Cyware Daily Threat Intelligence, May 16, 2019

See All
On top of carrying out cyber attacks, threat actors are coming up with new tricks to cause distress among people. Recently, the webcast of the Eurovision semi-final was hacked to display fictitious explosions along with a fake missile alert. Meanwhile, the Forbes subscription website has been injected with the Magecart skimmer script in order to steal customers’ payment card data.

Google has announced that it has discovered a misconfiguration flaw in the Bluetooth version of Titan Security Key that could allow nearby attackers to hijack the security key. Researchers also uncovered a severe vulnerability in the ‘Give’ WordPress plugin that could allow donors to inject arbitrary code on an administrative page.

American Registry for Internet Numbers (ARIN) has uncovered a fraud scheme in which almost 757,760 IPv4 addresses were fraudulently obtained. The perpetrators behind this scheme were charged in federal court in a twenty-count indictment.


Top Breaches Reported in the Last 24 Hours

Eurovision webcast hacked to display faked explosions
Attackers hacked the webcast of the first Eurovision semi-final to display fictitious explosions along with a warning about a missile attack. Viewers switching on to the Kan webcast saw the warning “Risk of missile attack. Please take shelter,” along with the sound of a rocket-warning siren. The Israeli national broadcaster, Kan, suspects Hamas to be behind this action.

Russian government sites leak personal and passport data
Ivan Begtin, co-founder of Informational Culture, a Russian NGO, discovered that multiple Russian government websites were leaking the personal and passport data of over 2.25 million citizens, including government officials and high profile politicians. He uncovered around 23 Russian government sites that leaked SNILS numbers and 14 sites that leaked passport details. These sites also exposed other personal information such as names, email addresses, designations, places of work, and tax identification numbers.

Forbes subscription page infected with Magecart skimmer script
Attackers have injected the Magecart skimmer script on Forbes’ subscription website in order to steal credit card data that customers enter on the checkout page. The infected website has been taken down with the help of Freenom’s anti-abuse API, however, the obfuscated Magecart skimmer script is still present on the forbesmagazine[.]com.


Top Malware Reported in the Last 24 Hours

Emotet distributes third-party malware
Threat actor group TA542 ’s signature payload Emotet was found distributing third-party payloads such as Qbot, The Trick, IcedID, and Gootkit. Researchers also noted that this new version of Emotet loaded its modules for spamming, credential stealing, email harvesting, and spreading on local networks.


Top Vulnerabilities Reported in the Last 24 Hours

Titan Security Key flaw
Google has announced that it has discovered a misconfiguration flaw in the Bluetooth version of Titan Security Key that could allow nearby attackers to either communicate with the security key or with the device it’s paired with. The flaw could thereby allow attackers to ultimately hijack the Titan Security key. Google is advising users to get a free replacement device that fixes the vulnerability.

Give WordPress Plugin flaw
The WordPress Plugin ‘Give’ allows users to set up a donation page on a website. A severe vulnerability in the plugin allows donors to inject arbitrary code on an administrative page. This vulnerability has been patched in the version 2.4.7, therefore, users are advised to update to the latest version.


Top Scams Reported in the Last 24 Hours

ARIN uncovers a fraud scheme
American Registry for Internet Numbers (ARIN) has uncovered a fraud scheme in late-2018 through which almost 757,760 IPv4 addresses worth between $9,850,880 and $14,397,440 were fraudulently obtained. The two accused parties behind the fraud scheme, Amir Golestan and Micfo, are charged in federal court in a twenty-count indictment, with each count punishable by up to 20 years of imprisonment.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, May 17, 2019
Next
Cyware Daily Threat Intelligence, May 15, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.