Go to listing page

Cyware Daily Threat Intelligence, September 12, 2019

Cyware Daily Threat Intelligence, September 12, 2019

Share Blog Post

A new instance of a massive phishing attack targeting several states in the U.S has come to light in the past 24 hours. The attack was conducted to distribute the notorious TrickBot trojan which is capable of stealing a variety of information. The impacted states are California, Maryland, Illinois, New York, Texas, Minnesota, and New Jersey. Phishing emails with subject lines like ‘receipt’ and ‘invoice’ were used to lure the targeted victims.

Coming to vulnerabilities, security experts have uncovered a new vulnerability named ‘Simjacker’. The vulnerability can be abused by attackers to track and monitor the location of mobile phone users. It is believed that Simjacker vulnerability can impact over 1 billion mobile phone users globally.

The past 24 hours also saw the release of an updated Chrome 77 which includes fixes for 36 security flaws. These include one Critical bug, eight High-severity issues, 17 Medium risk flaws, and 10 Low severity vulnerabilities. The latest iteration of Chrome is available for Windows, Mac, and Linux systems.

Top Breaches Reported in the Last 24 Hours

Unsecured database
An unsecured database containing 17 million records and 1.2 terabytes of data has been uncovered by researchers. It included several personal details of users who purchased tickets from websites using the Neuroticket. The major impacted companies include Groupon and Ticketmaster.

198 million records exposed
Over 198 million records containing information on prospective car buyers, including loan and finance data, was uncovered in an unprotected Elasticsearch database. The database also included vehicle information and IP addresses for website visitors. In total, 413GB of data was found in the database belonging to Dealer Leads. Upon discovery, the database was secured by the firm.

74,000 payment data on sale
More than 74,000 payment card details stolen from the retail stores of the chocolatier Russell Stover have been put for sale on the dark web. The records were first added to the dark web on August 16, 2019, and included both track 1 and track 2 data, i.e., they included card numbers, expiration dates, and cardholders’ names, which was collected from 25 of Russell Stover’s 28 stores.

Salamanca City Central School breached
Salamanca City Central School District is one of the 13,000 schools and universities to be impacted by the data breach at Pearson Education. Salamanca schools used the student assessment program AIMsweb.

Top Malware Reported in the Last 24 Hours

Malware similar to Ryuk
A new malware that closely resembles Ryuk ransomware has been discovered stealing confidential financial, military and law enforcement files. When executed, the stealer performs a recursive scan of all the files on a computer and looks for Word and Excel files to steal. The malware strain similarities with the Ryuk ransomware and appends .ryk extension to encrypted files.

TrickBot trojan infects the U.S.
A series of phishing attacks targeting several states in the United States have been observed recently. The attacks were carried out using phishing emails that included a Zip file. The Zip file, when opened, initiates the trojan download. The impacted states are California, Maryland, Illinois, New York, Texas, Minnesota, and New Jersey.

Students' data at risk
University students worldwide are being targeted with fake emails with attachments or links to the fake university login portals or impersonations of university library administration login pages. The threat actors are using the tactic to steal and resell the intellectual property, move laterally within organizations, conduct internal phishing among other malicious intentions.

Top Vulnerabilities Reported in the Last 24 Hours

Simjacker vulnerability
Security researchers have explored a new vulnerability called Simjacker targeting mobile phone users. The vulnerability has been named Simjacker as it involves the hijacking of SIM cards. Attackers can abuse the vulnerability to track and monitor the location of users without their knowledge.

Chrome 77.0.3865.75 updated
Google has released an improved version of Chrome 77 with fixes for 36 security flaws. These include one Critical flaw, eight High severity issues, 17 Medium risk flaws, and 10 Low severity vulnerabilities. The Critical flaw is tracked as CVE-2019-5870.

Uber’s account takeover vulnerability
A security vulnerability discovered in Uber can allow threat actors to compromise and take control of any Uber account. The vulnerability could also be exploited to track a user’s location and take rides from their account. The vulnerability impacts users, driver accounts, and Uber Eats accounts.

Vulnerable Instagram
A vulnerability discovered in Instagram can put users’ data at risk. It would let an attacker access account details and phone numbers. The bug can be exploited using an algorithm to brute force Instagram’s login form.


ryuk ransomware
account takeover vulnerability
russell stover chocolates
trickbot trojan

Posted on: September 12, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.