Cyware Daily Threat Intelligence, July 12, 2019

See All
Cryptocurrency exchange platforms are increasingly becoming a lucrative target for cybercriminals. Lately, a Japan-based Bitpoint exchange platform has fallen victim to a hack, causing a loss of $32 million worth of cryptocurrency asset. The threat actors gained access to the platform’s network and stole funds from both hot and cold wallets.

A misconfigured AWS database belonging to Vitagene Inc. was found exposing more than 3,000 patients’ health reports. The database was left open to the public for several years before it was secured on July 1, 2019.

The past 24 hours also saw a malicious campaign that involved the use of fake YouTube videos. These videos were created to lure users with free cheat codes for popular games. However, the actual purpose was to infect them with AZORult trojan.

In a major security update, Cisco has addressed a high severity vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. 

Top Breaches Reported in the Last 24 Hours

Bitpoint exchange platform hacked
Japan-based cryptocurrency exchange Bitpoint has lost $32 million worth of cryptocurrency asset after a hack that happened on July 11, 2019. The hackers have stolen funds from both of its hot and cold wallets. The company has suspended all deposits and withdrawals to investigate the matter.

Vitagene Inc. leaks over 3,000 files
DNA-testing service vendor Vitagene Inc. has exposed more than 3,000 client health reports due to a misconfigured AWS database. The database was left open to the public for several years before it was secured on July 1, 2019. The compromised data included users’ full names, birth dates, genetic health information, and details on other medical conditions.

Monroe College targeted
Bronx, New York-based Monroe College has been hit by a ransomware attack. The attackers demanded $2 million in Bitcoin to release its encrypted data. Police sources say the attack affected each of the Monroe campuses in Manhattan, New Rochelle, and St. Lucia. Nearly 8,000 students are enrolled at the college. The college’s website was completely inaccessible after the hack. 

Malware and phishing attacks
Richmond Heights City Hall’s computer and servers were infected by malware on July 1. However, the officials were able to recoup from the attack using the backup data. In another incident, a phishing attack affected the payroll system of Arlington County. The County was quick at taking remedial actions by disabling the affected employee email accounts.

Top Malware Reported in the Last 24 Hours

BXAQ malware
Earlier a joint investigation by Motherboard, the Guardian and the New York Times had revealed that Chineses authorities installed malware named BXAQ onto the phones of tourists who crossed the country’s border. However, a new report has revealed that several high profile Chinese cybersecurity companies are also not flagging BXAQ malware as an alert. The companies involved in this act are Baidu, Qihoo, Jiangmin, Rising and Tencent.

YouTube videos push trojans
Security researchers have discovered a malicious campaign that is being used to push information stealing AZORult trojan. A YouTube user named Pirate Hack has been found creating videos that offer free aimbot, wallhack tools, and cheats for popular games such as CS GO, PUBG, and Rust. These videos include a mega.nz download link, which if opened, can lead to the download of AZORult trojan.
    
Top Vulnerabilities Reported in the Last 24 Hours

Cisco fixes DoS vulnerability
Cisco has issued security patches to address a high severity vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The vulnerability has been detected as CVE-2019-1873 and could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly.

CVE-2019-1132 exploited
A zero-day vulnerability addressed by Microsoft this month was exploited by Buhtrap threat actor group to target government organizations in Eastern Europe. The vulnerability tracked as CVE-2019-1132, affects the Win32k component and could be exploited to run arbitrary code in kernel mode.

Juniper Networks’ security alert 
Juniper Networks has issued 11 security alerts across several product lines. The alerts address two critical, five high-severity, and four medium-severity vulnerabilities. The critical vulnerabilities affect Juniper Networks’ Steel-Belted Radius Carrier Edition and Junos Space.

Vulnerable Uniguest Kiosk software
Uniguest Kiosk software that is widely used by businesses in different sectors was found to have two serious flaws. The researchers had found the flaws while going through ucrew.unguest.com website. It was found that the website required no authentication for access and could allow anyone to access customers and company’s sensitive details through an application called SystemSleuth.

Top Scams Reported in the Last 24 Hours

Benefit scam
Fraudsters have managed to steal tens of thousands of pounds from British users by leveraging various welfare benefit and giveaway pages on social media platforms. On Facebook, the pages include Gov Grants Same Day, Same Day Grant, Discretionary Budgeting Grant and Same Day Grant Payment. Instagram sites include Same Day Drop UK, while the fraud is conducted on Snapchat through the Moneyinaminute page. Users are advised to be vigilant while transferring any amount to such unknown sources.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 15, 2019
Next
Cyware Daily Threat Intelligence, July 11, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.