Go to listing page

Cyware Daily Threat Intelligence, May 27, 2019

Cyware Daily Threat Intelligence, May 27, 2019

Share Blog Post

The terror of the ‘Gnosticplayers’ hacker has struck again. The infamous hacker who had earlier put up stolen data of 932 million users for sale on the dark web, has reportedly hacked an Australian-based graphic design company Canva. The hacker has pilfered data of roughly 139 million users. The stolen data includes users’ names, email addresses, and physical addresses. A part of stolen data included password hashes for 61 million users.

Two serious data breaches due to misconfigured databases were also reported in the past 24 hours. In one incident, an unsecured Elasticsearch database had exposed  212,220 records belonging to an Australian company named AmazingCo. On the other hand, Amadeus had leaked personal and travel information of millions of Israeli users due to an unsecured database.

The misconfigured database belonging to the online travel firm Amadeus contained the information on 36 million booked flights, 15 million passengers and 700,000 visa applications. The breached database also included details of over one million hotel bookings. The leaky database has now been secured and is no longer available on the internet.  

Top Breaches Reported in the Last 24 Hours

Gnosticplayers steal 139 million records
The ‘Gnosticplayers’ hacker has hacked an Australian-based graphic design company Canva to steal data fo roughly 139 million users. Stolen data includes customers’ usernames, real names, email addresses, and physical addresses. For 61 million users, password hashes have also been compromised. Around 78 million compromised users had linked their Gmail accounts with their Canva accounts.

AmazingCo data breach
Another Australian company named AmazingCo has exposed 212,220 records following a security lapse. The data leak has occurred due to a misconfigured Elasticsearch database. The 212,220 exposed records belong to 174,000 clients that were entered in a folder named ‘Customers’. The records included client names, email addresses, home addresses, phone numbers, and feedback. The folder also included details about the booked events on children’s entertainment and wine tours.

Amadeus data leak
Amadeus suffered a data breach following an unprotected database. The incident resulted in the exposure of records of millions of Israeli travelers including the nation’s Prime Minister. The database contained personal and travel information for 15 million passengers covering 36 million flights, one million hotel bookings. The leaked databased also exposed 700,000 visa applications. Upon learning this, the firm immediately took the database offline and secured it.

Top Malware Reported in the Last 24 Hours

A Bitcoin Scam delivers malware
Threat actors are leveraging a Bitcoin scam to distribute ransomware or an info-stealing trojan onto the victims’ computers. The scam involves the use of several fake websites that promise the users of $15-$45 worth of Bitcoins by running a ‘Bitcoin Collector’ program and 3 Ethereum tokens worth around $750 by referring other people. Once the ‘Bitcoin Collector’ program is launched, it results in the download of malware. Earlier, the program was used to drop ‘Marozka Tear’ ransomware. However, in the recent campaigns, the threat actors have shifted the payload to a trojan called Baldr.

GandCrab ransomware is back
Hackers are scanning the internet for Windows servers that are running MySQL databases to infect systems with GandCrab ransomware. The attack is initiated using SQL database commands that uploads a smaller piece of DLL on to the server. This DLL is later invoked to retrieve GandCrab ransomware hosted on an IP address in Quebec, Canada.  

Top Vulnerabilities Reported in the Last 24 Hours

Patch for BlueKeep flaw released
Microsoft has released a security patch for a newly discovered vulnerability named BlueKeep. The flaw is designated as CVE-2019-0708 and affects older versions of the Windows OS such as XP, 7, Server 2003 and Server 2008.  The vulnerability can be exploited on a machine that runs Remote Desktop Protocol (RDP). In the latest report, security researchers have reported that the threat actors are actively scanning the internet for Windows systems that are vulnerable to BlueKeep vulnerability to launch their malicious activities.  

A flaw in macOS
A potential vulnerability has been discovered by security researchers that can allow the threat actors to bypass the macOS Gatekeeper protection. The vulnerability arises when a user opens an app on a Mac. By bypassing the security protection, the attackers can run malicious code. The latest 10.14.5 macOS version is vulnerable to the flaw.

PACS servers pose a threat
PACS server that is built using a framework called Dicoogle pose a threat to the Medical Sector.   The flaw exists due to the improper set up of Dicoogle. The issue lies in the access control of Dicoogle servers. It allows access to its front-end web panel with absolutely no IP or MAC address restrictions. Researchers also came across implementation errors such as the server using default credentials, which are built into Dicoogle when first installed – username and password both being ‘dicoogle.’
Top Scams Reported in the Last 24 Hours

Payroll diversion scam
Hackers have been found stealing users’ account details in a new phishing scheme. Termed as ‘payroll diversion’ by FBI, the scheme involves gaining details of a person’s online payroll account. This method has increasingly become a favorite among hackers. Once the hackers are successful, they change the account details for the direct deposit payments to a compromised account. This is conducted by leveraging phishing emails that appear to come from legitimate people working in the banks. During the diversion of payroll, the hacker makes sure that the victim is not notified of the changes made to his online payroll account.


gandcrab ransomware
marozka tear ransomware
baldr trojan
bitcoin scam
bluekeep flaw

Posted on: May 27, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite