Go to listing page

Cyware Daily Threat Intelligence, April 19, 2019

Cyware Daily Threat Intelligence, April 19, 2019

Share Blog Post

Facebook has been constantly under fire for exposing personal details of users. Lately, a privacy breach associated with the social networking firm has come to light. It was found that Facebook had collected 1.5 million users’ personal data since May 2016. The data was collected without the consent or knowledge of users. The firm has admitted capturing the details as part of the verification process. However, it is now planning to fix the issue by notifying the affected users and deleting the collected details.

In another major incident affecting Facebook, it revealed that it had inadvertently stored passwords of millions of Instagram users in unencrypted format on its servers. It was disclosed as an update to the incident from March 2019 when the company admitted storing plaintext passwords of hundreds of millions of Facebook Lite users.

The past 24 hours witnessed a major phishing scam called ‘The Hotlist’. The scam is used to redirect the victims to a phishing page that is used to steal Instagram login credentials.    

Top Breaches Reported in the Last 24 Hours

Over 6.7 million records exposed
An Iran-based ride-hailing firm has exposed over 6.7 million records due to an unprotected MongoDB database. The leaky database contained the drivers’ first and last names, Iranian ID numbers, phone numbers, and invoice dates. The database was discovered by a security researcher using the BinaryEdge search engine. Soon after the discovery, ride-hailing firms in Iran were contacted to secure the misconfigured database. 

Nearly 60 million LinkedIn user info exposed
Nearly 60 million LinkedIn user information have been leaked due to eight misconfigured databases. The total size of databases is estimated to be 229 GB, with each database ranging between 25 GB and 32 GB. The leaked information includes victims’ LinkedIn profile information, ID, profile URL, work history, education history, location, listed skills, and other sensitive details.

Facebook harvest 1.5 million users' data
Facebook has been found harvesting email contacts of 1.5 million users since May 2016. The data was collected with the knowledge or consent of users. The firm has decided to send notifications to affected users and delete the collected information. In another major incident, Facebook has revealed that millions of Instagram users’ passwords were accidentally stored in a readable format on its servers.

Top Malware Reported in the Last 24 Hours

New CryptoMix variant
Security researchers have uncovered a new variant of CryptoMix ransomware. The ransomware appends the encrypted files with .DLL extension before leaving a ransom note named _HELP_INSTRUCTIONS_.TXT. The malware variant is installed through hacked remote desktop services.

Malicious AutoHotkey script
Threat actors are using a malicious AutoHotkey script to target victims by evading detection. The malicious script payload is distributed via an Excel Macro-Enabled Workbook that comes attached within an email. The Workbook is named after the Foreign Military Financing (FMF) program of the U.S. Defense Security Cooperation Agency in order to make it look less susceptible. The name of the Workbook is Military Financing.xlsm. Once the malicious script is executed, it connects to its C2 server to download additional payloads.

Dodgy PDFs used for malware attacks
Malicious actors are increasingly using legitimate-looking fake PDFs to launch malware attacks recently. Most of these files are sent via phishing emails. In many cases, targeted PDFs use zero-day exploits in browsers to launch successful attacks. For some cases, malicious PDFs have been used to capture users’ credentials. In such attacks, the threat actors primarily use remote document loading mechanism.
Top Vulnerabilities Reported in the Last 24 Hours

Drupal releases security updates
Drupal has released security updates to address vulnerabilities in Drupal 8.6, Drupal 8.5 and Drupal 7. The vulnerabilities are designated as CVE-2019-10909, CVE-2019-10910, and CVE-2019-10911. The affected users are advised to update the software to latest versions viz. Drupal 8.6.15, 8.5.15 and 7.66 respectively. 

Oracles’ major security updates
Oracle has issued a series of security patches to address a total of 297 flaws existing in its multiple products. The flaws affect a wide range of products that include Database Server, Fusion Middleware, Enterprise Manager, E-Business Suite, PeopleSoft, and Siebel CRM. 53 out of 279 flaws were found in Oracle Fusion Middleware.

Cisco releases security patches
Several security updates have been released by Cisco to address flaws in its various products. Some of the major flaws are found in ASR 9000 Series Aggregation Services Routers, Wireless LAN Controller (WLC) Software, TelePresence Video Communication Server, Aironet Series Access Points (APs) and DNA Center. Users are advised to implement the security patches depending on the type of vulnerability they are affected.     

Top Scams Reported in the Last 24 Hours

‘The Hotlist’ scam
A new phishing scam called ‘The Hotlist’ has been found targeting Instagram users lately. This new scam operates in a similar manner as the recent ‘The Nasty List’ scam. The scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram. The message reads something like, "I just saw a few of your photos on the @The_HotList_95 and they are already upvoted to #26!". In order to check the status of the photos, the victims are asked to click on a link that is used to steal Instagram login credentials.


cryptomix ransomware
malicious autohotkey script
dodgy pdfs
the hotlist scam
security updates

Posted on: April 19, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite