Go to listing page

Cyware Daily Threat Intelligence January 29, 2019

Cyware Daily Threat Intelligence January 29, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Altran Tech suffers an attack
The French engineering consulting firm, Altran Technologies, recently disclosed that it was hit by a cyber attack. This affected many of its operations spread across different countries in Europe. Experts believe that the attack can be work of foreign government or financially motivated criminals. In the wake of the incident, Altran has shut down its IT network and applications. A recovery plan is underway. 

Unsecured MongoDB databases
Unprotected MongoDB databases have exposed Kremlin's backdoor account that was used by the Russian government to access servers belonging to businesses and organizations operating in Russia. The leaky databases included data belonging to local banks, financial institutions, big telcos, and even Disney Russia. Researchers found that the databases had default settings and were easily accessible.

Top Malware Reported in the Last 24 Hours

AZORult trojan is back
Researchers have observed a new attack campaign that is used to spread AZORult trojan. The trojan arrives in the form of fake Google updates. It replaces the legitimate Google Updater program on infected systems and targets a variety of applications in order to harvest credentials. The malware hides in C:\Program Files\Google\Update\GoogleUpdate.exe as the Google Updater program. 

Newly discovered trojan spyware
Security researchers have discovered new trojan spyware named TROJANSPY.WIN32.TEAMFOSTEALER.THOABAAI. The trojan spyware masquerades as fake TeamViewer software in order to propagate into the victims' systems. Once installed, the malware is capable of gathering and stealing information such as OS architecture, computer name, user name, RAM size, the presence of AV products, and administrator privilege.

Top Vulnerabilities Reported in the Last 24 Hours

Critical bugs in Siemens' PLC
Two serious flaws have been discovered in Siemens Simatic S7-1500 Programmable Logic Controllers (PLCs). Dubbed as CVE-2018-16558 and CVE-2018-16559, the bugs can enable the attackers to conduct denial-of-service (DoS) attacks and disrupt industrial control systems. 

FaceTime flaw
A critical bug in Apple iOS devices can let FaceTime users listen remotely ever before the call is answered by the recipient. The bug exists in the iOS 12.1.2 version. Upon investigation, it was further found that the bug could allow the users to access the microphone and front camera of other iPhone users. Apple is currently working on the issue and plans to release a security update later this week.

WIBU SYSTEMS vulnerabilities
Three vulnerabilities have been discovered in WIBU SYSTEMS WibuKey. These flaws are named as CVE-2018-3990, CVE-2018-3989 and CVE-2018-3991. Two of these flaws could allow memory disclosure (CVE-2018-3989) and remote code execution (CVE-2018-3990) at the kernel level. 

Top Scams Reported in the Last 24 Hours

Fake adult dating sites scam
A new scam that redirects the victims to fake dating sites has been spotted recently. The campaign begins with users receiving phishing emails that contain links to the fake dating sites like Ashleymadison[.]com. The spam emails come from a person named Gell with the email address info@reeedirect[.]ru and have a subject consisting of random names. One of the redirects is http://r2[.]red123[.]ru/, which contains a hidden link titled "follow the white rabbit". The main intention of this scam is to harvest users' contact information and use it for future phishing or spam campaigns.


trojan spyware
fake google updates
remote code execution
unsecured mongodb databases
spam campaigns

Posted on: January 29, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.