Cyware Daily Threat Intelligence June 12, 2018

BrowseFox certificate abused
Security researchers have spotted an enormous BrowseFox certificate abuse that has occurred due to the deployment of machine learning(ML) algorithms. Experts analyzed a set of 2 million signed files using LSH-based clustering and found that these files were signed by many different signers. The signed files were found to be associated with malicious software downloads.

ActiveX vulnerabilities
North-Korea based Lazarus Group recently launched a series of attacks by leveraging nine vulnerabilities found in ActiveX control. The hackers performed watering hole attack, a zero-day attack and used backdoor Trojans by exploiting the vulnerabilities to infect the high-value targets. Malicious Javascript has been used to exploit the ActiveX. This malicious script is found hidden in http://www.sejong[.]org/js/jquery-1.5.3.min[.]js. Geth hacked
Security researchers have found that a severe vulnerability in Geth has led to a loss of more than $20 million worth Ethereum. The hackers were found scanning the port 8545 -- which is used to communicate with Ethereum networks -- to find insecure clients. Thus in order to stay safe, the users who have implemented Ethereum nodes are advised to allow connections to Geth client originating from the local computer.

Wellington data breach
The residents of Wellington may have suffered a data breach between July 2017 and February 2018, due to the faulty Click2Gov payment system. Certain vulnerabilities were found in the payment software, that may have resulted in the exposure of crucial data like customer names, and credit card numbers.

Terros data breach
Terros Health officials fear that personal data of more than 1000  patients might have been exposed due to a data breach that occurred in April. The leaked info includes name, date of birth, physical and email address, the medical record number and other health information of a patient. Phishing email was used to execute the breach. Chip-card cloning scam
In a first-of-its-kind crime, a Mumbai-based woman was reported to have lost Rs 40,700 from her account, after her ATM chip-card was cloned and money was withdrawn by a shimmer. Interestingly, the scam took place without using the one-time password (OTP). The police claim that the threat actor may have noted the PIN number of the card to dupe the woman. Meanwhile, experts say that the culprit has used the new card skimming technique called 'Shimming'. Chip-based credit and debit cards are the main targets of this attack method.

Fake giveaway scam
According to a statistical data compiled by EtherScamDB, fake Twitter handles have been created to promote fake giveaways that trick users into depositing small amounts in exchange for big returns. The scam has resulted in the loss of 8,148 Ethereum which currently worths around $4.3 million. Fake Twitter handles of well-known personalities were used to perform the scam. Thus, Twitteratis are advised not to send money online to any stranger and must pay attention to the Twitter handles that promote this type of giveaways.