Go to listing page

Cyware Daily Threat Intelligence, September 20, 2021

Cyware Daily Threat Intelligence, September 20, 2021

Share Blog Post

Broken and vulnerable APIs can be the last straw for cyberattacks on mobile apps if they are not fixed in time. New research reveals that millions of users could have faced the risk of exposure of their personal and financial information due to security vulnerabilities in APIs used by multiple apps. The good news is that the vulnerable APIs were deactivated before they could do any harm.

In other news, AT&T suffered a loss of over $200 million following a phone unlocking scheme that was designed to install malware and gain unauthorized access to users’ mobile devices. Beware of the ongoing Elon Musk-themed cryptocurrency giveaway scam propagated under the names of "Elon Musk Mutual Aid Fund" or "Elon Musk Club".  

Top Breaches Reported in the Last 24 Hours

Alaska DHSS attacked
Alaska Department of Health and Social Service (DHSS) has fallen victim to a cyberattack that was discovered on May 2. The investigation is ongoing. However, an early report cites that hackers gained access to the department’s internal network through a vulnerability in one of its websites. 

Vulnerable APIs leak data
Millions of users faced the risk of exposure of their personal and financial information due to security vulnerabilities in 10 APIs used by multiple apps. 250 of these apps used the Razorpay API, which includes bulk information such as phone numbers, email addresses, transaction IDs, and refund details of users. The impacted APIs have now been deactivated. 

CMA CGM attacked
The French container line, CMA CGM, has been hit by a cyberattack. This caused the leak of customer information, including their full names, email addresses, and phone numbers. 

NEISD employees targeted
Over 5000 current and former employees of NEISD have received a letter about a potential data breach that affected payroll records. The said record included names and social security numbers of employees. 

EventBuilder leaks data
A misconfiguration issue in the EventBuilder platform has exposed the personal details of users participating in virtual events. The data was leaked in the form of CVS and JSON files. 

AT&T loses $200 million
AT&T lost over $200 million in a coordinated fraudulent phone unlocking scheme that lasted for seven years. The operation was initiated by an insider threat that eventually allowed threat actors to gain remote access to users’ mobiles.

Top Vulnerabilities Reported in the Last 24 Hours

A flaw in Virgin Media routers
A zero-day vulnerability in Virgin Media Super Hub 3 routers can enable attackers to unmask the true IP addresses of VPN users. Although the flaw (tracked as CVE-2019-16651) was disclosed two years ago, the firm is working on fixing the flaw now. 

Top Scams Reported in the Last 24 Hours

New Elon Musk giveaway scam
A new Elon Musk-themed cryptocurrency giveaway scam called "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is underway. The campaign promises users huge returns in exchange for small investments. It is usually targeted at social media users and the emails include specially-crafted messages to evade detection. 

 Tags

neisd
eventbuilder
virgin media routers
elon musk club
alaska dhss
cryptocurrency giveaway scam
vulnerable apis

Posted on: September 20, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.