Go to listing page

Cyware Daily Threat Intelligence January 17, 2019

Cyware Daily Threat Intelligence January 17, 2019

Share Blog Post

Top Breaches Reported in Last 24 Hours

Oklahoma data breach
A massive data breach at Oklahoma Securities Commission has exposed nearly 3 TB of data belonging to Federal Bureau of investigation. The exposed files contained confidential cases and internal documents that were at least 10-year old. it also included vital data recorded from major corporation such as AT&T, Goldman Sachs and Lehman Brothers.

South Korea's DAPA hacked
Around 30 computer systems belonging to South Korea's Defense Acquisition Program Administration(DAPA) has been hacked to steal steal sensitive data of the firm. The hack occurred in October 2018 and the stolen data contained information about arms procurement for the country's next-generation fighter aircraft. 

Collection#1 data breach
More than 773 million unique email addresses and 22 million unique passwords found to be hosted on cloud service MEGA are available on hacking forums. The data dubbed as 'Collection#1' contained over 87GB of data. Security researchers believe that cache of emails and password appear to have been built up from numerous breaches dating back to 2008.

Top Malware Reported in Last 24 Hours

Djvu ransomware
Djvu is the latest variant of STOP ransomware. It has been found spreading new .tro variant through cracks downloads and adware bundles. Once the malicious cracks are installed, the main installer will be installed as .exe file and executed. The .exe file executes the PowerShell script which disables the Windows Defenders. Another .exe file is used to connect with a command and control server to receive commands from hackers. 

New ransomware steal PayPal credentials
A new-in-development ransomware has been found stealing PayPal credentials apart from encrypting files. The ransomware offers the victims a choice to pay either Bitcoin or use PayPal. If users click on the PayPal Buy Now button, they are redirected to a phishing page that masquerades as a legitimate PayPal page. 

Pdff ransomware
Researchers have uncovered new ransomware named Dharma Pdfhelp@india[.]com Pdff. The malware is distributed via spam emails that appear to be from a shipping company such as DHL or FedEx. The emails inform the recipient that they tried to deliver a package, but failed for some reason. Sometimes the emails claim to be notifications of a shipment that the recipients have made.

Top Vulnerabilities Reported in Last 24 Hours

Oracle release 248 patches
Oracle has released 248 security updates as a part of its company's quarterly security update. These flaws could be exploited by remote attackers to take complete control of the affected systems. The most critical flaws were found to be associated with Oracle Communications Applications (33 flaws), Fusion Middleware (62), Retail Applications (16), Sun System Products (11), Enterprise Manager Product Suite (11), Constructions and Engineering suite (4), and Financial Services Applications (9). 

Drupal releases security updates
Drupal has released security updates to address flaws in Drupal 7.x, 8.5.x, and 8.6.x. These flaws could be exploited by hackers to take control over systems. Users using Drupal 8.6.x are required to upgrade to Drupal 8.6.6. Similarly, users of Drupal 8.5.x or earlier and Drupal 7.x must upgrade to Drupal 8.5.9 and Drupal 7.62 respectively. 

Top Scams Reported in Last 24 Hours

Tech support scam
A new fake Microsoft tech support scam has been observed targeting users. Scammers are using fake pop-ups - 'Windows is not activated' - to trick users into parting away with their credit/debit card details. The fake pop-up covers the complete screen of a computer and asks the user to call on the given hotline number for technical support. Once the users make a call, the scammers give a fake solution and persuade them to avail one-time subscription by paying a nominal amount. Users are advised not to purchase anything from numbers listed in the 'Windows is not activated' alert. Ignore the phone number for support as it is not authorized by Microsoft.


remote attacker
pdff ransomware
microsoft tech support scam
djvu ransomware
stop ransomware

Posted on: January 18, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.