Go to listing page

Cyware Daily Threat Intelligence, March 15, 2019

Cyware Daily Threat Intelligence, March 15, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Misconfigured ElasticSearch database
An unprotected ElasticSearch database has exposed profiles of almost 33 million Chinese job seekers. The database contained around 57GB of data. Although the owner of the database is unknown, it is found that the databases contained critical information like job seeker’s username, gender, age, current city, home address, email address, phone number, marriage status, job history, education history, and salary history. Upon discovery, the leaky database was secured by security experts.

Sizmek’s account breach
Sizmek, an American online advertising platform, has confirmed that hackers are reselling access to a user account that can enable anyone to modify the existing ads and offers. The compromised user account is posted on a Russian-language cybercrime forum at a price starting at $800. If threat actors gain access to the account, they can add new users to the ad system by injecting malicious scripts into the HTML code.  Following the discovery of the breach, Sizmek has forced a password reset on all internal employee accounts.

Pakistan government site compromised
Attackers have compromised Pakistan’s Passport Application Tracking site. This allowed them to log the keystrokes of visitors entering their personal information into the site. Details like names, addresses, and phone numbers of passport applicants may have been captured by the attackers.     

Top Malware Reported in the Last 24 Hours

GandCrab 5.2 ransomware
Attackers are leveraging ‘Fake CDC flu warnings’ to distribute GandCrab 5.2 ransomware. The attackers send phishing emails under the subject line of ‘Flu Pandemic Warning’. However, a close look reveals that the email comes from a sender ‘Peter@eatpraynope[.]com’ which has nothing to do with the Center for Disease Control (CDC).  

JS Sniffer malware
Researchers have come across seven sites in the US and the UK that have been infected by a new JS (JavaScript) Sniffer. The malware is designed to secretly swoop into the sites and steal payment card details of visitors. The companies that are affected by the malware are Fila, Jungleeny, Forshaw, Absolute New York, Cajungrocer, Get RXd and Sharbor.

DanaBot control panel decoded
In the latest research, researchers have discovered the control panel application of DanaBot trojan. The control panel is written in Delphi language. Once the threat actors buy access to the control panel system, they can create and configure their own DanaBot malware and use it to steal data like credentials, financial accounts and more.  
Top Vulnerabilities Reported in the Last 24 Hours

Nasty WinRAR bug
Cybercriminals are still exploiting a recently patched critical remote code execution vulnerability (CVE-2018-20250) in WinRAR. The vulnerability was patched in February 2019. However, many users are still using the unpatched versions of WinRAR, leaving them vulnerable to several cyber attacks. Successful exploitation can enable attackers to take full control of targeted systems.

Cisco issues security advisories
Cisco has issued security advisories for two critical vulnerabilities  - CVE-2018-0389 and CVE-2019-1723. While the first flaw exists in Cisco Small Business SPA514G IP phones, the second flaw is in the Cisco Common Services Platform Collector releases 2.7.2 through Cisco has issued a patch for only CVE-2019-1723.  

Ubuntu 14.04 LTS updated
Canonical has released a Linux kernel security update for Ubuntu 14.04 LTS (Trusty Tahr) operating system series, and its derivatives. This includes  Kubuntu, Xubuntu, Lubuntu, Ubuntu Kylin, Ubuntu Studio, Mythbuntu, and others. The update is for the recently disclosed zero-day vulnerability CVE-2019-6133.  All the users of Ubuntu 14.04 LTS (Trusty Tahr) are urged to update their installations to “Linux-image 3.13.0-166.216” for 32-bit, 64-bit, and PowerPC 64-bit installations.  

Top Scams Reported in the Last 24 Hours
Phone scams
The US Drug Enforcement Agency (DEA) is alerting users about a new phone scam in which scammers are impersonating the agency’s employees. The scam aims at stealing payment and personal information from users and DEA-registered medical practitioners. The scammers claim to be well-known DEA senior officials or offer fake names and badge numbers, and take an urgent, aggressive tone with the prospective victims. They threaten the users that they will be sent to prison if a fine is not paid. Scammers pressure potential victims to pay via wire transfer or gift cards. However, users should know that DEA never contacts the public by phone to demand money or any other form of payment.   


elasticsearch database
js sniffer malware
gandcrab 52 ransomware
remote code execution vulnerability

Posted on: March 15, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite