Mojave. The bug, if exploited, can allow attackers to grab passwords from login and system Keychain without root or administrator privileges.


iceid trojan
macos zero day bug
qakbot malware
data leak
encrypted passwords
remote os command injection vulnerabilities

Posted on: February 08, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.