Cyware Daily Threat Intelligence, September 20, 2019

See All
Failing to apply security patches on time can create unwanted problems for organizations. Two devastating instances related to unpatched systems have come to light in the past 24 hours. In one incident, eight cities in the US have inadvertently exposed around 20,000 records due to vulnerable payment Click2Gov payment portals. These stolen records are now available for sale on dark marketplaces.

In another incident, outdated Wi-Fi systems used at the WeWork office in Manhattan has affected several companies’ devices and financial records. It has been found that around 658 devices including computers, servers, and coffee machines were spilling a trove of sensitive data such as people’s IDs, emails, and birth dates on the internet.

The past 24 hours also saw security researchers uncover two malicious camera apps that have over 1.5 million installs. These apps, which were distributed via Google’s Play Store, stealthily recorded audio without the knowledge of users.

Top Breaches Reported in the Last 24 Hours

Click2Gov payment portal
Click2Gov payment portal has suffered a data breach, impacting over 20,000 records from eight cities across the United States. The second wave of Click2Gov breaches indicates that despite patched systems, the portals operated in these eight cities remain vulnerable to attacks.

WeWork exposes data
Security vulnerabilities in the WiFi network of a WeWork building in New York have exposed financial records and devices of companies in the building. The flaws have also exposed client databases including people’s IDs, their banking account credentials, and other sensitive information.

Leaky smart TVs
New research has revealed that several smart TVs produced by popular vendors like Samsung, Apple, and LG are leaking sensitive information of users to companies including Google, Facebook, and Netflix. The leaky devices also include content and app streaming devices such as Amazon’s FireTV and Roku.

Thinkful resets passwords
Online developer Bootcamp company Thinkful is sending email notifications to its users to warn about unauthorized access that may have affected certain credentials. Users are promptly asked to reset their passwords in order to avoid falling victim to credential theft. It is believed that the unauthorized party may have gained access to government-issued identification numbers and financial information.

Animates reports a data breach
Pet retail shop Animates has disclosed a data breach that occurred on its website between June 29 and September 13, 2019. The incident came to light when the company observed unauthorized third-party access. It is believed that the hackers may have accessed the personal and payment details of users.

Top Malware Reported in the Last 24 Hours

Two malicious adware
Security researchers have uncovered two malicious apps - Sun Pro Beauty Camera and Funny Sweet Selfie Camera - that are capable of recording audio without user consent. The apps have been installed over 1.5 million times. Once installed, the app icon is visible in the app drawer.

GhostMiner variant
A new version of fileless cryptocurrency-mining malware GhostMiner has been observed recently. The variant includes Windows Management Instrumentation (WMI) objects to gain persistence and avoid detection by anti-virus. Once installed, it terminates processes, scheduled tasks and services that are associated with other cryptominers such as Mykings, PowerGhost, PCASTLE, and BULEHERO.

Fake SSO used in a phishing attack
Malicious actors are now leveraging Single Sign-on (SSO) to steal credentials from multiple accounts. They have created fake login pages replicating processes like Dropbox or DocuSign. The phishing pages inform users that they can log into a third party service by using their SSO email account.

Top Vulnerabilities Reported in the Last 24 Hours

Google releases an urgent software update
Google has released an urgent software update for its Chrome web browser on Windows, Mac, and Linux. The Chrome 77.0.3865.90 version contains security patches for one critical and three high-risk security vulnerabilities. The most severe vulnerability could allow remote hackers to take control of an affected system.

Top Scams Reported in the Last 24 Hours

Scammers leverage hacked Instagram account
Scammers are increasingly hacking Instagram accounts of well-known celebrities to promote several giveaway scams. These scams can result in loss of money or personal data. In one instance, the scammers had leveraged a hacked account to launch giveaway scam. They created enticing posts about free iPhone X and Tesla cars. In order to claim the prize, the visitor was asked to answer a survey included in a link that came attached to the post.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, September 23, 2019
Next
Cyware Daily Threat Intelligence, September 19, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.