Cyware Daily Threat Intelligence, May 31, 2019

See All
Organizations in the hospitality sector have lately become the hotbed for cyber attacks. Given the vast amounts of sensitive data held by these firms, it is very risky to leave the database without any protection. One such incident has come to the light in the past 24 hours. Security researchers have uncovered an unsecured database that exposed 85.4GB of security logs of major hotel brands managed by Pyramid Hotel Group. Some of the significant hotel brands affected in the breach are Marriott, Sheraton, Plaza and Hilton Hotel. 

The unsecured data that is publicly visible includes server API keys and passwords, device names, IP addresses of incoming connections, malware alerts, login attempts, and brute-force attack detection. The exposed database also contains application error details, OS details, employees’ full names & usernames and other security data.

Several security issues were also discovered in different products in the past 24 hours. This includes flaws found in Slick Popup WordPress plugin and APROL products. The flaw in Slick Popup plugin can let hackers get into a WordPress website through a backdoor administrator account. Likewise, the flaws in APROL products can be exploited by hackers to access a targeted organization’s network.  

Top Breaches Reported in the Last 24 Hours

Pyramid Hotel Group data breach
A misconfigured database belonging to Pyramid Hotel Group has leaked 85.4GB of security logs online. The security logs contain information of some major hotel brands such as Marriott, Sheraton, Plaza and Hilton Hotel. The information exposed dates back to April 19, 2019, and includes server API keys & passwords, device names, IP addresses of incoming connections, malware alerts, login attempt records, application errors and brute-force attack detection details.

UPbit hacked
North Korean hacker group named Kim Soo-ki has reportedly targeted users of South Korean crypto exchange UPbit. They have sent phishing emails to the users that include a file claiming to contain documentation for a payout. Rather, the file contains an info-stealing malware which can send data about the user’s machine as well as private keys and logins to the hackers.

LandMark White data breach
Property valuation company LandMark White has suffered a second data breach in six weeks. The incident occurred after its valuation documents and other operational related commercial data were posted to a document sharing website Scribd. It is believed to be an act of sabotage by a known person associated with the business. Upon learning, the company has asked Scribd to take the documents offline.

Luzerne County attacked
Some computer servers and workstations in Luzerne County were down following a cyber attack discovered last weekend. This impacted the computerized property assessment records systems and court employees. The attacker likely got into the systems through a phishing email which was unknowingly opened by a worker. The county is working on the clean-up process.
 
Top Malware Reported in the Last 24 Hours

Vulnerable Dockers attacked
Hackers are scanning for Docker hosts with exposed APIs to use them for mining cryptocurrency. They are doing this by deploying malicious self-propagating Docker images infected with Monero miners and scripts that make use of Shodan to search for vulnerable targets. Trend Micro’s honeypot data traffic and logs pointed to a Docker Hub user named zoolu2. It hosted nine images comprised of custom-made shell, Python scripts, configuration files, and cryptocurrency-mining software binaries.

PHP malware
PHP malware has been found using the XOR bitwise operator that can be used to encrypt a malware’s source code. The purpose is to make it difficult for security solutions to detect malware. The inclusion of XOR helps the malware in accomplishing two operands, which are defined variable containing strings.  

Top Vulnerabilities Reported in the Last 24 Hours

Flaw in APROL products
Researchers have discovered several vulnerabilities impacting 12 components of APROL products which are often used by oil & gas, energy, and mechanical engineering companies. The flaws are related to the FTP, finger, SSH, VNC, TbaseServer, LDAP server, web server, EnMon, IosHttp, AprolLoader, AprolSqlServer, and AprolCluster components. The flaws can be exploited by hackers to access the targeted organization’s network. The firm has addressed the flaw by releasing APROL R4.2.

Vulnerable Slick Popup plugin
A vulnerability has been discovered in Slick Popup plugin. The flaw impacts all versions of the plugin up to 1.71. It can let hackers get into a WordPress website through a backdoor administrator account. Once hackers are logged in, they can create additional backdoors. 

Apple’s security update
Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The flaws are tracked as CVE-2019-8581,CVE-2019-8588, CVE-2019-8572,CVE-2018-6918, CVE-2019-7291, CVE-2019-8578,CVE-2019-8575 and CVE-2019-858.

Top Scams Reported in the Last 24 Hours

Hurricane-related scams
Cybersecurity and Infrastructure Security Agency (CISA) has alerted users about hurricane-related scams. The users have been asked to be vigilant while opening fraudulent emails that have a hurricane-related subject line, attachments or hyperlinks. The intention of the scammers is to target disaster victims and potential donors. In addition, users should also be wary of social media pleas, texts or door-to-door solicitations relating to severe weather events. Users must also review the resource or check the legitimacy of the website before donating any amount. It is advised not to give away the personal details over phone or emails.  




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, June 03, 2019
Next
Cyware Daily Threat Intelligence, May 30, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.