Go to listing page

Cyware Daily Threat Intelligence, March 18, 2019

Cyware Daily Threat Intelligence, March 18, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

26.42 million user records on sale
Gnosticplayers, the hacker, has put up the 4th set of massive data for sale on the dark web forum. The data, totaling around 26.42 million user records, belongs to 6 companies namely GameSalad, Estante Virtual, Coubic and LifeBear, Bukalapak, and YouthManual. The data is being sold at a price of $4.940 or 1.2431 bitcoin.

ElasticSearch server exposes 250K docs
A database hosted on ElasticSearch server was found exposing 257,287 legal documents on the internet. Some of these documents were marked as 'not designated for publication'. The database was left online for roughly two weeks and contained unpublished legal documents relating to US court cases, exchanged between 2002 and 2010.

PIIs of over 800,000 blood donors leaked
An unsecured database that contained private data of 808,201 Singaporean blood donors since 1986, was found publicly accessible on the internet. The leakage occurred for nearly 2 months until the database was patched. The exposed database contained information like donor’s name, NRIC number, gender, number of blood donations, and the dates of their last 3 blood donations.

Gearbest security breach
Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders due to an unprotected ElasticSearch server. The server was not properly protected with a password. This enabled anyone to access customers' sensitive details like their names, phone numbers, email addresses and orders. The database also had payment and invoice information, with the amount spent and semi-masked names and addresses.

Top Malware Reported in the Last 24 Hours

Malspam campaign
Security researchers have discovered a new malspam campaign that is trying to utilize the tragic Boeing 737 Max crash incidents as a way to spread malware. The emails pretend to be leaked documents about the crashes and urge the victims to share them with other close friends. In order to make it less suspect, the email goes with the subject line 'Fwd: Airlines plane crash Boeing 737 Max 8'.

GandCrab v5.2 ransomware
Chinese government officials are being warned about a phishing campaign that delivers the infamous GandCrab v5.2 ransomware. North Korean hackers are believed to be behind the campaign. The malware is distributed via a .rar file. Once installed, the ransomware redirects the victims to download a Tor browser to further the attack process.

Password spraying attack
Researchers claim that hackers are using IMAP-based password spraying attack to crack Microsoft Office 365 and G Suite accounts that are protected with multi-factor authentication. This enables the malicious actors to steal sensitive data from the compromised accounts. Password-spraying attacks allow hackers to brute force the accounts without triggering an alert to the IT team.
Top Vulnerabilities Reported in the Last 24 Hours

Keystroke injection bug
Fujitsu LX wireless keyboards have been found susceptible to keystroke injection flaw. The flaw can allow a threat actor to beam wireless radio signals to the keyboard's receiver (USB dongle) and inject malicious keyboard presses on a user's computer. The flaw impacts the wireless desktop set Fujitsu LX901.

'Novel bug class' to be fixed
Microsoft has decided to fix a series of bugs called a 'novel bug class' in Windows 10 19H1. These bugs were discovered by a Google security engineer. This includes a total of 11 potential initiators and 16 potential receivers that could be abused for attacks.

PoC for a Windows vulnerability released
Proof-of-Concept for CVE-2019-0808 has been made public by the researchers from Qihoo 360. The vulnerability affects the Win32k component in Windows and allows an attacker to elevate his privileges and execute arbitrary code in kernel mode. If combined with the Chrome vulnerability, It can also be used to escape sandboxes.

Top Scams Reported in the Last 24 Hours

Christchurch donation scams
Scammers are leveraging the recent Christchurch terror attack to make money. Now, the CERT NZ issued a warning about various opportunistic cyber scams that could trick people into losing their money. The scams are conducted via phishing emails that contain online banking accounts of scammers. Apart from this, hackers are also sending malicious videos files on compromised websites or on social media to spread malware. Experts recommend that anyone wishing to donate should seek out official platforms and banks rather than using links in emails or on social media.


malspam campaign
password spraying attack
keystroke injection bug
gandcrab v52 ransomware

Posted on: March 18, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.