Go to listing page

Cyware Daily Threat Intelligence, June 24, 2019

Cyware Daily Threat Intelligence, June 24, 2019

Share Blog Post

With credential stuffing attacks running rampant, resetting/changing passwords is one of the immediate solutions to protect one’s account. Lately, TripAdvisor has disabled the current account passwords of some of its users following the discovery of their data in the ‘lists of publicly leaked passwords’. They have asked the affected victims to do a password reset in order to protect their accounts from credential stuffing attacks.

The past 24 hours saw a major revelation regarding the 2018 data breach on NASA. The space agency has disclosed that cybercriminals had gained access to the Jet Propulsion Laboratory (JPL)’s networks using a Raspberry Pi computer.  The hackers stole 500MB of data from 23 files among which two were related to NASA’s Mars missions.

The U.S Cybersecurity and Infrastructure Security Agency has released a statement about the increased use of wiper tools by Iranian threat actors. The attackers are using these tools with an intent to steal data and money from US industries and government agencies.

Top Breaches Reported in the Last 24 Hours

NASA’s 500MB data stolen
NASA confirmed that hackers had gained access to the Jet Propulsion Laboratory (JPL) last year and stole 500MB of data related to Mars missions. The hackers breached into NASA network in April 2018 and the intrusion went undetected nearly for a year. The hackers had managed to steal the data through an unauthorized Raspberry Pi Computer connected to the JPL servers.

Social Engineered hacked
A cross-site scripting vulnerability in MyBB open-source software allowed hackers to steal users’ information from the website ‘Social Engineered’. The stolen data was published on a rival hacking forum. Exposed information includes over 89,000 unique email addresses belonging to 55,000 forum account holders. Usernames, IP addresses, and passwords stored as salted MD5 hashes are among the other exposed data.

Dominion National data breach
Dominion National has disclosed that an unauthorized party has gained access to some of its computer servers since August 25, 2010. This has affected the personal information of some of its former and current members. Upon discovery, the company responded quickly by cleaning the affected servers. It has implemented enhanced monitoring and alerting software to avoid such incidents from happening in the future.

WeTransfer accidentally shares info
WeTransfer, a cloud-based file transfer service has accidentally shared users’ sensitive files to wrong people. The firm has notified its users via email and has blocked the link to prevent further downloads. It has also disabled some user accounts and has asked them to reset their passwords.

TripAdvisor resets passwords
TripAdvisor has sent emails to potential victims to warn them that their data has been found in the ‘lists of publicly leaked passwords’. The firm has invalidated the current passwords of these victims and asked them to reset them to prevent from falling victim to credential stuffing attacks.   

Top Malware Reported in the Last 24 Hours

Increased use of wiper tools
The U.S’ Cybersecurity and Infrastructure Security Agency has disclosed that Iranian threat actors are increasingly using destructive wiper tools to target US industries and government agencies. The purpose of such tools is to steal data and money. They are reported to use common tactics like spear phishing, password spraying, and credential stuffing to distribute such tools.

MobOk malware
MobOk is a newly discovered malware that was propagated in the form of two malicious photo editing apps - ‘Pink Camera’ and Pink Camera 2’. Once installed successfully, the malware is capable of collecting device information and sending it back to the hackers so that they can stealthily ‘subscribe’ to fake subscriptions in order to steal money.  

LooCipher ransomware
LooCipher is a ransomware that spreads via spam campaign. A malicious Word document named Info_BSV_2019.docm is used as a carrier of the ransomware. Upon execution, the ransomware creates a file named c2056.ini on the Windows desktop. It appends the encrypted files using the .lcphr extension.

Top Vulnerabilities Reported in the Last 24 Hours

Apple releases updates
Apple has released security updates to address vulnerabilities in  AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. The flaws could allow a remote attacker to take control of an affected system. Apple has urged the users using these devices to update their firmware to the latest 7.8.1 version.  

VLC Media Player flaws
Two high-severity vulnerabilities have been discovered in the VLC media player software versions prior to 3.0.7, along with other medium and low severity security flaws. All of these flaws can be used by hackers to perform arbitrary code execution attacks. The high severity vulnerabilities are tracked as  CVE-2019-12874 and CVE-2019-5439. Users are advised to update the software to VLC 3.0.7 or later versions.

Top Scams Reported in the Last 24 Hours

Giveaway scams
Bitcoin and Ethereum giveaway scams impersonating the identity of Elon Musk and John McAfee have been spotted in the wild. Such scams are being hugely promoted on Twitter. The scammers behind the scam ask the users to send Bitcoins or Ethereum to the listed address in exchange of a huge return. Users are asked to click on a link to know further details about the promotion or giveaway scheme. To make it more convincing, the fake pages even include fake comments of extra earnings and a fake call that lets the users subscribe to more articles from Elon Musk. Thus, users are urged not to fall for such giveaway scams and should thoroughly cross-check the identity before sending any amount.  


mobok malware
loocipher ransomware
credential stuffing attacks
giveaway scams

Posted on: June 24, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.