Share Blog Post
Cybercriminals are indeed smitten by the potential of the AZORult banking trojan. The trojan, which was first observed in 2016, has now been enhanced with new capabilities. Security researchers are calling this new variant ‘AZORult++’ as it is written in C++ language. The malware’s capabilities include harvesting users’ credentials, browser history and cookies. This all-new AZORult++ trojan has been observed targeting enterprises in Russia and India.
In the realm of data breaches, the United States Federal Emergency Management Agency has inadvertently shared sensitive data of more than 2 million US disaster survivors with one of its contractors. The incident has affected the victims who had sought temporary housing after Hurricanes (Harvey, Irma & Maria) and a series of California wildfires in 2017. The information exposed in the data breach includes applicants' names, dates of birth, disaster numbers and eligibility time frame.
In another incident, a popular video streaming site, Kanopy has fixed a misconfigured ElasticSearch database that was leaking personal information of its users. The leaky database reportedly contained between 25-40 million daily logs. Also, a cyber attack at the Dubai British School, Jumeirah Park (DBS JP), has resulted in the compromise of the school’s complete network. The attackers used password spraying technique to gain access to the network and compromise a number of staff email accounts.
Top Breaches Reported in the Last 24 Hours
FEMA data leak
The United States Federal Emergency Management Agency has inadvertently shared the personal and banking information of over 2 million US disaster survivors with one of its contractors. Those affected in the incident includes the victims of California wildfires (2017) and Hurricanes Harvey, Irma & Maria (2017). The data exposed includes applicants' names, dates of birth, disaster numbers and eligibility time frame.
Dubai British School suffers an attack
The Dubai British School, Jumeirah Park (DBS JP) has suffered a cyber attack. The attackers leveraged password spraying technique to gain control over the networks. They managed to compromise a number of staff email accounts. Upon discovery, the school has alerted the parents about the incident. In addition, it has also reset the passwords of all compromised accounts.
Kanopy data leak
Video-streaming site Kanopy has fixed a leaking ElasticSearch server that exposed the sensitive data of its users. The misconfigured database reportedly contained between 25-40 million daily logs. The logs contained information such as users' geographical information, timestamp and device types.
Top Malware Reported in the Last 24 Hours
BokBot's core module
Researchers have published a step-by-step analysis of the inner workings of the BokBot proxy module. The banking trojan, which was first observed in April 2017, is able to augment its capabilities by retrieving several modules, including the one that runs a local proxy server. This proxy module is later injected into a spawned svchost child process in order to initialize the infection process. The proxy server is attached to the address 127[.]0[.]0[.]1 on TCP port 57391. BokBot is a complex piece of malware which is used to steal sensitive information from users.
A new variant of AZORult dubbed as AZORult++ has been detected by researchers recently. The malware is written in C++ and is capable of amassing credentials, browser history and cookies. The data, thus collected, is then sent to the command-and-control (C2) server of the attackers. The malware is reportedly used to target victims in Russia and India. Like AZORult 3.3, AZORult++ uses an XOR encryption scheme to encrypt data before sending it to C2 server.
Top Vulnerabilities Reported in the Last 24 Hours
36 new flaws in the LTE protocol
Security researchers have discovered 51 security flaws in Long-Term Evolution (LTE) protocol. Out of these, 36 have been identified as new flaws. These vulnerabilities can allow attackers to execute a series of nefarious activities such as disrupting mobile base stations, blocking incoming calls and sending spoofed messages.
Flaws in JSOs
Attackers can leverage the vulnerabilities in Java Serialized Objects (JSOs) to gain remote control of systems running Java applications. Many bugs abusing JSOs are found in enterprise products such as Oracle WebLogic, IBM WebSphere, Cisco Secure Access Control System (ACS), HPE Intelligent Management Center (IMC), and VMware's vSphere Integrated Containers.
A flaw in Font_Organizer plugin
Posted on: March 25, 2019
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.