Share Blog post
- Computer scientists from the United States have developed a new email app named ‘Easy Email Encryption E3’ that is capable of quickly encrypting messages that appear in an email inbox. The app works with the majority of popular email services such as Gmail, Yahoo, and AOL. This app automatically encrypts emails as soon as you receive emails in your mobile devices or desktops.
- The Department of Homeland Security (DHS) is awarding $5.9 million to the Norwich University Applied Research Institute to expand a cybersecurity training tool used by the financial services sector to the energy sector. The training tool is designed to help energy sector enhance communication during high-stress incidents.
- New Jersey legislators proposed a bill to Gov. Phil Murphy that would expand data breach notification requiring companies to alert consumers on data breaches that include personally identifiable information (PII) such as user names, passwords, email addresses, and security questions.
- Europol has hosted a joint meeting of the EC3 Advisory Groups on financial services, internet security and communication providers gathering almost 70 industry experts to discuss the cyber-threat of phishing. In the two days of the joint meeting, experts came up with recommendations to combat phishing.
- Microsoft has added tamper protection to its antivirus product Microsoft Defender Advanced Threat Protection (ATP) to prevent malware from disabling antivirus solution on infected systems. The tamper protection also prevents malware from disabling Microsoft's cloud-based malware detection.
- The United States Federal Emergency Management Agency (FEMA) has inadvertently shared private data of almost 2.3 million disaster victims with one of its contractors that manages its TSA program. The exposed data include applicants SPII such as street address, city names, zip codes, financial institution names, electronic funds transfer numbers, and bank transit numbers.
- Researchers observed a campaign dubbed ‘Operation ShadowHammer’ that targets the supply chain by exploiting the backdoored version of ASUS Live Update Software. This campaign has impacted over 1 million users who have downloaded the backdoored version of the ASUS Live Update utility on their systems.
- LockerGoga, the ransomware that hit aluminum giant Norsk Hydro, also infected two American chemicals companies Hexion and Momentive. The ransomware attack encrypted the Windows systems of these two chemical companies forcing the companies to order hundreds of new computers.
- Two cryptocurrency exchange platforms DragonEx and CoinBene suffered cyber attacks compromising over $1 million and $45 million respectively. Both crypto portals have gone into maintenance mode to investigate the incident and retrieve back the stolen assets.
- Researchers observed a new credential harvesting campaign dubbed ‘LUCKY ELEPHANT’ that uses doppelganger webpages to impersonate legitimate entities such as foreign governments, telecommunications, and military. The list of organizations that are impersonated by the attackers includes entities in Pakistan, Bangladesh, Sri Lanka, Maldives, Myanmar, and Nepal.
- Oregon’s Department of Human Services (DHS) suffered a data breach compromising 2 million email accounts and private data of over 350,000 clients. The breach was a result of attackers gaining access to nine of its employees’ email accounts.
- A consumer spyware vendor exposed almost 95,000 images and over 25,000 audio recordings online due to a leaky database that was left publicly available without any authentication. Apart from the previous photos and recordings, the leaky database is also exposing the latest pictures and audio recordings that are being uploaded every day.
- A publicly available MongoDB database belonging to a popular family locator app, React Apps exposed real-time locations of over 238,000 users. The MongoDB instance also contained information such as users’ names, email addresses, profile photos, and plain text passwords.
- An unprotected ElasticSearch database belonging to a video streaming site Kanopy, exposed users’ API logs and website access logs thereby revealing users’ viewing habits. The access logs included data such as user location, TLS version used, client IP and many more.
- The computer systems of a parking garage belonging to the Canadian Internet Registration Authority (CIRA) which allows its employees to park their vehicles for free were infected by ransomware. The attack allowed outsiders to enter the parking garage without any security check.
- Researchers have uncovered a new version of the AZORult data stealer dubbed ‘AZORult++’ because the files are written in C++ and not Delphi. This new variant is capable of launching an RDP connection by creating a new user account and adding it to the admin’s group.
- Researchers spotted a new Android banking trojan dubbed ‘Gustuff’ which is capable of phishing credentials and stealing funds from over 100 banking apps and 32 cryptocurrency apps. This trojan uses social engineering techniques to trick device owners into giving access to the Android Accessibility service.
- Researchers have detected a total of 51 vulnerabilities in the Long-Term Evolution (LTE) protocol. Of these, 36 have been identified as new vulnerabilities. The vulnerabilities could allow attackers to disrupt mobile base stations, block incoming calls and disconnect users from a mobile network.
- Researchers have observed a new gift-card seeking ransomware dubbed ‘UNNAM3D’ which relies on a WinRAR executable program to archive user files found in the infected system. After infecting systems, the ransomware asks victims’ to purchase $50 Amazon gift cards and send it to the malware developer on Discord.
- Google has patched a bug in Chrome dubbed ‘evil cursor’ that was exploited by tech support scammers to create an artificial mouse cursor and lock users inside browsers. Partnerstroka threat group exploited this bug by replacing the standard mouse cursor (OS 32-by-32 pixels) with 128 or 256 pixels in size.
- Researchers uncovered a feature in UC browser that downloads extra app modules and runs executable codes on users’ devices thereby violating Google Play Store policies and exposing its users to Man in the Middle (MitM) attacks. It is to be noted that UC browser has been downloaded by over 500 million users.
- U.S. Government Accountability Office (GAO) has published a management report stating that the security weaknesses found in the US Treasury Department’s system could pose an increased risk of unauthorized access to the Federal Reserve Bank (FRB) systems.
- A modified version of the Christchurch attack suspect’s manifesto is circulating online. The modified version contains an obfuscated VBA script code that attempts to download the second stage payload. The payload dubbed ‘Trojan Haka’ overwrites the master boot record (MBR) with a message ‘This is not us!’, which is displayed after the system restarts.
- Fizz, Facebook’s implementation of the TLS protocol, contained a critical security flaw that could have allowed attackers to execute Denial of Service (DoS) attacks on servers. Facebook has released a patched version to address the Denial-of-Service vulnerability in Fizz.
Posted on: March 29, 2019
Get the Weekly Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.