Cyware Daily Threat Intelligence September 20, 2017

Top Malware Reported in the Last 24 Hours
ElasticSearch nodes abused
Several researchers have recently found two Point of Sale (POS) malware which were found abusing thousands of publicly available ElasticSearch nodes. The intention of these families is scraping credit card data stored in a system. The names of the malware are known to be JackPOS and AlinaPOS.

SafeBrowse extension
As it has been discovered recently, the authors of SafeBrowse--a Chrome extension--have embedded the Coinhive JavaScript Miner that uses victim’s computer to mine for the Monero currency. In addition, an in-browser implementation of the CryptoNight mining algorithm has also been noticed.

Top Vulnerabilities Reported in the Last 24 Hours
Apple flaws rectified
There were several vulnerabilities that Apple fixed with a slew of updates released recently. The vulnerabilities were found in the products like Xcode 9, Safari 11, iOS 11 and iTunes 12.7. The flaws let remote attackers launch attacks on the systems and take control of them. Most of the updates addressed low-level security issues. Users are advised to update their devices.

Ubuntu vulnerabilities
Recently, security experts identified several flaws in Ubuntu which include the infamous BlueBorne vulnerability. This vulnerability lets a remote attacker to crash the system using malicious Bluetooth traffic. Also, this can be used to initiate a denial of service. Therefore, users are to be install the updates immediately without fail and restart the system.

Apache patched
A bug known as OptionsBleed has been found in the widely used Apache Web Server. This leads to leakage of arbitrary memory pieces which could possibly expose passwords and other confidential information. Also, an attacker could use the HTTP OPTIONS request method to exploit the vulnerability. The Apache server has fixed the vulnerability, thus, users are suggested to update them.

Top Breaches Reported in the Last 24 Hours
Equifax again
The credit reporting company Equifax has acknowledged that there has been another security issue with it. Although, this is not a breach the security issue faced is quite a severe one. However, the spokesperson denied any relation between the security incident and the breach. But the researchers believe both the attacks involved the same hacker.

Montana school district shut

A hacker’s group going with the name “The Dark Overlord Solutions” are targeting several schools with cyber threats. An entire school district in Montana has been shut down due to the threat. It is believed that the hackers might have penetrated the school district’s main server and stole sensitive data from the current and past students.

INTO hacked
An online learning portal going by the name Irish National Teacher’s Organization (INTO) has been breached recently. The website warned of a data breach which exposed names, email addresses, gender, and information related to course actions. The hacking may have affected around 30,000 users including teachers who took a learning course on the site in the last few years.

Top Scams Reported in the Last 24 Hours
Fake nutrition company
Emails purportedly from a popular nutrition and weight management company are being sent to innocent victims. But, the attachments contain malicious codes and when the unsuspecting users click on the maligned attachment, it infects the users’ devices. Scammers often impersonate reputed companies and friends, therefore, you should be careful of what you open.

Fake tax returns
In a recently discovered scam, fraudsters are using Social Security Numbers to file fake tax returns. Criminals are using various malicious methods to steal these numbers and use them to file fraudulent tax returns and snatch refunds from you. Therefore, users should be careful when responding to mails from unknown senders. Government agencies like IRS never ask for your personal information via an email.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.