Cyware Daily Threat Intelligence, July 09, 2019

See All
Inadvertent exposure of sensitive data due to misconfigured database continues to plague companies worldwide. Lately, two unprotected Elasticsearch databases belonging to Jiangsu Provincial Public Security Department, China, had leaked over 90 million people and business records. The exposed records included personally identifiable information like names, birth dates, genders, identity card numbers, and location coordinates. On the other hand, the compromised business records included business IDs, business types, location coordinates, and memos.

That’s not all. An unsecured Jenkins server belonging to GE Aviation had exposed sensitive data related to the company’s internal commercial infrastructure. This includes source code, plaintext passwords, global system configuration details, and private keys.

The past 24 hours saw the return of Dridex trojan and a variant of Anubis trojan. While Dridex along with RMS RAT is being delivered via fake eFax messages, the new variant of Anubis trojan is propagated by labeling it as ‘Operatör Güncellemesi’ and ‘Google Services’.  

Top Breaches Reported in the Last 24 Hours

90 million records exposed
Two publicly accessible Elasticsearch databases of Jiangsu Provincial Public Security Department had exposed over 90 million people and business records. The databases contained more than 58 million citizen records and over 33 million business records. The compromised business records included business IDs, business types, location coordinates, and memos. Upon discovery, the databases were secured by CNCERT/CC. 

GE Aviation exposes source code
A misconfigured Jenkins server owned by GE Aviation had exposed sensitive data related to the company’s internal commercial infrastructure. The exposed data includes source code, plaintext passwords, global system configuration details, and private keys. Upon learning this, the company immediately pulled the server offline. 

Eastern Ontario Community attacked
A ransomware attack on Eastern Ontario municipality has disabled the computer networks. The attack occurred on June 30, 2019. The municipality has restored all of the city’s services and the email systems are expected to be back within a day or two. 
 
Top Malware Reported in the Last 24 Hours

Dridex spotted with RMS RAT
A new malspam campaign that delivers fake eFax messages has been found delivering Dridex Trojan and RMS RAT. The Dridex banking Trojan is being used by the attackers to collect credentials from web browsers and to exfiltrate them to their own servers. On the other hand, RMS RAT is used for managing the infected computers.  

GoBotKR malware
GoBotKR is a new version of Win64/GoBot2 backdoor malware. The malware has been found disguised as South Korean movies and TV shows on Torrent sites to trick users. The malware is capable of collecting a variety of user and system information. Nearly 80% of the South Koreans have been impacted by the malware.

Astaroth trojan campaign
A malware campaign that delivers Astaroth trojan through fileless execution has been found recently. The malware is dropped into the memory of infected computers and is capable of stealing sensitive information such as user credentials using a key logger module.

Anubis trojan variant
The infamous Anubis banking trojan has evolved to target Android mobile users. Lately, two related servers containing 17,490 samples of Anubis trojans have been detected by security researchers. These samples of Anubis are called AndroidOS_AnubisDropper. These variants are labeled as either ‘Operatör Güncellemesi’ and ‘Google Services’ during propagation.

Top Vulnerabilities Reported in the Last 24 Hours

Zoom’s RCE flaw
A RCE vulnerability in Zoom video-conferencing tool can allow attackers to control users’ camera without their permission. The flaw can potentially expose up to 750,000 companies around the world. The flaw has been detected as CVE-2019-13450 and exploits an architectural vulnerability in Zoom. It can be abused to create a Denial-of-Service condition.  

Flaws in USB dongles
Several vulnerabilities have been detected in the USB dongles used by Logitech wireless keyboards, mouses and presentation clickers. The vulnerabilities can allow attackers to sniff on keyboard traffic, inject keystrokes and take over the computer to which the vulnerable dongle has been connected. The vulnerabilities impact all Logitech USB dongles that use ‘Unifying’ 2.4 GHz radio technology. 


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 10, 2019
Next
Cyware Daily Threat Intelligence, July 08, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.