Cyware Daily Threat Intelligence January 16, 2019

Top Breaches Reported in Last 24 Hours

Cryptopia Exchange suffers a breach
New Zealand-based Cryptopia suffered a security breach that may have resulted in significant losses. The firm disclosed that the breach occurred on January 14, 2019. It detected the breach after it noticed an unauthorized transaction activity on the website. The website and services have been made offline. Trading on the website is also suspended. The firm has notified the law enforcement agencies about the breach.

Unprotected VOIPO
A California-based VOIP service provider, VOIPO, has inadvertently exposed tens of gigabytes worth of customer data. The exposed data includes call logs, SMS/MMS messages and unencrypted passwords. According to experts, any intercepted text messages with two-factor codes or password reset links may have allowed attackers to bypass the 2FA on users’ account.

Top Malware Reported in Last 24 Hours

Emotet trojan returns
A new malspam campaign has been observed distributing the infamous Emotet trojan. Two different ways are being used to spread the malware. The first method involves sending phishing emails to users. The phishing email contains a malicious Word document with macros embedded in it. In the second method, the attackers leverage a direct URL download that contains the malware. 

GoDaddy injects JavaScript
GoDaddy had been injecting JavaScript into its customers' sites to monitor the performance of the website. Tracked as 'Real User Metrics or RUM', the JavaScript collects information such as page load time and connection time from websites. The collected data is used for improving the network routing and server configurations and optimizing DNS resolution. However, the JavaScript code does not collect any user information. The code was automatically injected into the website of customers in the United States and those using cPanel Shared Hosting and cPanel Business.

Top Vulnerabilities Reported in Last 24 Hours

TP-Link vulnerabilities
Multiple flaws in the TP-Link TL-R600VPN router have been discovered by researchers. All vulnerabilities are found on HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 except for one which in found only on HWv3 FRNv1.3.0. The flaws detected are CVE-2018-3948, CVE-2018-3949, CVE-2018-3950 and CVE-2018-3951. These flaws could lead to remote code execution. The two root causes of the vulnerabilities are lack of input sanitization and parsing errors. 

Zero-day bugs in automation devices
Researchers have found multiple vulnerabilities across popular automation devices. The high severity vulnerabilities can allow remote attackers to execute arbitrary code on a targeted device. Meanwhile, a variety of low severity flaws were found on Loytek and EasyIO systems. The bugs were discovered with path traversal and arbitrary file deletion possible on Loytec and authentication bypass possible on EasyIO, and with cross-site scripting (XSS) possible on both.

Top Scams Reported in Last 24 Hours

Singapore Airlines phishing scam
Singapore Airlines is warning its customers about a new scam where scammers are impersonating the website and offering free tickets. These tickets are being offered as prizes on a condition that the users have to go through a survey. The scam is found to be dispersed via WhatsApp and the survey includes questions that gather personal information related to an individual. 

V-Buck scam
A new V-Buck scam has been doing the rounds on the internet recently. Security researchers have uncovered that criminals are using stolen credit cards to purchase V-Buck coins - that is used to purchase game outfits, weapons and other items related to the popular game Fortnite. These coins are then circulated and sold on the Dark Web on a discounted rate to legitimate players.

BEC scam
A new Business Email Compromise(BEC) scam has been observed targeting online payroll accounts. Here, the scamsters send a phishing email to an employee in the finance or the human resources department, requesting to change the details of the existing deposit account. In order to evade detection, the phishing email is sent under the name of an employee working in the same organization. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence January 17, 2019
Next
Cyware Daily Threat Intelligence January 15, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.