Cyware Daily Threat Intelligence January 10, 2018

Top Breaches reported in Last 24 Hours

DePaul University breach
DePaul University has inadvertently exposed private information of over 650 employees due to a human error. The information exposed in the breach includes names and email addresses of 656 employees who had completed the school's wellness program. The breach occurred after the Chicago-based university neglected the 'blind copy' feature that eventually made the recipients' names and email addresses visible to anyone. 

Reddit accounts suspended
Accounts of some Reddit users have been suspended following the discovery of unusual activities. The irregular activities indicate the unauthorized access. Experts believe that a credential stuffing attack was used to hack the accounts of users. It still remains unclear as to how many user accounts have been affected by the attacks. Reddit, meanwhile, is working on normalizing the operations of the website.

Top Malware Reported in Last 24 Hours

CryptoMix returns
The infamous CryptoMix ransomware has made a comeback in a new attack campaign that fools users into donating money in form of bitcoins for a charity. Weak RDP ports are leveraged to distribute the malware. Once installed, CryptoMix encrypts the data in servers and wipes out back-up data. Later, it displays a ransom note, which appears to be a note for charity, on the victim's computer.

Malicious Chrome extensions
A new type of malicious Chrome extensions have been found performing man-in-the-middle attack. They are used by hackers to steal credentials, cookies and financial data from users. In order to perform certain actions, these extensions first gain permission to various data such as visited pages, bookmarks, browser history, clipboards and list of installed apps.

Shipping firms under threat
Threat actors are recently leveraging BEC attacks to target shipping industry. This can result in credential theft of full-scale compromise of systems. Scammers are using social engineering tricks to imitate high-level executives. This is based on data collected from social media or using hacking tools.

Top Vulnerabilities Reported in Last 24 Hours

Apple OSX bugs 
Critical vulnerabilities in the IntelHD5000 kernel extension used in Apple OSX have been discovered by researchers. The bugs tracked as CVE-2018-4456 and CVE-2018-4421 can be exploited for privilege escalation. Apple OSX version 10.13 is primarily affected by these bugs.

Intel patches vulnerabilities
Intel has released patches to address five privilege-escalation flaws that affected an array of products. The flaws are tracked as CVE-2018-12177, CVE-2019-0088, CVE-2018-18098, CVE-2018-12155 and CVE-2018-12177. Of these, the first three have been marked as high-severity flaws.

MS Office SharePoint flaw
Security researchers have disclosed that Microsoft Office SharePoint is prone to an XSS flaw. The flaw is dubbed as CVE-2019-0558, can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user. As a result, attackers can perform several actions such as read, modify or delete the contents.

Top Scams Reported in Last 24 Hours

Email Scam
Bogus emails under the guise of school registers were used by fraudsters to dupe St Lawrence College parents into paying school fees in advance. The first email was sent in December 2018 which informed the parents that they could receive discounts if they paid winter and summer 2019 fees in advance. Later, another fraud email was sent in January 2019, which gave false bank account details for depositing the fees in cryptocurrency. The school authorities have notified the parents about the scam. In addition, the institution has also implemented additional security measures to prevent such cybercrimes in the future.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.