Cyware Daily Threat Intelligence, March 27, 2019

Security patches for some of the serious vulnerabilities were also released in the past 24 hours. This includes a security patch for a high severity bug found in NVIDIA GeForce Experience software. The bug could allow local attackers to perform a series of nefarious activities such as gaining elevated privilege and launching DoS attacks. Also, Mozilla has fixed two vulnerabilities discovered in Thunderbird. The flaws could enable the attackers to take control of an affected system.  

An internal document from Freedom of Information Laws revealed that an estimated 111,813 Australian users were affected by the massive cyberattack on Facebook in September 2018. The hackers had gained access to sensitive details of these users. While 47, 912 Australians had their names, email addresses, and phone numbers compromised, there were some 1,595 users whose private Facebook messenger conversations had been accessed by the hackers. Some 62,360 users had their hometown, most recent check-ins, birth dates, education, work history, Facebook search history, names, email addresses, phone numbers, gender, relationship status and religion compromised in the attack. The firm has notified all the affected Australian users about the breach.

Researchers have observed that attackers are using Ursnif trojan to target organizations in Italy. The malware is distributed via malicious VB script that comes embedded within a compressed archive. Once launched, the Trojan connects to the C2 server to receive additional commands or code. It is believed that the attack has been active since March 5, 2019.

Researchers have found that scammers and hackers are abusing the PayPal Payflow Pro Integration feature in Magento to test the validity of stolen payment card details. The feature is available in Magento 2.1.x and 2.2.x versions. The PayPal Payflow Pro integration is a payment option available on Magento shops that allows an online store to process card transactions via a PayPal merchant (business) account.

Security experts have released decryption keys for the Hacked ransomware. The ransomware was first spotted in 2017 and targeted English, Turkish, Spanish, and Italian users. Once installed, the ransomware encrypted the files on victims' machines and appended them with .hacked extension.

WordPress releases a security update

WordPress has released a security update to fix cross-site scripting (XSS) vulnerability in its command module. The flaw could enable attackers to inject maliciously crafted comments on WordPress sites. It could also enable them to take over the sites.

NVIDIA has released a security patch to fix a high severity bug in the GeForce Experience software. The flaw could allow potential local attackers with basic user privileges to elevate privileges, trigger code execution, and perform DoS attacks. It affects all the versions prior to 3.18.

Mozilla has released a security update to address vulnerabilities - CVE-2019-9810 and CVE-2019-9813 - in Thunderbird. The flaws could enable the attackers to take control of an affected system. The security bugs have been fixed in Thunderbird 60.6.1. Therefore, users are urged to apply the necessary update.