Cyware Daily Threat Intelligence, June 17, 2019

See All
Educational institutions are becoming a lucrative target for cybercriminals as these entities hold a large amount of personal information as well as financial details of students, parents and staff members. The past 24 hours saw multiple phishing attacks at some well-known universities. This includes the Australian Catholic University (ACU), Graceland University, Oregon State University (OSU) and Missouri Southern State University. All the attacks were carried out by threat actors using phishing emails & social engineering techniques to steal the information.

While the security breach at the ACU has resulted in the compromise of email accounts, personal calendars and bank account details of its staff members, the phishing attack at OSU saw attackers stealing 636 records belonging to students and parents. The data breach at Graceland University and Missouri Southern State University also witnessed the unauthorized access to personal information of their employees and students.

Popular peer-to-peer mobile payment service app, Venmo also came under fire for a security lapse. A security expert had managed to scrape over seven million Venmo transactions due to a flaw in the app’s default privacy settings. These transactions were scattered over six months between July 2018 and February 2019. Upon learning the issue, Venmo updated its app by changing the default privacy settings from public to private.

Top Breaches Reported in the Last 24 Hours

Talanton site data leak
An unprotected Elasticsearch database belonging to a job portal website Talanton has exposed 3GB of data. The incident has affected over 1.6 million users. According to the researcher, the server containing the misconfigured database was left exposed between May 17, 2019, and June 15, 2019. It contained personal contact information and other PII of employers and job seekers.

ACU data breach
A phishing attack at Australian Catholic University has impacted email accounts, personal calendars and bank account details of its staff members. The incident took place on May 22, 2019. The threat actors behind the attack had sent phishing emails that appeared to come from a trusted organization. The email contained a link to a fake ACU login page. Upon discovery, the university had asked the staff members to perform a password reset of their email accounts.

OSU data breach
The Oregon State University(OSU) has also fallen victim to a phishing attack in May 2019. The attack impacted 636 student and family records. These records contained personally identifiable information (PII) of individuals such as their names, birthdates, and Social Security numbers. OSU has notified both students and family members of the incident. Apart from OSU, Graceland University and Missouri Southern State University have also suffered a loss of personal data in two different phishing attacks.

Venmo’s last six months transactions exposed
A security flaw in the default privacy settings of Venmo app had allowed a security expert to scrape over seven million transactions that spanned from July 2018 to February 2019. Each transaction included name and picture of the sender and receiver, the date and time of transactions and any text or emoji added to these transactions. Venmo fixed the issue by changing the privacy settings from public to private.

N.E.O. Urology pays $75,000
N.E.O. Urology in Boardman, Ohio paid attackers $75,000 as a ransom to have their computer systems unlocked.  The healthcare service provider was infected by a ransomware, which left all of its data encrypted. According to a report, the hackers infiltrated so deeply into the systems that it took three days to regain full access. The IT team used a third party to pay the hackers $75,000 in the form of Bitcoins.

Mermaids UK data breach
Mermaids UK has inadvertently disclosed private details of transgender children and young people after it published part of its email database on the internet. This exposed over 1000 pages containing confidential emails which were sent between 2016 and 2017. They included names, addresses and telephone numbers of those who needed help from the organization.

Top Malware Reported in the Last 24 Hours

Decryptor for GandCrab released
Bitdefender, in collaboration with the Europol, DIICOT, FBI and the Metropolitan Police, has released a new decryption tool to retrieve files encrypted by GandCrab ransomware. The key works for all the versions - from 5.0 to 5.2 - of the ransomware. It is estimated that over 1.5 million Windows users have been infected with GandCrab ransomware since its inception.

WSH RAT
WSH RAT is the latest variant of Houdini Worm which is used against commercial banking customers. The malware was released on June 2, 2019, and is distributed via URLs, .zip or .mht files through phishing emails. WSH RAT has keylogging, evasion and stealing capabilities.

Android.FakeApp.174
Multiple fake apps of well-known brands have been found distributing malware dubbed Android-FakeApp.174. When launched, the trojan loads a website in Google Chrome. The website asks the target to allow notifications under the guise of verifying that the user is not a bot. Once the targets have verified themselves, web push notifications are enabled in the background. This enables the spammers to spam a victim’s mobile with dozens of notifications.

Top Vulnerabilities Reported in the Last 24 Hours

XSS flaw in Google Invoice Submission portal
A cross-site scripting (XSS) vulnerability has been identified in the Google Invoice Submission Portal. The exploitation of the vulnerability can result in an attacker compromising the accounts, along with accessing the other parts of Google's internal network. It can also allow the attacker to hijack accounts and steal Google employee cookies for internal apps. The attacker can also launch extremely convincing spear-phishing attempts. As it is being executed inside a googleplex.com subdomain, it can even infect other devices connected to the network. After being notified, Google has patched the vulnerability in mid-April.  

Top Scams Reported in the Last 24 Hours

One Drive phishing campaign
A new phishing campaign that prompts users to log in a fake OneDrive site in order to read an encrypted message is doing the rounds on the internet. The campaign propagates through an email that goes with the subject line of ‘Encrypted Message Received’. It alerts the recipient to log into a fake OneDrive site to read the encrypted message. The purpose of the campaign is to retrieve login credentials from the users and later use them for identity theft. Thus, users are advised to examine the URL before entering their login credentials. 


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 18, 2019
Next
Cyware Daily Threat Intelligence, June 14, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.