Cyware Daily Threat Intelligence, July 31, 2019

See All
Tricking individuals and organizations through BEC scams is a lucrative option for cybercriminals. Cabarrus County in North Carolina recently admitted that it has lost over $1.7 million in a BEC scam. The scammers pretended to be contractors for the County’s new high school and had sent a phishing email in order to obtain money. 

The notorious Trickbot trojan is back with a new version and is seen targeting Microsoft Defender application using 12 additional methods. The malware attempts to disable and delete processes associated with the services to gain higher system privileges. 

In a major update, Google has released Chrome 76 for Windows, Mac, and Linux systems. The version includes 43 security fixes for major vulnerabilities such as memory corruption, integer overflow, and use-after-free issues.  

Top Breaches Reported in the Last 24 Hours

Seven & I Holdings Co. resets passwords
The passwords of almost 16.5 million registered 7pay IDs were changed by Seven & I Holdings Co. The IDs are related to the smartphone payment service of the company. The decision was taken after the service suffered a security breach. The breach had affected a total of 807 customers and almost ¥38.6 million was stolen by attackers.

Ameritas data breach

Insurance and finance company Ameritas has notified an unknown number of customers that their personal information may have been exposed in a data breach. The Lincoln-based company admitted that several of its employees fell victim to phishing scams in May and early June this year. The information exposed in the attack includes names, addresses, email addresses, Social Security numbers, and policy numbers. 

Watertown District school suffers an attack
Watertown (New York) City School District was hit by a cyberattack on the 27th of July. The type of attack has not been specified and neither the school has received any ransom demand and no proof of data exfiltration has been witnessed. The impact of the attack is reported to be severe. The district employees could not access files, email or even print documents and have been told to not even login to their work accounts. 

Top Malware Reported in the Last 24 Hours

Trickbot trojan evolves
A new version of Trickbot trojan that targets Microsoft Defender using 12 additional methods. The malware variant, once executed, gets the system ready by disabling Windows services and processes associated with security software and performing elevation to gain higher system privileges.

CaaS model used to sell credentials    
Malicious actors are now using a combolists-as-a-service (CaaS) model to sell credentials to other cybercrooks. Threat actors can purchase these credentials to perform account takeover attacks against individuals and organizations. Some of the services that are included under this model are DataSense and DatabaseHUB.  

Top Vulnerabilities Reported in the Last 24 Hours 

Vulnerable OXID platform fixed
OXID e-commerce platform has fixed a remote takeover security flaw that could be exploited without authentication. The online shopping forum is used by big names like Mercedes to sell used car parts. The vulnerability is tracked as CVE-2019-13026. 

Chrome 76 released
Google has released the latest version of the Chrome browser, 76.0.3809.87. The version includes 43 security fixes for vulnerabilities such as memory corruption, integer overflow, and use-after-free issues.  

CAN bus vulnerabilities
DHS cybersecurity agency CISA has issued a security alert to warn owners of small aircraft about vulnerabilities that can be exploited to alter airplane telemetry. The flaws reside in the avionics, specifically inside a small aircraft’s CAN bus.  

Telegram rolls out a fix
Instant messaging service Telegram has rolled out an update to prevent hackers from abusing voicemail accounts to gain access to other users' accounts. Known as a "voicemail hack" or "voicemail hijack," the hack has been used in the past few months to gain access to over 1,000 Telegram accounts in Brazil.
 
Vulnerable Amcrest IP2M-841B camera
A security flaw in Amcrest IP2M-841B IP camera can permit attackers to remotely spy on users without any form of authentication. The vulnerability has been assigned as CVE-2019-3948 and could enable attackers to remotely listen to the camera’s audio feed over HTTP.    

Top Scams Reported in the Last 24 Hours

Cabarrus County loses $1.7 million to BEC scam
Cabarrus County fell victim to a BEC scam that resulted in the loss of over $1.7 million. The scam was conducted through a phishing email that appeared to come from Roanoke, Virginia-based Branch and Associates Inc. The email had the bank account for the Branch and Associates had been changed and the County should use it for future payments. The County officials were tricked by the legitimate-looking fake email and had transferred around $2.5 million. After the discovery of the incident, the County was able to recover only $776,518.40.  




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 01, 2019
Next
Cyware Daily Threat Intelligence, July 30, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.