Daily Threat Intelligence Cybersecurity News November 22, 2022
API mishandling can lead to bad circumstances. Users of a popular API solution, deployed by thousands of companies, are in trouble as their data could be at risk from hundreds of apps with insecure implementations. The Daixin Team is on a roll as they leaked some data belonging to a Malaysian airline. ‘Tis the holiday season and you’ll need gift cards but beware of one such scam that promises free gift cards but gifts you malware instead. Here are the top 10 highlights from the past 24 hours.
CloudSEK researchers found around 1,500 apps leaking the Algolia API key & Application ID, possibly exposing user data. Algolia API is used by 11,000 companies, including Slack and Medium.
The Daixin Team claimed to have gained access to the personal data of five million unique passengers and employees of AirAsia. The threat actor published sample data containing booking IDs.
Tehama County, California, started notifying employees, service recipients, and affiliates of a data breach that potentially impacted their personal information, including SSNs.
An undisclosed number of DraftsKings customers ended up losing $300,000 to an alleged credential stuffing campaign. However, no signs of breach have been found yet.
A new Tesco gift card scam is targeting visitors by claiming that they can receive gift cards worth between $100 and $500 and leading them to malicious domains.
SEKOIA discovered at least seven threat groups who have been increasingly adopting the new Aurora info-stealer in their activities.
A crypto-stealing phishing campaign is abusing Microsoft Azure Web Apps service to evade MFA and steal cryptocurrencies from Coinbase, KuCoin, Metamask, and Crypto.com accounts.
New research by Trellix revealed that phishing attempts against victims in the Middle East surged by 100% since last month, owing to the upcoming World Cup in Qatar.
The DOJ announced the seizure of seven domains related to ‘pig butchering’ schemes that ended up costing five victims over $10 million from May to August.
VenomSoftX, a malicious Google Chrome extension, was found being deployed via cracked software. It can conduct man-in-the-browser attacks, steal cryptocurrencies, and perform other nefarious activities.