Cyware Daily Threat Intelligence, June 04, 2019

See All
Data breaches have increased at an alarming pace. The past 24 hours witnessed three major data breaches that have impacted millions of individuals worldwide. The organizations under the scanner are Quest Diagnostics, FMC Consulting, and Australian National University.

The data breach at Quest Diagnostics has resulted in the compromise of personal information of approximately 12 million clients. The breach occurred after the attackers gained access to American Medical Collection Agency’s (AMCA) system between August 1, 2018, and March 30, 2019. AMCA was one of the billing providers for Quest Diagnostics.

In another incident, FMC Consulting was found leaking millions of resumes and company records due to a misconfigured Elasticsearch database. The database contained 9082 company contracts, 20,539,522 resumes, 73,000 client messages, 884,178 internal emails and full records of employees’ daily tasks.

On the other hand, the breach at Australian National University had resulted in the compromise of personal data that was at least nineteen years old. The compromised information included data of staff, students and visitors.

Top Breaches Reported in the Last 24 Hours

Quest Diagnostics data breach
A massive data breach at American Medical Collection Agency (AMCA) has impacted approximately 12 million Quest Diagnostics’ clients. The company became aware of the incident after it received a notification from the billing provider. The attackers had gained unauthorized access to AMCA’s system between August 1, 2018, and March 30, 2019. This had resulted in the compromise of information related to various business entities, including Quest Diagnostics. Upon learning this, the company has suspended sending collection requests to AMCA.

FMC Consulting data leak
A publicly accessible Elasticsearch database owned by FMC Consulting had leaked millions of resumes and sensitive records. The database contained 9082 company contracts, 20,539,522 resumes, 73,000 client messages, 884,178 internal emails and full records of employees’ daily tasks. The misconfigured database was immediately taken offline after the incident was reported to CERT, China. 

ANU systems breached
Australian National University has disclosed a massive data breach that might have affected the personal information of staff, students and visitors. The incident occurred during late 2018. However, it was discovered only on May 17, 2019. The university confirmed that the attackers have gained access to personal data which is at least nineteen years old. The compromised information may include names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, and passport details of individuals.

Top Malware Reported in the Last 24 Hours

Windows 10 apps distribute fake ads
Several Windows 10 users in Germany had reported being targeted through Microsoft’s Advertising-supported ads over the weekend. These users had complained that their browser would suddenly redirect them to sites that pushed tech support scams, sweepstakes, surveys, and win-a-prize wheel. The ultimate goal of the campaign was either to steal users’ personal data or deploy malicious software. The apps that were used for the campaign were Microsoft News and Microsoft Jigsaw among others.

Tap ‘n Ghost attack
Researchers have revealed a PoC for a newly discovered attack named Tap ‘n Ghost. The attack can be used against Android smartphones, voting machines, and ATMs. The attack leverages the vulnerable Near-Field Communication (NFC) to target devices. It is deployed in two steps using two attack techniques: Tag-based Adaptive Ploy and Ghost Touch Generator.

Jason hacking tool
New Iranian hacking tool named Jason has been added to the arsenal of Iranian state hackers. The source code of the tool has been published in a Telegram channel by a hacker who goes by the name of Lab Dookhtegan. The tool can be used to brute-force Microsoft Exchange email servers.

BlackSquid malware
A new form of malware named BlackSquid has been found using a barrage of exploits in a new cyberespionage campaign. The overall aim of the campaign is to compromise web servers, network drives and removable storage to install XMRig on targeted machines. The range of exploits that are widely used by the malware includes EternalBlue, DoublePulsar, an Apache Tomcat security flaw (CVE-2017-12615), a Windows Shell issue in Microsoft Server (CVE-2017-8464) and three ThinkPHP exploits.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable rkt container
Security experts have discovered some security issues in the rkt container that could be exploited by an attacker to bypass the container security and gain root access to the host. The vulnerabilities are designated as CVE-2019-10144, CVE-2019-10145, and CVE-2019-10147. The experts have published a video PoC for the exploitation of these vulnerabilities.

macOS flaw can allow Synthetic clicks
A flaw in macOS can be leveraged to bypass its security and privacy features to perform Synthetic Clicks without the interaction of users. This can allow an attacker to access sensitive data of users such as their browsing history, device camera, microphone, location data, photos, and messages. According to researchers, no special privileges are required to carry out the attack.

Top Scams Reported in the Last 24 Hours

Fake job ads
The Australian Cyber Security Center’s Stay Smart Online has warned Australian job seekers about fake employment ads that trick job hunters into transferring money to cybercriminals. The scammers post legitimate looking job ads on official job seeker websites and ask applicants to transfer money as part of the job application process. The official websites used in the scam are Seek, Indeed and Jora. Generally, cybercriminals use this method to hide the illegal transfer of money from authorities by passing it through a series of bank accounts. Thus, users are advised to verify the identity of the recruiter by checking the firm’s website and social media platforms to prevent from falling prey to money transfer frauds. 


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 05, 2019
Next
Cyware Daily Threat Intelligence, June 03, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.