Cyware Daily Threat Intelligence, July 18, 2019

See All
Malvertising has always been one of the common attack vectors among cybercriminals to generate revenues or to spread malware. Recently, researchers have come across a malvertising campaign that was carried out by a Hong Kong-based threat actor group. The group has pushed around 100 million malicious ads that redirected users to scams, malware and adware bundles. These ads were being displayed through Windows 10 apps and Microsoft games. 

The past 24 hours saw a major data leak due to an unprotected Elasticsearch database. The leaky database contained over 899GB of personal related to Chinese citizens. This data was associated with more than 100 loan apps. 

The BlueKeep vulnerability, discovered in May 2019, continues to pose a risk for more than 805,000 computers. Researchers have found that these systems are still using the older versions of Windows - XP, 7, Server 2003 and Server 2008 - that can make them vulnerable to the flaw.  

Top Breaches Reported in the Last 24 Hours

899GB data leaked
An unprotected Elasticsearch database was found exposing over 899GB of data on the internet for two weeks. The database contained data from more than 100 loan-related apps. The exposed data included personal information of Chinese citizens such as their names, phone numbers, and addresses. The database also included financial data such as loan records, risk management data, and ID numbers.

Microsoft notifies around 10,000 customers
Microsoft has recently disclosed that it has notified nearly 10,000 customers that they were targeted by state-sponsored hackers last year. Most of these attacks had come from hacker groups based in Iran, North Korea, and Russia. While 84% of these attacks carried out by these threat actors targeted its enterprise customers, about 16% were aimed at home consumers and their personal email accounts.

Top Malware Reported in the Last 24 Hours

One billion fake ad impressions 
Researchers have revealed a new malware framework that targets major browsers installed on Windows machines. It has generated more than one billion false Google AdSense impressions in the past three months alone. The framework has been designed to monitor statistics on social sites and ad impressions, creating revenue for its operators who are using botnets.   

EvilGnome backdoor
Researchers have uncovered a new backdoor dubbed ‘EvilGnome’ that targets Linux users by impersonating a Gnome shell extension. This Linux malware is capable of spying on users, taking desktop screenshots, capturing audio recordings from the user’s microphone, stealing files, and downloading additional modules.

Seven Stalkerware apps removed
Google has removed seven Stalkerware apps from its Play Store that allowed people to stalk employees, partners, or kids. These Stalkerware apps were capable of spying on victims and tracking a person’s location, SMS, call history. These apps can also collect victims’ contact details. These apps were installed by over 130,000 users before they were removed.

Malvertising campaign
A Hong Kong-based threat actor group has been found using Windows 10 apps and Microsoft games to push 100 million malicious ads in 2019. These ads displayed tech support scams, phishing pages, and fake sweepstakes. 
Top Vulnerabilities Reported in the Last 24 Hours

Drupal patches vulnerability
Drupal CMS team has released a security update to address a critical bypass vulnerability in the CMS’ core component. The flaw could allow attackers to take control of impacted sites. It affected all versions of Drupal prior to 8.7.4. However, Drupal 8.6.x and 7.x are not affected by the flaw.

BlueKeep vulnerability still affects computers
More than 805,000 internet-facing systems using older versions of Windows are still vulnerable to BlueKeep vulnerability. The vulnerability was uncovered in May 2019 and since then the number of systems likely to be affected by BlueKeep has dropped to 17%. The BlueKeep flaw affects RDP services in older versions of Windows OS such as XP, 7, Server 2003 and Server 2008.

Vulnerable Jenkins server
The researchers of Trend Micro have discovered that the default settings of Jenkins software, along with its matrix-based security, suffer from security problems that can result in remote code execution attacks. By leveraging these issues, attackers can execute remote code on the master machine and completely overwrite it.

  • Share this blog:
Cyware Daily Threat Intelligence, July 19, 2019
Cyware Daily Threat Intelligence, July 17, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.