Cyware Daily Threat Intelligence, October 08, 2019

Share Blog Post

Vulnerable APIs can pose a serious threat as they can be abused to launch a variety of attacks. Lately, researchers have uncovered that an old Twitter API named TwitterKit library that is vulnerable to a man-in-the-middle attack. This flawed TwitterKit library is still used by several popular iOS mobile apps. It could be abused to hijack Twitter accounts and compromise third-party apps that use ‘Login with Twitter’ feature.

In a major data leak, Russia internet service provider Beeline has disclosed that personal data of nearly 8.7 million customers is being sold and shared online. The data was compromised in a breach that occurred in 2017. The breach has affected those customers who signed up for home broadband connections before November 2016.

The past 24 hours also saw the emergence of a new variant of RobbinHood ransomware that spreads via hacked remote desktop services or other malware. The malware operators are leveraging past incidents involving their ransomware to create a sense of urgency among the victims and gain much more than the ransom demand.

Top Breaches Reported in the Last 24 Hours

Beeline suffers a breach
Data of 8.7 million customers from Russian internet service provider Beeline is being sold and shared online. The ISP disclosed that the breach happened in 2017 and the compromised information includes full names, addresses, and phone numbers of customers. The breach has affected those who signed up for home broadband connections before November 2016.

TransUnion hacked
TransUnion Canada is notifying its customers about a credential stuffing attack that affected its web portal. By leveraging the attack technique, the attackers had managed to pull out consumer credit files. The hack occurred between June 28 and July 11, 2019.

ComCom’s data stolen
More than 200 transcripts of meetings and interviews carried out by the Commerce Commission (ComCom) have been stolen following the theft of a laptop. The documents were not password protected. Some of the stolen documents dated back to 2016.

Southern Spanish city attacked
A ransomware attack at the Southern Spanish city of Jerez de la Frontera has caused service outages for the city’s website. Hackers have demanded ransom in the form of Bitcoin to unlock the encrypted systems.

Top Malware Reported in the Last 24 Hours

RobbinHood’s new variant
Security researchers have uncovered a new variant of RobbinHood ransomware that spreads through hacked remote desktop services or other malware. The operators of the ransomware let the victims know that their computers have completely been hijacked and there is no option other than paying the ransom to retrieve the encrypted files. To make sure victims get the message, the cybercriminals direct them to two incidents that were carried out using the ransomware earlier this year.

Decryptor for Muhstik released
A victim of the Muhstik ransomware has released close to 3,000 decryption keys along with a free decryptor to unlock the encrypted files. The ransomware leverages exposed QNAP NAS devices for propagation. Once installed, it appends .muhstik extension to encrypted files.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft releases patches
Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer. The flaw, tracked as CVE-2019-1367, is classified as a memory corruption bug that could lead to remote code execution. It affects Internet Explorer 9,10, and 11. 

PoC for Joomla flaw released
Proof-of-Concept for a zero-day vulnerability similar to CVE-2015-8562 flaw has been released. The flaw impacts all Joomla versions from 3.0.0 to 3.4.6 released between September 2012 and December 2015. The flaw is a PHP object injection that can lead to remote code execution under certain scenarios. Updating to any versions after 3.4.7 of Joomla will prevent attacks.

Flawed TwitterKit library
Researchers are warning that an old API code (Twiiterkit library) used by popular iOS mobile apps could be abused to launch man-in-the-middle (MITM) attack. It could also be used to hijack Twitter accounts and compromise other third-party apps that are linked with ‘Login with Twitter’ feature. It is believed that millions of iOS users could be vulnerable to MITM attacks.


joomla flaw
muhstik ransomware
twitterkit library

Posted on: October 08, 2019

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!