Cyware Daily Threat Intelligence, June 27, 2019

See All
Critical security patches are crucial as they tend to make vulnerable devices or software more secure and resilient against cyber attacks. Lately, EA has fixed multiple vulnerabilities in its Origin platform that could have left 300 million users vulnerable to attacks. The flaws could have allowed attackers to completely take over user accounts that could likely result in fraudulent purchases. 

In a major data leak incident, over 143,000 data records belonging to Australian firm MEGT were exposed due to a misconfigured Amazon Web Service S3 bucket. The S3 bucket belonged to a third-party service provider who had been employed by the firm for a migration process during the group training. 

Cryptocurrency exchange platform Bitrue lost more than $4.5 million after hackers gained unauthorized access to its network. The stolen amount includes 9.3 million Ripple coins and 2.5 million Cardano coins worth $4.25 million and $225,000 respectively.

The past 24 hours also saw threat actors engaged in a new form of Bitcoin scam. The purpose of the scam was to distribute the infamous njRAT malware. The attackers leveraged fake YouTube videos that tricked users into winning free bitcoins. 

Top Breaches Reported in the Last 24 Hours

MEGT’s data exposed
Australian-based MEGT has exposed tens of thousands of sensitive data due to an unsecured Amazon Web Services S3 bucket. The researchers have discovered more than 143,000 records in the misconfigured S3 bucket. The exposed data included information about apprentices, passport scans, Visa details, employment agreements, and performance warnings. 

Borough of Westwood releases notice
Borough of Westwood has released a notice to inform individuals about a data breach that occurred on December 22, 2018. Westwood confirmed that the hackers had deployed malware on the network to gain unauthorized access to certain parts of a system. While there is no evidence of any data loss, the notice claims that the impacted system may include sensitive information such as name, Social Security number, Driver’s license number, state identification number or credit/debit card number.

Bitrue exchange losses over $4.5 million
Singapore-based cryptocurrency exchange Bitrue has been wiped off over $4.5 million after hackers hacked the trading platform. The stolen amount includes 9.3 million Ripple coins and 2.5 million Cardano coins worth $4.25 million and $225,000 respectively. Bitrue has tracked down the theft and is working with Bittrex, ChangeNow, and Huobi to recover the funds.    
  
Top Malware Reported in the Last 24 Hours

YouTube scam pushes njRAT
Threat actors are leveraging YouTube Bitcoin scams to distribute njRAT password-stealer malware. The malicious YouTube videos pretend to be hack scripts, giveaways or games that allow users to win free Bitcoins. These videos tend to have the ‘FREEBITCO IN’ string in the title or description. 

GreenFlash Sundown EK expands
The GreenFlash Sundown exploit kit has expanded its operation widely out of Asia. Researchers found out that one of the affected sites was onlinevideoconverter[.]com. People visiting the site would be redirected to exploit kit. The redirection mechanism is cleverly hidden within a fake GIF image that actually contains an obfuscated piece of JavaScript. In this attack campaign, the exploit kit is being used to deliver the SEON ransomware. 

ViceLeaker malware attack
Researchers have uncovered a new malware campaign called ViceLeaker that specifically targets Android users. The malware comes with various backdoor capabilities such as uploading, downloading & deleting files, camera takeover and recording surrounding audio. The malware uses HTTP for communication with the C2 server for command handling and data exfiltration. 
 
Top Vulnerabilities Reported in the Last 24 Hours

Flaws in EA’s platform fixed
Several vulnerabilities in Electronic Arts’s Origin - the platform which is widely used by high-profile games developers - have been fixed recently. These vulnerabilities could have allowed attackers to compromise accounts with complete takeovers. The vulnerabilities did not require any user to hand over any login details.

Google patches ZombieLoad
Google has released an update for Chrome OS 75 that includes mitigations for the Microarchitectural Data Sampling (MDS) vulnerabilities disclosed in May. The MDS speculative execution vulnerabilities are a class of flaws that include RIDL, Fallout, and ZombieLoad. The vulnerabilities could allow malicious programs to steal sensitive data from memory locations.

Cisco patches bugs
Cisco has patched two critical vulnerabilities in its Data Center Network Manager software. The vulnerabilities are tracked as remote code execution vulnerability (CVE-2019-1620) and authentication bypass vulnerability (CVE-2019-1619). Both have a CVSS score of 9.8. These flaws could allow attackers to take control of impacted systems.       

Top Scams Reported in the Last 24 Hours

Fake Facebook page offers free groceries
Woolworths supermarket has warned customers about an ongoing fake Facebook scam that offers free groceries. The scam involves followers of Woolworths' fans page being asked to share the page with their Facebook friends in order to win a year’s worth of free groceries. Similar types of scams related to this Australian-based supermarket were also spotted in previous months. The scammers were found promoting giveaways in exchange for shares and likes. Woolworths has urged its customers to be cautious of scammers can leverage such scams to steal their personal information and money. 


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 28, 2019
Next
Cyware Daily Threat Intelligence, June 26, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.