Go to listing page

Cyware Daily Threat Intelligence, July 19, 2019

Cyware Daily Threat Intelligence, July 19, 2019

Share Blog Post

Malicious actors are always on the lookout for weaknesses in software to launch cyberattacks on enterprises worldwide. One such incident has come to light in the past 24 hours. According to a security alert released by the Department of Education, it has been found that at least 62 US universities were hacked by exploiting a vulnerability in an admission and enrollment banner software made by the company Ellucian. The attackers had stolen student data to create thousands of student accounts which could be used later to commit cybercrimes. 

In another major incident, Slack has reset passwords of its users following the emergence of new details related to its 2015 data breach. This is applicable to the users who had created accounts before March 2015. 

The notorious TrickBot trojan was seen in a new cyberespionage campaign that leveraged a fake Office 365 site. The site showed fake Chrome and Firefox browser updates, which upon clicking, led to the download of the trojan. 

Top Breaches Reported in the Last 24 Hours

62 US universities targeted
At least 62 US universities have been targeted after hackers exploited a weakness in a popular admission and enrollment banner software made by Ellucian. The hackers stole student data used it to create thousands of fake accounts. These fake accounts were later used to commit cybercrimes.  

Slack resets passwords
Slack has reset passwords of around 1% of its users following the 2015 data breach. The action was taken after its bug bounty program had released a list of allegedly compromised Slack account passwords. The password reset is applicable to the users who had created accounts in Slack before March 2015.  

Wise Health notifies 36,000 patients
Wise Health is notifying around 36,000 patients about a phishing attack that occurred on March 2019. The attackers had gained unauthorized access to several employees’ email accounts and stolen patient records. The records included medical record numbers, treatment information and insurance information of patients.  

Laurentian University targeted
Some donors of Laurentian University were found to be the target of a phishing scam. According to the Chief Information Officer of the university, none of the targets were affected by the scam, nor were any private information stolen. The targets received an email which contained a request for money, or a request to review an invoice; which were supposedly delivered from the Advancement Office of the university. 

Top Malware Reported in the Last 24 Hours

TrickBot returns
A fake Office 365 website is being used to distribute the infamous TrickBot trojan. The site showed fake Chrome and Firefox browser updates to trick users into downloading the trojan. Once installed, the malware is hidden as a svchost.exe process to evade detection by security solutions.

Ryuk ransomware infiltrates 100 US firms
A new report has revealed that Ryuk ransomware has affected 100 US firms, enabling threat actors to earn money up to $5 million. The malware is a modified version of the Hermes virus and had debuted in August 2018. It spreads through the usual botnet and spam methods, and infiltrates through undefended IP ports.

60 variants of Mirai
More than 60 variants of Mirai botnet has targeted enterprises. The activities of Mirai had spiked in November 2018 and this doubled over a year. The new variants have the potential to impact cloud servers and heavily compromise information and insurance services and more. 

Magecart’s server collects credit card data
Magecart threat actor group is using servers hosted in Luhansk, Ukraine to conduct their web-skimming business. These web servers have been set up to receive the stolen data so that cards can be processed and eventually resold in underground forums. 
Top Scams Reported in the Last 24 Hours

Catfishing scam 
Scammers have created fake Twitter profiles to lure users into a friendship or romantic relationship, and steal money from them. The scam is being used to target Africans. Apart from this, they are also running other new scams such as fraud games and wire-fraud scams to cheat users. Thus, users are advised to be vigilant of such scams and not to transfer money to unknown sources immediately.  


ryuk ransomware
wise health
mirai botnet
trickbot trojan

Posted on: July 19, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.