Cyware Daily Threat Intelligence, July 18, 2019

Share Blog post

Malvertising has always been one of the common attack vectors among cybercriminals to generate revenues or to spread malware. Recently, researchers have come across a malvertising campaign that was carried out by a Hong Kong-based threat actor group. The group has pushed around 100 million malicious ads that redirected users to scams, malware and adware bundles. These ads were being displayed through Windows 10 apps and Microsoft games. 

The past 24 hours saw a major data leak due to an unprotected Elasticsearch database. The leaky database contained over 899GB of personal related to Chinese citizens. This data was associated with more than 100 loan apps. 

The BlueKeep vulnerability, discovered in May 2019, continues to pose a risk for more than 805,000 computers. Researchers have found that these systems are still using the older versions of Windows - XP, 7, Server 2003 and Server 2008 - that can make them vulnerable to the flaw.  

Top Breaches Reported in the Last 24 Hours

899GB data leaked
An unprotected Elasticsearch database was found exposing over 899GB of data on the internet for two weeks. The database contained data from more than 100 loan-related apps. The exposed data included personal information of Chinese citizens such as their names, phone numbers, and addresses. The database also included financial data such as loan records, risk management data, and ID numbers.

Microsoft notifies around 10,000 customers
Microsoft has recently disclosed that it has notified nearly 10,000 customers that they were targeted by state-sponsored hackers last year. Most of these attacks had come from hacker groups based in Iran, North Korea, and Russia. While 84% of these attacks carried out by these threat actors targeted its enterprise customers, about 16% were aimed at home consumers and their personal email accounts.

Top Malware Reported in the Last 24 Hours

One billion fake ad impressions 
Researchers have revealed a new malware framework that targets major browsers installed on Windows machines. It has generated more than one billion false Google AdSense impressions in the past three months alone. The framework has been designed to monitor statistics on social sites and ad impressions, creating revenue for its operators who are using botnets.   

EvilGnome backdoor
Researchers have uncovered a new backdoor dubbed ‘EvilGnome’ that targets Linux users by impersonating a Gnome shell extension. This Linux malware is capable of spying on users, taking desktop screenshots, capturing audio recordings from the user’s microphone, stealing files, and downloading additional modules.

Seven Stalkerware apps removed
Google has removed seven Stalkerware apps from its Play Store that allowed people to stalk employees, partners, or kids. These Stalkerware apps were capable of spying on victims and tracking a person’s location, SMS, call history. These apps can also collect victims’ contact details. These apps were installed by over 130,000 users before they were removed.

Malvertising campaign
A Hong Kong-based threat actor group has been found using Windows 10 apps and Microsoft games to push 100 million malicious ads in 2019. These ads displayed tech support scams, phishing pages, and fake sweepstakes. 
  
Top Vulnerabilities Reported in the Last 24 Hours

Drupal patches vulnerability
Drupal CMS team has released a security update to address a critical bypass vulnerability in the CMS’ core component. The flaw could allow attackers to take control of impacted sites. It affected all versions of Drupal prior to 8.7.4. However, Drupal 8.6.x and 7.x are not affected by the flaw.

BlueKeep vulnerability still affects computers
More than 805,000 internet-facing systems using older versions of Windows are still vulnerable to BlueKeep vulnerability. The vulnerability was uncovered in May 2019 and since then the number of systems likely to be affected by BlueKeep has dropped to 17%. The BlueKeep flaw affects RDP services in older versions of Windows OS such as XP, 7, Server 2003 and Server 2008.

Vulnerable Jenkins server
The researchers of Trend Micro have discovered that the default settings of Jenkins software, along with its matrix-based security, suffer from security problems that can result in remote code execution attacks. By leveraging these issues, attackers can execute remote code on the master machine and completely overwrite it.

 Tags

elasticsearch database
drupal
microsoftinc
stalkerware apps
bluekeep vulnerability
evilgnome backdoor

Posted on: July 18, 2019

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!