Go to listing page

Cyware Daily Threat Intelligence, July 08, 2019

Cyware Daily Threat Intelligence, July 08, 2019

Share Blog Post

Credit card skimming attacks are running rampant and the latest act of compromised 962 e-commerce sites worldwide is a telling example. An automated Magecart campaign was carried out on these Magento-based e-commerce websites within a span of 24 hours. 

Several Croatian government agencies were also targeted with a new post-exploitation tool named SilentTrinity to deliver malicious payloads. SilentTrinity is capable of taking control of an infected computer and can allow attackers to execute arbitrary commands.   

The past 24 hours saw a major data breach revelation by ALTA. The U.S. national trade association has disclosed that hundreds of company records have been compromised in a potential phishing campaign. The stolen data contained almost 600 data entries for the title and non-title companies. 

City of Griffin, Georgia has suffered a loss of over $800,000 following a massive BEC attack. The scammers had managed to steal the amount through a phishing email that appeared to come from a city’s water treatment vendor PF Moon. 

Top Breaches Reported in the Last 24 Hours

ALTA data breach
American Land Title Association (ALTA) has released a data breach notification following a successful phishing attack. The attack has affected usernames and passwords of various insurance firms, title and settlement agents, real estate attorneys and independent abstracters that are associated with the association. The attackers had sent a phishing email using the subject line ‘Changes & Updates to Member Directory’ to the targets. ALTA has urged title and settlement companies’ employees to change their passwords.

GitHub account hacked
The GitHub account of Canonical Ltd. was hacked on July 6, 2019. This resulted in the compromise of credentials which were later used to create repositories among other activities. It is reported the hacker had created 11 new GitHub repositories in the official Canonical account. Upon discovery, Canonical has removed the compromised accounts on its GitHub.

LaPorte County suffers a malware attack
LaPorte County has fallen victim to a malware attack on July 6, 2019. This has disabled the county’s computer and email systems. The county has informed FBI and other law enforcement agencies about the attack.   

Top Malware Reported in the Last 24 Hours

Massive Magecart campaign
A large-scale card skimming campaign that involved the compromise of 962 e-commerce sites in a day has come to notice. These 962 sites have been infected with the infamous Magecart skimming code. This is an automated Magecart campaign that has been conducted on Magento-based platforms to date. The malicious code has been used by the attackers to collect payment info including names, phones, and addresses of customers. 

SilentTrinity post-exploitation tool
A post-exploitation tool known as SilentTrinity was used to launch a series of cyber attacks against Croatian government agencies. SilentTrinity can take control of an infected computer and allow attackers to execute arbitrary commands. It is being delivered through spear-phishing emails. 

Golang malware
Security researchers have discovered a new cryptomining campaign that is being used to deliver new Golang malware. The threat actors behind the campaign are abusing the pastebin.com to host the spearhead bash script and store the malware on a compromised Chinese e-commerce website.   

Top Vulnerabilities Reported in the Last 24 Hours

Concern rises over BlueKeep vulnerability
New Zealand’s Cyber Security Center and Microsoft have issued urgent warnings for users to update their operating systems following the outage of BlueKeep vulnerability. The flaw affects about a million Windows systems and can be used to conduct an attack similar to the 2017 WannaCry attack.

Vulnerability in v0.0.7 Ruby library
A researcher has come across a serious problem with the ‘strong_password’ v.0.0.7 Ruby library. The issue can allow an attacker to inject malware to the code when deployed on production systems. Apparently, the library was actually abused to silently inject a backdoor malware that could take control of systems.    

Cisco releases patches
Recently, Cisco released a bundle of 17 security updates which address 18 vulnerabilities that affect its networking and communications gear. Out of that, 10 such bugs are classified as high-security issues. These high-security flaws can lead to code execution and denial of service condition. 

Top Scams Reported in the Last 24 Hours

City of Griffin suffers a BEC attack
City of Griffin has lost over $800,000  in a massive BEC attack. The scammers had used a phishing email that appeared to come from water treatment facilities PF Moon, one of the vendors that work the Griffin City. The email was sent to the Finance department. The city became aware of the incident after PF Moon contacted the department. 

Libra currency phishing scam
A new phishing scam that makes use of the yet-to-be-released Calibra wallet and the recently launched Libra cryptocurrency has been noticed lately. Fraudsters have registered domain names that impersonate legitimate websites for both the coin and the wallet to trick users. Calibra wallet has the same look as the official Libra.org. It even includes a link to the legitimate whitepaper on the cryptocurrency and other URLs pointing to the official Libra website. 

Spam campaign
Scammers have compromised a pizza delivery website to conduct personalized spam campaigns. They have created a single paragraph to advertise medications such as Xenical. If the visitor clicks on one of these ads, they are redirected to hxxps://www[.]dietxpills[.]com, a site which sells weight loss pills and diet products. This site shares a server with at least 46 other sites that were selling drugs without prescriptions. 


bec attack
the city of griffin
magecart campaign
bluekeep vulnerability
golang malware

Posted on: July 08, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.