Cyware Daily Threat Intelligence January 31, 2019

Top Breaches Reported in the Last 24 Hours

SBI data breach
State Bank of India, India's biggest financial firm has suffered a massive data breach. The breach has resulted in the compromise of personal data of million customers. The data was stored in a passwordless database. The information compromised in the breach includes phone numbers, bank balances and recent transactions of customers.

Collection#2 data leak
Security researchers have discovered around 2.2 billion unique usernames and associated passwords dumped in an unprotected database called Collections#2-5. The database contained 845 gigabytes of data and 25 billion records in all. Most of the stolen data appear to come from previous thefts, like the breaches of Yahoo, LinkedIn, and Dropbox. 

Azure outage
Microsoft has accidentally deleted customers databases during the Azure outage - that happened on January 29. This has resulted in the loss of some crucial information such as previous transactions, product orders and other updates. The firm is working on restoring the affected databases.

Top Malware Reported in the Last 24 Hours

Korean candidates targeted 
A malware campaign that attempts to target Korean candidates via a fake job post of Cisco has been observed recently. The infection vector is a Microsoft Word document that goes with the name "Job Descriptions.doc." The content of the document matches with the legitimate job descriptions that are available online.

Malicious beauty camera apps
Dozens of beauty camera apps on Google Play Store have been found pushing fake ads and adult contents. These apps have the highest number of downloads in India. Apart from pushing fake ads, some of these apps were also found redirecting users to phishing websites that promises exciting prizes.

'Love Letter'malspam campaign
'Love Letter'malspam campaign has now changed its focus to Japanese users. The campaign is distributed via phishing emails that contain zipped JavaScript (.js) files. Once clicked, the 'js file downloads the first malware payload.

Top Vulnerabilities Reported in the Last 24 Hours

Canvas Draw 5 bugs
Several vulnerabilities in ACD Systems' Canvas Draw 5 have been discovered by security researchers. The flaws are dubbed as CVE-2018-3973, CVE-2018-3976, CVE-2018-3980 and CVE-2018-3981. The vulnerable component lies in the handling of TIFF and PCX images. All these are exploitable out-of-bounds write vulnerabilities.

PoC for vulnerable Cisco routers released
Disclosure of Proof-of-Code (PoC) of two high vulnerabilities in Cisco’s Small Business RV320 and RV325 routers can enable hackers to take full control over the devices. These flaws are dubbed as CVE-2019-1652 (command injection vulnerability) and CVE-2019-1653 (remote code execution vulnerability). Device owners are advised to immediately download Cisco’s patches for the two exploited flaws. Both of the bugs reside within the routers’ web-based management interface.

Top Scams Reported in the Last 24 Hours

Netflix scam
Netflix is warning its customers about a new scam that tricks users into sharing their financial details. Here, the users receive a phishing email that appears to be from the streaming company. It informs the users that their accounts are suspended until they verify all required information and update their payment method. Users are then urged to click on a link that takes them to a login page that looks almost identical to the real web page. 

YouTube scam
Research has revealed that scammers are impersonating YouTube starts to steal fans' money. The followers of popular YouTube stars are sent private messages through the online video site, asking them to click on a phishing link to redeem a prize. Once the users click on the link, they are asked to fill in their personal details such as their name, address, country, and email address to win the prize.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence February 1, 2019
Next
Cyware Daily Threat Intelligence January 30, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.