Go to listing page

Cyware Daily Threat Intelligence March 05, 2019

Cyware Daily Threat Intelligence March 05, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

18 unprotected MongoDB servers expose surveillance data
A security researcher uncovered 18 MongoDB servers that are publicly available without password protection. The open MongoDB databases contained data that are a part of a Chinese surveillance program. The exposed information included online social services related data such as profile names, ID numbers, photos, public and private conversations, file transfers, GPS location, and more.

Rush University Medical Center data breach
Rush University Medical Center has suffered a data breach compromising personal information of 45000 patients. The exposed data included patients’ private data such as names, addresses, birthdates, Social Security Numbers, and health insurance information. However, no medical information was involved in the data breach.

Top Malware Reported in the Last 24 Hours

Fileless banking trojan targets Brazilian banks
Researchers observed a fileless malware that is capable of opening an IP address, downloading a PowerShell with a banking trojan payload, and installing a hack tool and an information stealer. The filesless malware was spotted stealing user credentials, system information from three specific Brazilian banks. The three Brazilin banks include Banco Bradesco, Banco do Brasil, and Sicredi.

Adwind RAT makes a comeback
Adwind RAT which was active in 2017 has resurfaced again targeting platforms compatible with Java applications and running the Java Runtime Environment. It is distributed via phishing emails that include a malicious JAR file attachment. Once the JAR file runs in the system, Adwind RAT gets installed and communicates with a remote server to conduct other malicious activities.

Top Vulnerabilities Reported in the Last 24 Hours

Google’s Project Zero publicly discloses the zero-day vulnerability in macOS
Google’s Project Zero publicly disclosed the zero-day vulnerability in Apple macOS after the 90-day deadline to fix the issue expired. It is a critical vulnerability marked as ‘High severity’ that allows creating copy-on-write copies of data between processes via a user-owned filesystem image. Researchers from Project Zero notified Apple about the security flaw in November 2018 but the company has not fixed the issue to date, therefore, the team publicly disclosed the zero-day vulnerability. However, the research team is working along with Apple to resolve the issue.

19 zero-day vulnerabilities found in 5 visitor management systems
IBM-X Force Red research team detected almost 19 zero-day vulnerabilities across 5 visitor management systems including Lobby Track Desktop, EasyLobby Solo, eVisitorPass, Envoy Passport, and The Receptionist system. These vulnerabilities if exploited could allow attackers to access visitor logs, visitors’ contact information, corporate data, and more.

Logitech patches 4 vulnerabilities
Logitech has patched 4 Harmony Hub vulnerabilities that could allow any connected IoT device open to remote takeover. The four vulnerabilities include default credential bug, authentication bypass vulnerability, remote-server OS command injection bug, and a crafted HTTP request application command injection bug. Logitech has released a security update (4.15.96) to fix these vulnerabilities.

Top Scams Reported in the Last 24 Hours

SIM Card Scam
Scammers target UAE residents with a new ‘SIM Card scam’. These scammers pretend to be a telecommunication company staff and send fake messages to UAE residents claiming that they have won a lucky draw worth Dh200000. They then ask the recipients to call a number and confirm the code printed on their SIM card. This type of phishing trick is used to collect SIM information, which could then be used by scammers to approach telecom vendors in order to transfer the real phone number to a new SIM.

My Big Pay cryptocurrency scammer indicted
My Big Pay cryptocurrency scammer has been indicted and charged over alleged $6m scam. The defendant named Randall Crater 48 has been indulged in multiple counts of wire fraud and illegal monetary transactions linked to his company ‘My Big Coin Pay’, which is a virtual currency wallet and platform. The cryptocurrency scam defrauded almost 28 investors out of $6 million.


http request application command injection bug
adwind rat
authentication bypass vulnerability
unprotected mongodb
sim card scam
fileless malware
zero day vulnerabilities
remote server os command injection bug
default credential bug

Posted on: March 05, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite