Cyware Daily Threat Intelligence October 16, 2018

Top Breach Incidents Reported in the Last 24 Hours


Dating app breach
Security issues were found in a new dating app for Trump supporters called ‘Donald Daters’. An entire database of users’ data was leaked on the very first day of its launch. The simple misconfiguration flaws in the app allowed attackers to download the entire user database. The data was accessible from a public and exposed Firebase data repository, which was hardcoded in the app. One can be able to collect private data and the access tokens to log into their accounts. Now, it appears that the app’s developers had secured the database.

US voter registration database leaked
A widespread unauthorized information disclosure of the US voter registration database took place recently. An estimated 35 million US voter records from 19 states are found to be put up for sale. The compromised databases included PIIs, voting history, and other voting-related data.

Top Vulnerabilities Reported in the Last 24 Hours


iPhone VoiceOver bug
A passcode bypass flaw was seen in the Apple iOS VoiceOver feature that can be exploited to gain access to a victim’s photos. This flaw is present in the latest version of iOS 12. The very first step of the attack is when attackers call the victim’s phone by asking the Siri voice assistant to read out the number. When a call is made, the attacker taps on ‘Answer by SMS’ and selects the ‘personalize/custom’ button to send a word. At this point, Siri is asked to turn on the VoiceOver. A successful attack turns the device’s screen black. Restricted elements on the user interface can be accessed. The images can be stolen and sent to the attackers own mobile device.

Exploit chains modified to drop payloads
Cybercriminals are found modifying the known exploit chains to drop different payloads like Agent Tesla, Loki, and Gamarue. Multiple malware families are delivered via two public exploits from Microsoft Word flaws (CVE-2017-0199 and CVE-2017-11882). The modification allows the documents to download the malware and bypass any detections by AV solutions. The OLE Object header’s values are changed as well.

Top Scams Reported in the Last 24 Hours


Facebook request scam
Scammers are found targeting Facebook users by luring the victims into clicking on ‘Like’ buttons. They are using Facebook to send the unsuspecting users to fraudulent dating sites. Victims are receiving requests from fake profiles which have followers and likes in excess of 6500. Various indecent videos are used as a lure to direct the victims into the malicious sites. Then, the users are instructed to enter their credit card numbers in order to proceed.

Hezbollah hacking operation
The Czech Security Intelligence Service (BIS) recently found and stopped servers used by the Hezbollah operatives to target and infect users around the world. In this new scam, the servers infected users by deploying mobile malware. Hezbollah agents were found using Facebook profiles for attractive women to trick targets into installing spyware-infected apps. After steering the conversation to increasingly sensual topics, the profiles would then ask the user to install a ‘more private and secure application’. Then, the scammers would get access to sensitive data of the victims.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.