Go to listing page

Cyware Daily Threat Intelligence, July 24, 2019

Cyware Daily Threat Intelligence, July 24, 2019

Share Blog Post

Leaks of user credentials can have long-term consequences. Cybercriminals often rely on online hacking forums to purchase such leaked credentials for use in their attacks. In the last 24 hours, the instances of Deliveroo account hacks are tell-tale signs of how attackers abuse these stolen credentials for financial gains and other motives. On the other hand, data breaches continue to torment organizations and individuals alike. Personal information of thousands of Tennessee students was compromised after a database operated by a third-party vendor, Graduation Alliance, suffered a breach. 

Meanwhile, the Chinese threat actor group APT 15 has been found using a previously undocumented backdoor called Okrum. The backdoor is used to inject the Ketrican malware and has the ability to download/upload files, execute binaries, run shell commands, update itself, and more.

The Palo Alto GlobalProtect Gateway products were found to be affected by a critical remote code execution vulnerability. The vulnerability can be exploited by sending a specially crafted request to a vulnerable SSL VPN.

Top Breaches Reported in the Last 24 Hours

Deliveroo accounts hacked
Cybercriminals are using leaked credentials to hack Deliveroo users’ accounts. Users of the British food and beverage delivery company Deliveroo are being targeted by attackers using leaked credentials. It is believed that the attackers are buying previously leaked credentials from online hacking forums for as little as $6 to perform credential stuffing attacks.

Indian bank exposes records
Jana Bank, an India-based microfinance bank, exposed millions of financial records through an unprotected database. The records contained personally identifiable information which was used for KYC verification of the bank customers. The leaky database was discovered on May 26, 2019, and was secured by the bank on May 28.

Graduation Alliance breach affects Tennessee students
Graduation Alliance, a vendor that hosts the CollegeforTN.org website, was breached by attackers to compromise the information belonging to Tennessee students. The attackers gained access to one of its servers. The compromised information includes students’ personal data such as names, birthdates, gender, ethnicity, and ACT scores for some students.

Top Malware Reported in the Last 24 Hours

APT15 uses new Okrum backdoor
Security researchers discovered Chinese threat actor APT15 using a previously undocumented backdoor called Okrum for over two years. The backdoor has the ability to download/upload files, execute binaries, run shell commands, update itself, and more. The group also uses Okrum to deliver Ketrican malware.

BillGates/Setag backdoor
An ongoing attack campaign is delivering the BillGates/Setag backdoor through a multistage attack to compromise unsecured Elasticsearch databases. The backdoor can be used to turn the Elasticsearch database into a botnet zombie for performing DDoS attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Facebook Messenger Kids flaw
Due to a flaw in the Messenger Kids app, a child could join a group chat with friends-of-friends without approval by their parents. The issue stemmed from the way the app handled permissions in multi-user chat where it overrode the system of required parental approval.

Palo Alto GlobalProtect vulnerability
A critical remote code execution vulnerability in the Palo Alto GlobalProtect portal and GlobalProtect Gateway products could affect many companies including Uber. The vulnerability, tracked as CVE-2019-1579, could allow attackers to perform arbitrary code execution. It could be exploited by sending a specially crafted request to a vulnerable SSL VPN.

Apple releases updates
Apple has released security updates to fix numerous security flaws in various products including macOS Mojave, iOS, Safari, tvOS, and watchOS. Some of the flaws included arbitrary code execution, universal cross-site scripting(XSS), information disclosure and denial of service issues. Apart from this, it has also fixed security flaws for iCloud for Windows and iTunes for Windows.

Only 40% of zero-days exploited
A security researcher has suggested that only 40 percent of all zero-days in Windows was exploited successfully against the latest versions. Matt Miller of Microsoft Security Response Security Center investigated zero-day exploitation attempts made on Windows OS between 2015 and 2019. 

Top Scams Reported in the Last 24 Hours

BEC scam campaign
A new Business Email Compromise (BEC) scam campaign is impersonating company CEOs to extract client information. The scammers request employees for an aging report and clients’ email addresses. In this way, scammers obtain the company’s clients’ names, contact information, and outstanding balance.


palo alto globalprotect
bec scam

Posted on: July 24, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite