Go to listing page

Cyware Daily Threat Intelligence March 06, 2019

Cyware Daily Threat Intelligence March 06, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Caller ID app data leak
An unprotected MongoDB database belonging to Dalil, a caller ID app for Saudi Arabia, has exposed nearly 585.7GB of personal data. The database was left open on the internet without any password protection. It contained sensitive data of around 5 million users such as their mobile numbers, app registration data, device details, telecom operator details and GPS coordinates. Based on the country code associated with the data, researchers found that the misconfigured database also contained information belonging to Egypt, Emirati, European and Israeli users.     

27 universities targeted
A new report revealed that Chinese hackers targeted 27 prominent universities across the world to steal maritime technology secrets. The attack was performed using phishing emails. The universities affected by the attack include the names of the Massachusetts Institute of Technology, the University of Washington, and other colleges in Canada and Southeast Asia. The attackers primarily targeted those universities which were either involved in underwater technology or had faculties with relevant backgrounds.

Top Malware Reported in the Last 24 Hours

Jokeroo Ransomware-as-a-Service
A new ransomware-as-a-Service named Jokeroo is being promoted on the underground hacking forums and via Twitter. The RaaS can allow hackers to gain access to fully functional ransomware and payment server. Security researchers noted that the Jokeroo Raas was first promoted as GandCrab ransomware Raas in the underground hacking forum ‘Exploit[.]in.

Triton malware
In 2017, a Middle Eastern petrochemical facility became the first known victim of Triton malware. Security experts discovered that the malware was deployed by cybercrooks in order to take over the plant’s safety instrumented systems. However, a flaw in the code of the malware revealed the hackers intention and the attack was prevented before it could do any harm. If the malware had no errors in the code, then the intruders could have disabled or tampered with systems. They could then have used other software to make equipment at the plant malfunction, the consequences of which could have been catastrophic.  

Docker servers serve Cryptominer
About 400 servers running virtualization software Docker have been found to be vulnerable to outside exploitation. These vulnerable servers are being used to run a Monero mining malware. The data on these weakly protected servers is also accessible by the hackers, including some unencrypted credentials.

Top Vulnerabilities Reported in the Last 24 Hours

RCE flaw in Joomla! CMS platform
A known flaw in the popular Joomla! CMS platform is being leveraged by cybercriminals to conduct large-scale phishing and spam operation. Researchers have termed the attack as ‘Jmail Breaker’. To carry out the campaign, hackers first exploit a known object injection remote-code execution (RCE) flaw to inject code into the User-Agent header field in HTTP requests.

An old flaw emerges in MS Office
A previously known bug in the Microsoft Office has been found to be exploited in the wild. Attackers can use the flaw to bypass security solutions and sandboxes. The flaw exists in the OLE format and arises due to improper handling of the Microsoft Word. The flaw can allow attackers to hide exploits in weaponized Word documents without triggering the AV solutions.

Deserialization flaws in jackson-databind
Researchers have discovered several deserialization flaws in jackson-databind, a fast and powerful JSON library for Java. The flaws affect FasterXML jackson-databind 2.x before 2.9.8. The vulnerabilities could allow an unauthenticated user to perform code execution. In order to stay safe, users of Debian 8’Jessie’ must update to version 2.4.2-2+deb8u5.  

Top Scams Reported in the Last 24 Hours

Scammers spoof telephone numbers
The US Department of Homeland Security (DHS) is warning citizens about a new telephone fraud. Here, the scammers pretend to be employees of ‘US Immigration’ and trick users into revealing their personally identifiable information. The scammers also pose as law enforcement officials to dupe users. The tricksters alter caller ID systems to make it appear that call is coming from legitimate offices.    

Taxpayers tricked
IRS has issued a warning to all American taxpayers about bogus tax scams that are aimed at stealing personal information. These scams are performed via fake emails, bogus texts and phony websites. Criminals pretend to be a tax professional and trick users into revealing their personal and financial data. Taxpayers should wary of emails that have a threatening tone or promise big refunds.    


remote code execution rce flaw
unprotected mongodb databases
jokeroo ransomware as a service
triton malware
chinese hackers

Posted on: March 06, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite