Cyware Daily Threat Intelligence, March 25, 2019

See All
Cybercriminals are indeed smitten by the potential of the AZORult banking trojan. The trojan, which was first observed in 2016, has now been enhanced with new capabilities. Security researchers are calling this new variant ‘AZORult++’ as it is written in C++ language. The malware’s capabilities include harvesting users’ credentials, browser history and cookies. This all-new AZORult++ trojan has been observed targeting enterprises in Russia and India.

In the realm of data breaches, the United States Federal Emergency Management Agency has inadvertently shared sensitive data of more than 2 million US disaster survivors with one of its contractors. The incident has affected the victims who had sought temporary housing after Hurricanes (Harvey, Irma & Maria) and a series of California wildfires in 2017. The information exposed in the data breach includes applicants' names, dates of birth, disaster numbers and eligibility time frame.

In another incident, a popular video streaming site, Kanopy has fixed a misconfigured ElasticSearch database that was leaking personal information of its users. The leaky database reportedly contained between 25-40 million daily logs. Also, a cyber attack at the Dubai British School, Jumeirah Park (DBS JP), has resulted in the compromise of the school’s complete network. The attackers used password spraying technique to gain access to the network and compromise a number of staff email accounts.        

Top Breaches Reported in the Last 24 Hours

FEMA data leak
The United States Federal Emergency Management Agency has inadvertently shared the personal and banking information of over 2 million US disaster survivors with one of its contractors. Those affected in the incident includes the victims of California wildfires (2017) and Hurricanes Harvey, Irma & Maria (2017). The data exposed includes applicants' names, dates of birth, disaster numbers and eligibility time frame.

Dubai British School suffers an attack
The Dubai British School, Jumeirah Park (DBS JP) has suffered a cyber attack. The attackers leveraged password spraying technique to gain control over the networks. They managed to compromise a number of staff email accounts. Upon discovery, the school has alerted the parents about the incident. In addition, it has also reset the passwords of all compromised accounts.

Kanopy data leak
Video-streaming site Kanopy has fixed a leaking ElasticSearch server that exposed the sensitive data of its users. The misconfigured database reportedly contained between 25-40 million daily logs. The logs contained information such as users' geographical information, timestamp and device types.

Top Malware Reported in the Last 24 Hours

BokBot's core module
Researchers have published a step-by-step analysis of the inner workings of the BokBot proxy module. The banking trojan, which was first observed in April 2017, is able to augment its capabilities by retrieving several modules, including the one that runs a local proxy server. This proxy module is later injected into a spawned svchost child process in order to initialize the infection process. The proxy server is attached to the address 127[.]0[.]0[.]1 on TCP port 57391. BokBot is a complex piece of malware which is used to steal sensitive information from users.

AZORult++ trojan
A new variant of AZORult dubbed as AZORult++ has been detected by researchers recently. The malware is written in C++ and is capable of amassing credentials, browser history and cookies. The data, thus collected, is then sent to the command-and-control (C2) server of the attackers. The malware is reportedly used to target victims in Russia and India. Like AZORult 3.3, AZORult++ uses an XOR encryption scheme to encrypt data before sending it to C2 server.
 
Top Vulnerabilities Reported in the Last 24 Hours

36 new flaws in the LTE protocol
Security researchers have discovered 51 security flaws in Long-Term Evolution (LTE) protocol. Out of these, 36 have been identified as new flaws. These vulnerabilities can allow attackers to execute a series of nefarious activities such as disrupting mobile base stations, blocking incoming calls and sending spoofed messages.

Flaws in JSOs
Attackers can leverage the vulnerabilities in Java Serialized Objects (JSOs) to gain remote control of systems running Java applications. Many bugs abusing JSOs are found in enterprise products such as Oracle WebLogic, IBM WebSphere, Cisco Secure Access Control System (ACS), HPE Intelligent Management Center (IMC), and VMware's vSphere Integrated Containers.

A flaw in Font_Organizer plugin
A flaw in the Font_Organizer WordPress plugin can enable attackers to launch a Reflected XSS attack. A successful attack can enable the attackers to execute malicious JavaScript on the affected sites. It can also enable attackers to bypass CSRF protection and perform any actions that a legitimate user can do on a WordPress site.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, March 27, 2019
Next
Cyware Daily Threat Intelligence, March 22, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.