Cyware Daily Threat Intelligence, June 18, 2019

See All
Data breaches continue to be the top concern for business entities and individuals. With hackers like ‘Gnosticplayers’ making a repeated comeback, the situation looks even grimmer. Lately, the hacker has been found to have hacked EatStreet, an online and mobile food ordering service. In another major breach incident, internet advertising firm X Social Media has exposed around 150,000 records due to an unprotected database.

A descendant of the notorious Mirai botnet, Echobot, has evolved to target a wide range of IoT devices. This new variant of Echobot has been found to include a total of 26 exploits in its arsenal.  

The past 24 hours also saw four vulnerabilities impacting Linux and FreeBSD kernels. ‘SACK Panic’ is the most severe vulnerability of all flaws. It affects all the versions after 2.6.29 of Linux kernel. The flaw can permit an attacker to remotely induce a kernel panic within recent Linux operating systems.  

Top Breaches Reported in the Last 24 Hours

X Social Media exposes 150,000 records
X Social Media, an internet advertising firm, has exposed close to 150,000 records due to an unprotected database. The database contained names, addresses, phone numbers, the date and time of a person’s incident submission and health information of individuals. The exposed database also contained a list of more than 300 law firms who paid X Social Media to set up the lead-generation operation. It also contained records of how much each law firm paid the ad company. The database also contained the bank routing and account numbers of the ad company.  

Estes Park Health pays a ransom
Estes Park Health (EPH) has paid a ransom of $10,000 to retrieve its systems from a ransomware attack. The firm was attacked by ransomware on June 2, 2019. This had impacted their network, phone services, and email services. Later, EPH was forced to carry out most of its operation on pen and paper.

EatStreet breached
‘Gnosticplayers’ has hacked EatStreet, an online and mobile food ordering service, last month. The unauthorized access to its computer network went on from May 3, 2019, to May 17, 2019. The hacker stole information on customers who used EatStreet’s service to order food. The hacker also got the list of restaurants participating in EatStreet service, along with info on the third-party delivery services.  

Red Deer hospital data breach
Alberta Health Services is notifying 6,129 patients that their health information may have been viewed following the theft of two hard drives at Red Deer hospital. The stolen hard drives resided in an electromyogram (EMG) machine as well as from an electroencephalogram (EEG) machine. The incident had occurred in April 2019.       

Top Malware Reported in the Last 24 Hours

Echobot evolves
The latest variant of Echobot has evolved and includes 26 exploits to its arsenal. The original Echobot had exploit code of 18 vulnerabilities. The new variant of Echobot has been designed to target network-attached storage devices (NAS), routers, network video recorders (NVR), IP cameras, IP phones, and wireless presentation systems.  

Malicious apps bypass 2FA
Researchers have uncovered three malicious apps that are capable of accessing OTPs in SMS without having SMS view permission. These apps can also obtain OTPs from some email-based 2FA systems using the same technique. For this, the apps are impersonating the Turkish cryptocurrency exchange BtcTurk to steal login credentials. The malware used for this purpose has been tracked as Android/FakeApp.KP.  

Backdoor.Win32.Plurox
A modular backdoor named Backdoor.Win32.Plurox has been identified spreading over a local network via an exploit. The malware is capable of installing miners and other malicious software on victims’ computers. The malware is written in C and compiled with Mingw GCC.

Top Vulnerabilities Reported in the Last 24 Hours

SACK Panic flaw
Netflix researchers have identified a total of four vulnerabilities in FreeBSD and Linux kernels. One of these vulnerabilities is tracked as ‘Sack Panic’ (CVE-2019-11477). It can allow an attacker to remotely induce a kernel panic within recent Linux operating systems. Other security vulnerabilities tracked are CVE-2019-11478, CVE-2019-11479 and CVE-2019-5599.

Zero-day flaws in Facebook’s WordPress plugins
Two zero-day flaws have been discovered in ‘Messenger Customer Chat’ and ‘Facebook for WooCommerce’ WordPress plugins. While the first one has over 20,000 downloads, the second has a user base of around 200,000. Both the plugins are affected by two cross-site request forgery (CSRF) flaws. The vulnerabilities can allow authenticated users to alter WordPress site options.  

Vulnerable Cosmos SDK
Tendermint has released a full report of a critical security vulnerability in the Cosmos Software Development Kit (SDK). The flaw actually exists in the ‘staking module’ of the SDK which debuted in 2018 as a ‘state-of-the-art’ blockchain toolkit. It could enable a validator to bypass certain penalties for misbehavior on the network. The vulnerability has been fully patched on the Cosmos network.  

Top Scams Reported in the Last 24 Hours

Online bank fraud
UAE-based Emirates NBD has warned customers to stay vigilant and cross-check the source before clicking on any links or attachments. The statement has been released after a customer lost a huge amount by clicking on a malicious link that came attached within an email. The link used for the campaign was ‘https[:]//emiratesmbd[.]ru/green[.]php’. The bank in its response has urged its customers to never share their personal and financial details to strangers and over emails or links as Emirates NBD never asks to do so.  

Netflix fraud
Netflix users in Ireland are being warned about a new scam that lets scammers take over their account. The scam involves users receiving a phishing email that asks them to update their accounts within 24 hours. Users are asked to provide their personal information in the pretext of updating their accounts. Therefore, Netflix has urged users to ignore such emails and not share their personal data.   


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 19, 2019
Next
Cyware Daily Threat Intelligence, June 17, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.