Cyware Daily Threat Intelligence, July 09, 2019

Share Blog post

Inadvertent exposure of sensitive data due to misconfigured database continues to plague companies worldwide. Lately, two unprotected Elasticsearch databases belonging to Jiangsu Provincial Public Security Department, China, had leaked over 90 million people and business records. The exposed records included personally identifiable information like names, birth dates, genders, identity card numbers, and location coordinates. On the other hand, the compromised business records included business IDs, business types, location coordinates, and memos.

That’s not all. An unsecured Jenkins server belonging to GE Aviation had exposed sensitive data related to the company’s internal commercial infrastructure. This includes source code, plaintext passwords, global system configuration details, and private keys.

The past 24 hours saw the return of Dridex trojan and a variant of Anubis trojan. While Dridex along with RMS RAT is being delivered via fake eFax messages, the new variant of Anubis trojan is propagated by labeling it as ‘Operatör Güncellemesi’ and ‘Google Services’.  

Top Breaches Reported in the Last 24 Hours

90 million records exposed
Two publicly accessible Elasticsearch databases of Jiangsu Provincial Public Security Department had exposed over 90 million people and business records. The databases contained more than 58 million citizen records and over 33 million business records. The compromised business records included business IDs, business types, location coordinates, and memos. Upon discovery, the databases were secured by CNCERT/CC. 

GE Aviation exposes source code
A misconfigured Jenkins server owned by GE Aviation had exposed sensitive data related to the company’s internal commercial infrastructure. The exposed data includes source code, plaintext passwords, global system configuration details, and private keys. Upon learning this, the company immediately pulled the server offline. 

Eastern Ontario Community attacked
A ransomware attack on Eastern Ontario municipality has disabled the computer networks. The attack occurred on June 30, 2019. The municipality has restored all of the city’s services and the email systems are expected to be back within a day or two. 
 
Top Malware Reported in the Last 24 Hours

Dridex spotted with RMS RAT
A new malspam campaign that delivers fake eFax messages has been found delivering Dridex Trojan and RMS RAT. The Dridex banking Trojan is being used by the attackers to collect credentials from web browsers and to exfiltrate them to their own servers. On the other hand, RMS RAT is used for managing the infected computers.  

GoBotKR malware
GoBotKR is a new version of Win64/GoBot2 backdoor malware. The malware has been found disguised as South Korean movies and TV shows on Torrent sites to trick users. The malware is capable of collecting a variety of user and system information. Nearly 80% of the South Koreans have been impacted by the malware.

Astaroth trojan campaign
A malware campaign that delivers Astaroth trojan through fileless execution has been found recently. The malware is dropped into the memory of infected computers and is capable of stealing sensitive information such as user credentials using a key logger module.

Anubis trojan variant
The infamous Anubis banking trojan has evolved to target Android mobile users. Lately, two related servers containing 17,490 samples of Anubis trojans have been detected by security researchers. These samples of Anubis are called AndroidOS_AnubisDropper. These variants are labeled as either ‘Operatör Güncellemesi’ and ‘Google Services’ during propagation.

Top Vulnerabilities Reported in the Last 24 Hours

Zoom’s RCE flaw
A RCE vulnerability in Zoom video-conferencing tool can allow attackers to control users’ camera without their permission. The flaw can potentially expose up to 750,000 companies around the world. The flaw has been detected as CVE-2019-13450 and exploits an architectural vulnerability in Zoom. It can be abused to create a Denial-of-Service condition.  

Flaws in USB dongles
Several vulnerabilities have been detected in the USB dongles used by Logitech wireless keyboards, mouses and presentation clickers. The vulnerabilities can allow attackers to sniff on keyboard traffic, inject keystrokes and take over the computer to which the vulnerable dongle has been connected. The vulnerabilities impact all Logitech USB dongles that use ‘Unifying’ 2.4 GHz radio technology. 

 Tags

anubis trojan
astaroth trojan
dridex trojan
gobotkr
ge aviation

Posted on: July 09, 2019

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!