Go to listing page

Cyware Daily Threat Intelligence, March 27, 2019

Cyware Daily Threat Intelligence, March 27, 2019

Share Blog Post

Ursnif, the infamous banking trojan is back in action in a fresh wave of cyber attacks. The prolific malware which has been around in one form or the other for years is now spreading its tentacles across several organizations in Italy. Security experts have found that the attackers are leveraging malicious VB scripts to distribute the Trojan. This malign VB script comes hidden in a compressed archive embedded within an innocent looking email.

That’s not all. Hacker groups and online fraudsters have come up with a new attack technique to steal more payment card details from Magento-based online shops. They are abusing the PayPal Payflow Pro integration feature included in Magento 2.1.x and 2.2.x versions to test the validity of stolen cards. Experts believe that Magento 2.3.x versions might also be vulnerable to such attacks.

Security patches for some of the serious vulnerabilities were also released in the past 24 hours. This includes a security patch for a high severity bug found in NVIDIA GeForce Experience software. The bug could allow local attackers to perform a series of nefarious activities such as gaining elevated privilege and launching DoS attacks. Also, Mozilla has fixed two vulnerabilities discovered in Thunderbird. The flaws could enable the attackers to take control of an affected system.  

Top Breaches Reported in the Last 24 Hours

Over 110,000 Australians affected
An internal document from Freedom of Information Laws revealed that an estimated 111,813 Australian users were affected by the massive cyberattack on Facebook in September 2018. The hackers had gained access to sensitive details of these users. While 47, 912 Australians had their names, email addresses, and phone numbers compromised, there were some 1,595 users whose private Facebook messenger conversations had been accessed by the hackers. Some 62,360 users had their hometown, most recent check-ins, birth dates, education, work history, Facebook search history, names, email addresses, phone numbers, gender, relationship status and religion compromised in the attack. The firm has notified all the affected Australian users about the breach.

Top Malware Reported in the Last 24 Hours

Ursnif trojan is back
Researchers have observed that attackers are using Ursnif trojan to target organizations in Italy. The malware is distributed via malicious VB script that comes embedded within a compressed archive. Once launched, the Trojan connects to the C2 server to receive additional commands or code. It is believed that the attack has been active since March 5, 2019.

Attackers target Magento
Researchers have found that scammers and hackers are abusing the PayPal Payflow Pro Integration feature in Magento to test the validity of stolen payment card details. The feature is available in Magento 2.1.x and 2.2.x versions. The PayPal Payflow Pro integration is a payment option available on Magento shops that allows an online store to process card transactions via a PayPal merchant (business) account.

Decryption keys for Hacked ransomware
Security experts have released decryption keys for the Hacked ransomware. The ransomware was first spotted in 2017 and targeted English, Turkish, Spanish, and Italian users. Once installed, the ransomware encrypted the files on victims' machines and appended them with .hacked extension.
Top Vulnerabilities Reported in the Last 24 Hours

WordPress releases a security update
WordPress has released a security update to fix cross-site scripting (XSS) vulnerability in its command module. The flaw could enable attackers to inject maliciously crafted comments on WordPress sites. It could also enable them to take over the sites.

NVIDIA patches a high severity bug
NVIDIA has released a security patch to fix a high severity bug in the GeForce Experience software. The flaw could allow potential local attackers with basic user privileges to elevate privileges, trigger code execution, and perform DoS attacks. It affects all the versions prior to 3.18.

Mozilla releases a security update
Mozilla has released a security update to address vulnerabilities - CVE-2019-9810 and CVE-2019-9813 - in Thunderbird. The flaws could enable the attackers to take control of an affected system. The security bugs have been fixed in Thunderbird 60.6.1. Therefore, users are urged to apply the necessary update.


malicious vb script
sensitive details
ursnif trojan
security bugs
cross site scripting xss vulnerability
hacked ransomware

Posted on: March 27, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite