Cyware Daily Threat Intelligence, April 21, 2020

Share Blog post

The widely used Field Programmable Gate Array (FPGA) chips have been found to be affected by a new Starbleed vulnerability. The flaw can be abused via the FPGA’s bitstream and can allow attackers to plant a backdoor in hardware or cause physical damage to industrial control systems (ICS), cloud data centers, cellular base stations, medical devices, and aviation systems.

A new screenlocker malware called ‘CoronaLocker’ has also emerged in the last 24 hours. The malware, that is distributed via a fake WiFi hacking program, locks the victim out of their Windows.

A major spearphishing campaign, that targeted the energy industry across the globe, was also uncovered in the last 24 hours. The campaign impersonated a well-known Egyptian state oil company, Engineering for Petroleum and Process Industries (Enppi), and a shipment company to drop AgentTesla keylogger.

Top Breaches Reported in the Last 24 Hours

Nintendo accounts hijacked
Nintendo has recommended its users to enable two-factor authentication, following the rise in account hijacking incidents. Over the last few months, several users have reported their accounts being hacked and accessed, with some users losing money to hackers. The mechanism behind account hacking is still unknown.

Top Malware Reported in the Last 24 Hours

CoronaLocker malware
A new screenlocker malware called ‘CoronaLocker’ is being distributed via a fake WiFi hacking program. Upon infecting a target device, the malware locks the victim out of Windows by displaying an annoying message that states,”you are infected of corona virus.” The message further asks the victim to contact attackers via a provided email address.

Spearphishing attacks
A spearphishing campaign, that impersonated a well-known Egyptian state oil company Engineering for Petroleum and Process Industries (Enppi) and a shipment company, were found targeting the energy industry across the globe. The campaign was used to deliver the AgentTesla keylogger.

New Android banking trojan
A new Android banking trojan has been found targeting users in Spain,  Portugal, Brazil, and some parts of Latin America. The trojan borrows some of its code from SMSstealer.BR and spreads through messages that redirect users to a malicious domain controlled by the attackers. The malware can help attackers process  fraudulent transactions from victims’ bank accounts.

Top Vulnerabilities Reported in the Last 24 Hours

Starbleed flaw
A potential vulnerability, called Starbleed, in Field Programmable Gate Array (FPGA) chips, can expose many mission- and safety-critical devices to attacks. In order to exploit the weakness, an attacker needs to have access to the JTAG or SelectMAP interfaces of the targeted devices.

Exploiting RCE flaw in Pulse Secure VPN
Hackers are increasingly exploiting the CVE-2019-11510 vulnerability in Pulse Secure VPN servers to deploy ransomware on the systems of US hospitals and government entities. The DHS’s CISA has urged organizations to patch the flaw with the update that was released last year.

PoC for SMBGhost RCE exploit released
Technical details of a remote code execution vulnerability, also known as SMBGhost, has been released. The vulnerability exists in the Microsoft Server Message Block 3.1.1 network communication protocol and impacts systems running Windows versions 10. It also affects Server Core installations of Windows Server, versions 1903 and 1909.

Foxit Software patches flaws
Foxit Software has patched dozens of high-severity flaws impacting its PDF reader and editor platforms. The most severe of these bugs can lead to remote code execution in the app’s Windows versions prior to 9.7.2. Some of the flaws impacting the beta version of the U3DBrowser have also been fixed in this round of security updates.

Flawed WhatsApp
A security expert reported a major flaw arising from WhatsApp’s backup design. The flaw can be exploited after an attacker validates the targeted WhatsApp account with a code sent to a victim’s phone. As a result, the app can reveal the private conversation of a victim.

Four zero-day flaws in IBM disclosed
A security researcher published details of four zero-day vulnerabilities impacting an IBM security product after the company failed to patch the bugs. The flaws impact the IBM Data Risk Manager (IDRM) tool. The four issues include a bypass authentication flaw, a command injection vulnerability, and a remote code execution flaw.

Top Scams Reported in the Last 24 Hours

FBI warns about scammers
The FBI’s Charlotte office has warned the residents not to share information from their personal lives on social media, including sensitive information as scammers are on a lookout for it. The law agency has asked people to be cautious when answering security questions while setting up their accounts on various social networks. Meanwhile, in another alert, the FBI has also warned about the rise in extortion scams as millions of people are staying at home.

2000 Coronavirus-related scams taken offline
The National Cyber Security Center (NCSC), along with other law enforcement agencies, has successfully removed more than 2000 online scams related to COVID-19, last month. This included 471 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites, 200 phishing sites, and 832 advance-fee frauds.

 Tags

coronavirus related scams
smbghost rce exploit
spearphishing campaign
foxit software
starbleed flaw
coronalocker malware

Posted on: April 21, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!