Cyware Daily Threat Intelligence, May 17, 2019

See All
Unprotected databases leave millions of users’ data at risk. Lately, researchers have found yet another unprotected Elasticsearch database that has exposed the personal information of almost 8 million people who had participated in online surveys. In another instance, attackers have gained unauthorized access to Stack Overflow’s production systems.

In one of the interesting events that occurred, Europol along with DOJ shut down the global cybercrime network of the prolific cybercriminal gang ‘GozNym’ and also arrested 10 members from the group for infecting almost 41,000 victims’ computers with the GozNym malware . The group is known to have stolen a whopping $100 million from businesses across the world. Meanwhile, FBI has disclosed that since August 2018, Ryuk ransomware has wreaked havoc across the United States and targeted over 100 companies.

Researchers have also unearthed a couple of vulnerabilities in the last 24 hours. A cross-site scripting (XSS) vulnerability has been detected in WordPress Live Chat plugin could allow attackers to inject malicious scripts in websites running WordPress CMS and using Live Chat Support plugin. A bug has been found in the recent versions of Google Chrome that is causing address bar suggestions to display recent search queries instead of most visited websites.


Top Breaches Reported in the Last 24 Hours

8 million US people personal information exposed
An unprotected Elasticsearch database has exposed the personal information of almost 8 million people who had participated in online surveys, contests, and requests for free product samples. The exposed information includes names, addresses, email addresses, phone numbers, dates of birth, gender, and IP addresses. The database also contained the referrer and the page where the submitted information came from.

Stack Overflow hack
Stack Overflow has disclosed that attackers gained unauthorized access to its production systems. The Q&A site has investigated the impact of the incident and is currently addressing all known vulnerabilities. Stack Overflow confirmed that there is no compromise of user data.

Singapore Red Cross website hacked
Attackers have hacked the website of Red Cross, Singapore and have stolen the personal information of over 4,000 potential blood donors. The compromised information includes blood donors’ names, blood types, and contact numbers.


Top Malware Reported in the Last 24 Hours

GozNym malware
Ten members of the GozNym cybercriminal group were charged for attempting to steal an estimated $100 million from more than 41,000 victims from businesses and their financial institutions. The members of the group infected victims' computers with the GozNym malware and captured their online banking login credentials, using which they managed to fraudulently steal money.

Ryuk Ransomware
According to a recent FBI flash, Ryuk ransomware has hit more than 100 U.S. companies including logistics firms, IT firms, and small municipalities since August 2018. In this new version of Ryuk attacks, the attackers provide email addresses to contact them for payment details and do not reveal the ransomware amount until the victims contact them.


Top Vulnerabilities Reported in the Last 24 Hours

XSS flaw in WordPress Live Chat Plugin
The cross-site scripting (XSS) vulnerability in WordPress Live Chat Plugin could allow attackers to inject malicious scripts in websites running WordPress CMS and using
Live Chat Support plugin. The vulnerability has impacted all versions prior to v8.0.27. Therefore, users are requested to update the WP Live Chat Support plugin to version 8.0.27.

Google Chrome bug
A bug in the current versions of Google Chrome 74, Chrome 75 Beta, and Chrome 76 Canary are causing address bar suggestions to display your most recent search queries. Usually, the Google address bar will display your most visited site first, but the bug in the recent versions of Chrome is showing your most recent search queries instead.

Cisco patches vulnerabilities
Cisco has released patches for three critical vulnerabilities that were identified in the Cisco Prime Infrastructure software. The three vulnerabilities CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823 were given a CVSS score of 9.8. These vulnerabilities could allow a remote attacker to execute arbitrary code with elevated privileges.



See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, May 20, 2019
Next
Cyware Daily Threat Intelligence, May 16, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.