Cyware Daily Threat Intelligence, June 11, 2019

See All
Threat actors have taken phishing attacks to a whole new level. A recent phishing campaign saw attackers targeting Gmail users through fake and unsolicited Google Calendar notifications. In the scam, they exploited a default feature in Google Calendar to add fake invitations and events to the users’ calendars automatically.

In another phishing incident, malicious actors have been found using TLS-secured landing pages to trick users. They are incorporating a third-party verified certificate into the website before sending it to users’ emails. This way, users are tricked into believing that they are opening a secured website and end up sharing their personal details with the cybercrooks.

Three Russian banks - OTP Bank, Alfa Bank, and HCF Bank - have exposed sensitive details of 900,000 customers due to leaky databases. The compromised information includes names, phone numbers, passports, residential addresses and place of work of individuals.  

Top Breaches Reported in the Last 24 Hours

Three Russian banks expose data
Top three Russian banks have leaked sensitive data of their customers due to unprotected databases. The affected organizations are OTP Bank, Alfa Bank, and HCF Bank. The leak has affected the personal details of 900,000 customers. Compromised information includes names, phone numbers, passports, residential addresses and place of work of individuals. Experts believe that the affected individuals may have been subject to scams.  

US CBP data breach
The US Customs and Border Protection agency disclosed that it fell victim to a data breach that occurred at one of its subcontractors. This resulted in the compromise of license plate images and travelers’ photos. The agency became aware of the breach on May 31, 2019. It has taken steps to remove travelers’ data from the victim subcontractor’s network.

‘Triple Threat’ ransomware attack
The ‘Triple Threat’ ransomware attack has crippled the email systems and services of Lake City. It has forced several services such as land-line phones and online payments to shut down. However, the Police and Fire departments are fully operational. Due to the breakdown of computer systems, the city is forced to carry out its all utility payments through hand-written receipts. The city officials have confirmed that no payment details have been affected in the attack.  

The Auburn Food Bank attacked
The Auburn Food Bank in King County has been attacked by a ransomware strain named GlobeImposter 2.0. The ransomware attack resulted in the encryption of the majority of the computers on the network. The incident occurred on June 5, 2019, It is still unclear how the hackers were able to get into the network.

Hopkins County school data breach
A data breach at Hopkins County School has affected the personal information of about 7,000 students. The incident occurred after a hacker gained unauthorized access to an employee’s account. This enabled the hacker to access a database which contained names, birth dates and social security numbers of students.    

Top Malware Reported in the Last 24 Hours

‘Secured’ website used in phishing
The U.S. Federal Bureau of Investigation has issued public notice warning users about a new phishing campaign. Scammers are using TLS-secured landing pages to exploit users’ trust and trick them into submitting their sensitive personal information. They managed to pull off this act by incorporating a third-party verified certificate into the website before sending it to a victim. Thus, users are advised to check the spelling of the URL before opening any suspicious attachments.

DNS compromise hack
Threat actors are leveraging a new security hole in the DNS system to target users in the UK. They use Google’s public DNS resolver to retrieve JavaScript commands embedded in a domain’s TXT record in order to redirect users to an unwanted trading ad site. The unaware users are sent spam emails that have the subject line of ‘Delivery [number]’. The email includes an attachment which is actually an HTML file and redirects users to a phishing URL  https[:]//appteslerapp[.]com/.

Top Vulnerabilities Reported in the Last 24 Hours

Command execution vulnerability
A security researcher has discovered a high-severity OS command execution vulnerability in Vim and Neovim. These popular command-line text editing applications come pre-installed with most Linux-based operating systems. The vulnerability tracked as CVE-2019-12735 can allow attackers to secretly execute commands on systems and take remote control over them.

WP Chat plugin bug
An authentication bypass flaw - CVE-2019-12498 - has been uncovered in WP Live Chat plugin for WordPress. This flaw affects versions prior to 8.0.32. It can allow unauthenticated users to access restricted REST API endpoints. The flaw has been addressed in the latest 8.0.33 version of the plugin.

VLC Media Player 3.0.7 released
VLC has released the new 3.0.7 version which fixes 33 flaws, two of which have a severe score. Out of the two, one is an out-of-bound write vulnerability in the fadd2 library and the other is a stack overflow in the RIST Module of VLC 4.0. 21 out of 33 flaws have been marked as ‘medium’.   

Top Scams Reported in the Last 24 Hours

‘Calendar’ phishing scam
Scammers are abusing a Google Calendar feature to send false invitation and events to Gmail users. The main purpose of the scam is to trick users into sharing their personal information. The scam involves victims receiving phishing emails that appear to be an unsolicited calendar invitation. It includes a link to a phishing URL that redirects users to a fake website designed to collect users’ personal and financial data.

Post-tax season phishing scams
The IRS has identified two new variations of post-tax season phishing scams. They are called ‘The SSN Hustle’ and ‘Fake tax agency scam’. The first scam threatens to cancel a victim’s Social Security number while the other claims to threaten victims with an IRS lien or levy. IRS has asked the users to be wary of such scams and look for telltale signs to detect them. They should not make immediate payments for taxes without verifying the identity of the agent.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 12, 2019
Next
Cyware Daily Threat Intelligence, June 10, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.