Cyware Daily Threat Intelligence, April 09, 2020

Share Blog post

The powerful Ursnif trojan, which has been active in one form or another since at least 2007, is back in a new attack that uses Mshta.exe, instead of Powershell, to infect systems. The main reason for the malware authors to switch to a new delivery method is to bypass security defenses, leaving no footprints on a victim’s system.

The past 24 hours also saw the discovery of two new attack techniques demonstrated by security researchers. One is related to the misuse of security flaws in PowerPoint’s Open XML Slide Show (PPSX) files. Termed as ‘Mouse-Over’ attack, the technique can allow attackers to bypass PowerPoint restrictions to install malware. On the other hand, the second attack technique involves the use of fake ‘3D fingerprints’ to go past the fingerprint scanners implemented on smartphones, laptops, and smart padlocks.

Top Breaches Reported in the Last 24 Hours

Maropost exposes 95 million records
An unsecured database owned by the email delivery and marketing firm, Maropost, had exposed about 95 million email records and email logs. The leaked email logs contained relevant metadata, such as the exact date and time the emails were sent. The database, which is hosted on the Google cloud server, was taken offline on April 1, 2020.

Top Malware Reported in the Last 24 Hours

Mouse-Over attack
Researchers have demonstrated a new attack technique that leverages weaknesses in a PowerPoint’s Open XML Slide Show (PPSX) files to install malware. Termed as ‘Mouse-Over’ attack, the method allows threat actors to bypass restrictions in PowerPoint and manipulate users’ files.

A new Ursnif attack campaign
A new campaign that spreads the notorious Ursnif trojan has been observed recently. The trojan is delivered via document files, titled ‘info_03_24.doc’. These documents leverage malicious Visual Basic for Applications (VBA) macro code that is used to call the main routine. The campaign is executed in three different stages to evade detection by antivirus software.

Top Vulnerabilities Reported in the Last 24 Hours

Mozilla releases Firefox 75
Mozilla has released Firefox 75 that addresses six security vulnerabilities. Out of these, three are ‘High’ severity bugs and are tracked as memory corruption bugs - CVE-2020-6821, CVE-2020-6825, and CVE-2020-6826. The remaining three vulnerabilities are rated as ‘Moderate’ on the CVSS scale.

Bisq halts trading
Bisq Bitcoin exchange has temporarily disabled trading after the discovery of a critical vulnerability in its platform. The firm plans to release v1.3.0 soon to fix the issue. Until then, users are asked not to send any funds to and from Bisq.

Vulnerable B&R Automation software
Several vulnerabilities found in B&R Automation software can allow attackers to launch attacks inside operational technology networks. The security holes are related to Automation Studio’s update service and are tracked as privilege escalation flaws, incomplete encryption & validation issues, and path traversal flaws.

‘Fake Fingerprints’ bypass scanners
Researchers have found that 3D printing technology can be used to bypass most fingerprint scanners used by mobile devices from Apple, Samsung, and Microsoft. The technology has also been successfully tested on laptops and smart padlocks.

 Tags

ursnif attack
mouse over attack
maropost
bisq bitcoin exchange

Posted on: April 09, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!