Cyware Daily Threat Intelligence, April 15, 2020

Share Blog post

Security patches are crucial as they tend to make vulnerable devices and software more secure and resilient against cyberattacks. In the latest release of Patch Tuesday update, Microsoft has addressed a total of 113 flaws - two of which are exploited in the wild - that affect a wide range of its products. Intel, too, has issued patches for nine vulnerabilities affecting its software products and firmware. Siemens, on the other hand, has issued advisories for a newly discovered SegmentSmack vulnerability, along with other security flaws, that impact the products of other major software vendors.

The past 24 hours also saw two new cyberattacks that leveraged the COVID-19 pandemic. While one campaign distributed a variant of EDA2 ransomware and AgentTesla keylogger to healthcare organizations, the other made use of a fake ‘Coronavirus Updates’ app to spread spyware.

Top Breaches Reported in the Last 24 Hours

MSC’s website affected
The website of the Mediterranean Shipping Company (MSC) has been defaced following a cyberattack that occurred last week. The container shipping company is currently fixing its websites and has closed down its servers located in its headquarters in the Swiss city of Geneva.

Ransomware attack
Portuguese multinational energy giant, Energias de Portugal (EDP), has suffered an attack from RagnarLocker ransomware. The operators of the ransomware have demanded a ransom of $10.9 million in bitcoin, failing which they threaten leak 10 TB of documents stolen from the firm.

Two Manitoba law firms attacked
Work at two Manitoba law firms has come to halt following ransomware attacks. The attacks have left the staff with no access to their computer systems, locking out digital files, emails, and data backups.

Top Malware Reported in the Last 24 Hours

Project Spy campaign
A potential cyber espionage campaign, dubbed Project Spy, has been detected infecting Android and iOS devices with spyware called AndroidOS_ProjectSpy.HRX and IOS_ProjectSpy.A. These spyware are distributed as an app called Coronavirus Updates that has seen a significant number of downloads in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.

Google removes 49 extensions  
Google has removed 49 Chrome extensions that were designed for stealing users’ private keys and mnemonic phrases. These extensions mimicked cryptocurrency wallet apps like Ledger, MyEtherWallet, Trezor, and Electrum.

COVID-19-themed phishing email
A Canadian government healthcare organization and a university medical research group were targeted by a variant of EDA2 ransomware and AgentTesla keylogger in COVID-19-themed phishing email attacks. The emails were sent under the pretext of the Word Health Organization with the subject line, ‘COVID-19 supplier notice’ to trick the targeted organizations.

Phishing attacks on Slack webhooks
Researchers have found that Slack’s Incoming Webhooks is vulnerable to phishing attacks. In order to initiate the exploit, attackers have to send malicious messages to a leaky webhook. This allows them to exfiltrate data from the workspace where the app is installed.

Nemty ransomware to shut down 
The operators of the Nemty ransomware have decided to shut down their services after ten months in operation. The ransomware, which made its first appearance in the summer of 2019, has failed to establish itself as a top player in the ransomware market. It shares similarities with a recently discovered Nefilim ransomware.
  
Top Vulnerabilities Reported in the Last 24 Hours

SegmentSmack flaw
Siemens has released six advisories, including three that inform customers about the impact of the SegmentSmack vulnerability, for its April 2020 Patch Tuesday Updates. SegmentSmack flaw, which is a collection of two flaws - CVE-2018-5390 and CVE-2018-5391 - affects products from ten major software vendors 

Microsoft patches 113 flaws
Microsoft has patched 113 flaws as part of its April 2020 Patch Tuesday Updates. Two of these flaws are remote code execution vulnerabilities (CVE-2020-1020 and CVE-2020-0938) that are actively exploited in the wild. The flaws impact Microsoft’s Windows, Edge, Internet Explorer, Office, Windows Defender, Dynamics, and apps for Android and Mac.

Adobe patches five flaws
Adobe has issued patches for five vulnerabilities affecting its ColdFusion, After Effects, and Digital Editions software. Three of these flaws are rated as ‘Important’ on the CVSS scale and are related to insufficient input validation, DLL hijacking, and improper access control.

Intel fixes nine bugs
Intel has addressed nine security vulnerabilities, all of them being rated as ‘High’ and Medium’ severity on the CVSS scale. The flaws affect multiple software products and firmware. Four of these flaws are privilege escalation vulnerabilities.

Flawed Microsoft Media Foundation
Microsoft Media Foundation is riddled with an information disclosure vulnerability that could allow an attacker to remotely execute code on a victim’s machine. The flaw, identified as CVE-2020-0939, affects Microsoft Media Foundation version 10.0.18362.476 and Windows Media Player version 12.0.18362.449.

Top Scams Reported in the Last 24 Hours

FBI warns of ongoing BEC scams
The Federal Bureau of Investigation (FBI) has warned government agencies and healthcare organizations of ongoing schemes that exploit the COVID-19 pandemic. The agency has highlighted multiple instances where fraudsters scammed state government agencies that were trying to buy personal protective equipment (PPE) and medical equipment from both domestic and foreign entities. These fraudsters tricked government agencies to pay for goods or services that actually did not exist.

 Tags

agenttesla keylogger
microsoft media foundation
segmentsmack flaw
slack webhooks
mediterranean shipping company msc
androidos projectspyhrx
covid 19 themed phishing email

Posted on: April 15, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!