Cyware Daily Threat Intelligence, July 17, 2019

See All
Inadvertent exposure of sensitive data due to misconfigured databases can drastically affect businesses worldwide. Recently, an unprotected Elasticsearch database associated with AavGo had exposed nearly eight million records online for a period of three weeks. These records contained a wide range of sensitive details about hospitality firms and their guests. 

The massive AMCA data breach, which has impacted over 20 million patients of five diagnostic firms, has added another firm to its list. Clinical Pathology Laboratries Inc. (CPL) is the latest one to be affected. CPL estimates that the breach may have impacted the personal and medical information of approximately 2.2 million patients. 

A critical vulnerability in at least 5,114 legacy Iomega and LenovoEMC NAS devices, has exposed about 36 TB of sensitive data on the web. The exposed data includes credit card numbers and financial records. The vulnerability stems from an unprotected API call and led to vulnerable NAS devices being shown on Shodan.     

Top Breaches Reported in the Last 24 Hours

AavGo leaks hotel guest details
An unprotected Elasticsearch database belonging to AavGo had leaked eight million records which included details about clients and guests. Its clients included Days Inn, the Peach Pubs Group, Legacy Hotels and Resorts, SACO - The Services Apartment Company, Crowne Plaza and other PMS related solutions. The information leaked in the incident included room service orders, hotel admin login details, users’ PII, guest system login information, work orders and images of hotel rooms.   

AMCA’s data breach affects CPL
Clinical Pathology Laboratories Inc. is the latest victim of AMCA data breach. CPL estimates that approximately 2.2 million patients may have been affected by the breach. The incident may have compromised patients’ names, phone numbers, birth dates, dates of service, balance information and treatment provider details.  

Adirondack Health data breach
Adirondack Health recently began notifying 25,000 patients about a phishing attack, which potentially affected a wide range of patient data. The incident occurred on March 2019 after a hacker gained access to an employee email account for two days. The compromised data included names, limited clinical or treatment data, health insurance client numbers or Medicare identification numbers, and dates of birth.  
 
American Express customers targeted
A phishing attack using a novel technique to steal credentials from American Express customers was discovered recently. The attack targeted both corporate and consumer cardholders via a phishing email which asked them to verify their personal information by visiting a link. The email was designed to induce a feeling of urgency among the users who would become less vigilant and open the attached link.    

Top Malware Reported in the Last 24 Hours

A rise in ransom payment
Ryuk and Sodinokibi ransomware are responsible for the rise in the amount of ransom in the second quarter of 2019. It is found that the average ransom payment has increased by 184% in Q2 2019 when compared to the previous quarter. In the second quarter, the average ransom stood at $36,295 whereas, in the first quarter, the average ransom was $12,762.   

New version of SLUB
A new variant of SLUB that exploits CVE-2019-0752 vulnerability in Internet Explorer has been uncovered lately.  The recent version of the malware uses various techniques to bypass AV heuristics and machine learning algorithms. This includes opening PowerShell to employ a delivery mechanism with hidden WindowStyle, invoking a malicious file ‘mfcm14u.dll’ downloaded from the malicious website, and using actual Windows API name ‘AfxmReleaseManagedReferences’ to implement export symbols that follow the Windows Naming Convention. 
  
Top Vulnerabilities Reported in the Last 24 Hours

Lenovo NAS devices vulnerable
A critical vulnerability in legacy Iomega and LenovoEMC NAS devices have exposed 3 million files. The vulnerability detected as CVE-2019-6160,  affected as many as 5114 NAS devices which contained sensitive information including card numbers and financial records. Overall, 36 TB data is publicly available on the internet due to the flaw. The vulnerability stems from an unprotected API call and allows anyone to use Shodan to find vulnerable NAS devices. Users are recommended to check out Lenovo’s security advisory to update the firmware of their devices with the latest versions. 

Bluetooth exploit
A flaw in Bluetooth communication protocol used by Windows 10 and iOS can allow attackers to spy on users’ devices. The flaw can expose the exact location and ID numbers of devices. This impacts iPhones, iPads, Apple Watch models, MacBooks, and Microsoft tablets & laptops.  

Amadeus patches a vulnerability
Amadeus has patched a vulnerability in a global check-in software that is used by hundreds of airlines. The vulnerability could have been exploited to allow attackers to view any individuals’ boarding passes and personal details. 

Microsoft release a security patch
Microsoft has issued new versions of PowerShell Core to address a vulnerability that allows a local attacker to bypass Windows Defender Application Control (WDAC) enforcements.  This could allow the attacker to execute untrusted programs even with WDAC enabled. The vulnerability has been assigned as CVE-2019-1167. 
   
Top Scams Reported in the Last 24 Hours

Impersonation scam
Scammers are impersonating vicars and barristers to gain access to people’s bank accounts. They are conducting such type of scams through phishing emails which includes the names and addresses of real law firms and churches. The warning comes from GCHQ’s National Cyber Security Center who revealed that UK’s legal sector was becoming a favorite target among the cybercriminals, recording around hundreds of impersonation scams every month. Last year, the National Cyber Security Center had thwarted more than 140,000 phishing attacks.  

Fake IRD refund email
A fake tax refund email claiming to be originated from the Inland Revenue Department (IRD) has been discovered recently. There have been over 1170 reports to the IRD from the people of New Zealand about this scam. The purpose of this scam is to steal banking details of users. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 18, 2019
Next
Cyware Daily Threat Intelligence, July 16, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.