Cyware Daily Threat Intelligence, July 22, 2019

See All
Malicious browser extensions can pose a serious threat as they can be modified to deliver malware or steal sensitive information from browsers. Lately, researchers have identified a DataSpii leak that has affected as many as 4.1 million users. A total of eight Firefox and Chrome browser extensions have been found collecting both personally identifiable information and corporate information of users. Hover Zoom, SpeakIt!, SuperZoom,SaveFrom.net Helper, FairShare Unlock, and PanelMeasurement are some of the malicious extensions involved in the DataSpii leak. 

In another major data breach incident, a hacker group named ‘0v1ru$’ has breached SyTech, a contractor for the Russian Federal Security Service and stole around 7.5TB of sensitive data. This includes information about internal projects the contractor was working for the agency. The projects include Nautilus, Nautilus-S, Reward, Mentor, Hope, and Tax-3.

The past 24 hours also saw a phishing scam that included the use of fake Office 365 Admin alert. The purpose of the scam was to steal Microsoft login credentials from users.

Top Breaches Reported in the Last 24 Hours

DataSpii leak
Researchers have come found a massive data leak that occurred via Chrome and Firefox browser extensions. The leak has affected close to 4.1 million users. These malicious extensions collected both personal identification information and corporate information from victims’ computers. Among the corporate data, the leak had exposed corporate memos, zero-day vulnerabilities. Similarly, the exposed users’ data involved their tax returns, GPS locations, travel itineraries, and credit card details.  

iNSYNQ ransomware attack
Cloud computing provider iNSYNQ was attacked by ransomware on July 16, 2019. The attack had caused the company to shut down some of its servers. The infection had impacted the data belonging to its clients. Upon discovery, the firm took immediate action to restore the affected systems.

SyTech’s 7.5TB data stolen
A hacker group named ‘0v1ru$’ has breached SyTech, a contractor for the Russian Federal Security Service and stole around 7.5TB of sensitive data. This includes information about internal projects the contractor was working for the agency. The projects include Nautilus, Nautilus-S, Reward, Mentor, Hope, and Tax-3.

Discord breached
Hackers have published a list of around 2500 email addresses and passwords belonging to Discord users. Some of these login credentials appear genuine. Hackers who published the list said that these credentials were phished from the users.
 
Top Malware Reported in the Last 24 Hours

Pegasus spyware evolves
The NSO Group has been advertising the Pegasus spyware with new capabilities. The spyware can now scrape a target’s data from the servers of Apple, Google, Amazon, Facebook, and Microsoft. The malware can do so by targeting users’ laptops, tablets, and phones. 

MegaCortex ransomware
Researchers have analyzed a sample of the MegaCortex ransomware, which is responsible for many targeted enterprise attacks. The attackers behind the ransomware operated by accessing a network, and then compromising the Windows domain controller. After encrypting, the ransomware asks a ransom that falls somewhere between 2-3 bitcoins to 600 BTC.  

Scotland Yard’s Twitter account hacked
Miscreants had compromised the official Twitter account of the UK’s Metropolitan Police Service and posted a series of tweets related to the jailed British rapper Rhys Herbert, also known as Digga D. After the incident, the MPS has hinted at setting access restrictions for the service provider MyNewsDesk.   

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable VLC Media Player
VLC Media Player, versions 3.0.71 and below, are impacted by a security flaw that can allow attackers to execute arbitrary code. The vulnerability has been tracked as CVE-2019-13615 and is a buffer over-read flaw. It has a CVSS score of 9.8.

Vulnerable NVIDIA’s Tegra chipset
A high-severity vulnerability has been discovered in the Tegra chipset of NVIDIA, which affects millions of mobile and internet of things (IoT) devices. Through exploitation, attackers could operate several kinds of attacks like on the compromised device, like device hijacking, data siphoning, etc. The vulnerability has been identified as CVE-2019-5680 and exists in Jetson TX1 L4T, a system-on-a-chip (SoC) framework of Tegra.

Cisco release updates
Cisco has released security updates for vulnerabilities in multiple products. The patch includes fixes for vulnerabilities in Cisco Vision Dynamic Signage Director REST API, FindIT Network Management Software and IOS Access Points Software 802.11r.    

Top Scams Reported in the Last 24 Hours

Fake FaceApp scams
Scammers are making quick money by luring users into subscribing to a fake ‘Pro’ version of the app. They are conducting this scam through fake websites and YouTube videos. These websites and videos prompt the users to download the ‘Premium’ version of FaceApp for free. However, instead, the user is tricked into installing other apps, ads, and surveys. 

Fake Office 365 Admin alerts
Scammers are sending fake Office 365 Admin alerts to steal login credentials of users. The alerts are time-sensitive and inform users of an issue with the mail service or of unauthorized access. Later, they are asked to click on a link that comes attached in the email. This link leads to a fake Microsoft login page hosted on the windows.net domain on Azure.    




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 23, 2019
Next
Cyware Daily Threat Intelligence, July 19, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.