Cyware Daily Threat Intelligence April 23, 2018

Vulnerabilities in APC UPS
Several security vulnerabilities have been discovered in management cards for APC by Schneider Electric hardware. One of the vulnerabilities (CVE-2018-7243) is found in the built-in web server (port 80/443/TCP) and allows a remote attacker to bypass the authentication system. Users are advised to replace vulnerable management cards with NMC kit G5K9635CH on the Galaxy 5000, Galaxy 6000, and Galaxy 9000 to stay safe.

Patches for SAML implementation bug
Cisco released security patches addressing the SAML implementation bug found in its SAML Single sign-on (SSO) authentication for Cisco’s ASA, Firepower, and Any Connect software. The flaw (CVE-2018-0229) exists due to the absence of any defense mechanism for the ASA and FTD software. A successful exploit could allow the attacker to hijack a valid authentication token.

IE zero-day exploited
A Windows zero-day vulnerability was spotted by security researchers from Chinese AV maker Qihoo 360, in the Internet Explorer kernel code. This zero-day uses a so-called ‘double-kill’ vulnerability in order to infect victim's systems with malware. Cyber attack on Careem
Careen, the popular ride-sharing service in Dubai, was recently attacked by hackers resulting in a data breach incident. Personal information of about 14 million people in the Middle East, North Africa, Pakistan, and Turkey was stolen. On the brighter side, there's no evidence of password or credit card numbers of the users being stolen. No fraud activity using the stolen information has been registered yet.

Chinese hackers target Japanese defense companies
Japanese defense firms are being targeted in order to steal information on Tokyo’s policy toward resolving the North Korean nuclear impasse. Security experts believe that a China-based espionage group, APT 10 is behind these attacks. The group has historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan.

Database of 10,000 medics exposed
Health Stream, a US healthcare company, has supposedly exposed contact information for roughly 10,000 medical professionals on the public internet. The website is currently inaccessible. Even though the records were taken offline, leaked data is still available in different online caches. Fake gift messages on WhatsApp
The Communications and Information Technology Commission (CITC) in Saudi Arabia is warning all WhatsApp users to stay safe from a new scam spreading via WhatsApp messages. The messages contain malicious links and attachments, clicking on which will result in victims losing access to their accounts. Using these accounts, scammers trick the victim's friends and family members into buying online gift cards.

Chinese speakers in the US are being targetted
The Federal Trade Commission issued warning regarding a phone scam targeting Chinese speakers in the US. Users are receiving phone calls, claiming to be from the Chinese consulate, requesting them to pick up packages from or provide data. Users are urged not to disclose any personal data like banking, credit card, or Social Security information to anyone who calls up.