Cyware Daily Threat Intelligence, August 04, 2020

Share Blog post

Federal agencies in the U.S. have lately been releasing several alerts to warn organizations in different sectors about ongoing cyber crimes and attacks. In the last 24 hours, they have released two different security advisories about a new variant of Taidoor malware and a new e-commerce fraud.

The new Taidoor malware variant, which has been spotted in recent attacks, is installed on victims’ systems as a service Dynamic Link Library (DLL). On a tangent, the new e-commerce fraud is carried out via fake shopping websites advertised on different social media platforms.

The notoriety of the Maze ransomware gang has again come to light in the last 24 hours. The operators have published over 70GB of data stolen from LG and Xerox following failed ransom negotiations.

Top Breaches Reported in the Last 24 Hours

Regis attacked
Australian senior care operator Regis has been hit by a cyberattack conducted by foreign threat actors. This has affected the personal data of a small number of residents at Regis facilities and a staff member.

Blacklist Alliance leaks data
The Blacklist Alliance had leaked phone numbers, email addresses, phone numbers, and passwords of all its customers due to a misconfigured database. The leaked data also included thousands of documents, emails, spreadsheets, and images tied to countless phone numbers. The leaky database was fixed soon after the incident was reported to the firm by researchers.

Zello resets passwords
The push-to-talk app, Zello, has disclosed a data breach that affected its users’ email addresses and hashed passwords. The incident occurred due to unauthorized access to one of their servers. As part of the security response, the firm has reset passwords of all its users. 

Maze gang publishes data
Maze ransomware operators have published around 70GB of internal data stolen from LG and Xerox following failed extortion attempts. While 50.2GB of leaked data belongs to LG, 25.8GB of data is related to Xerox.

Kentucky suffers the second breach
Kentucky’s unemployment insurance system has suffered a second breach in four months after a claimant was able to view another claimant’s personal data. The leaked data included Social Security numbers and other personally identifiable information.

Top Malware Reported in the Last 24 Hours

New Taidoor variant
U.S. government agencies have published an alert about a new version of the Taidoor malware associated with Chinese state-sponsored hackers. The new variant is installed on victims’ systems as a service dynamic link library (DLL). This DLL file, in turn, contains two other files. The first file is a loader, which is started as a service. The loader decrypts the second file and executes it in memory, which is the main Remote Access Trojan (RAT).

Top Vulnerabilities Reported in the Last 24 Hours

High-severity Meetup flaws
High-severity vulnerabilities discovered in the Meetup platform could allow threat actors to become co-organizers of events created by users and steal funds from PayPal - a payment mode on the platform. It was affected by a cross-site scripting (XSS) vulnerability and a Cross-Site Request Forgery (CSRF) flaw.

Vulnerable Mitsubishi products
Three high-severity vulnerabilities discovered in Mitsubishi Electric factory automation products can be exploited to remotely attack organizations. The flaws are related to privilege escalation, arbitrary code execution, and Denial of Service (DoS) attacks. Mitsubishi has released patches for the flaws. 

Apple flaw discovered
A vulnerability found in Apple’s Secure Enclave chip can put the data of iPhone, iPad, and Mac users at risk. The flaw can lead to breaking the encryption of private security keys. The chip in question stores keys for passwords, the credit card information for Apple Pay, and even users’ biometric data. This new security flaw is present in all the devices running chips between A7 and A11 Bionic. However, Apple has fixed the exploit in A12 and A13 bionic chips.

Flawed Newsletter plugin
WordPress owners are advised to fix vulnerabilities in the Newsletter plugin that can allow attackers to inject backdoors, create rogue admins, and potentially take over websites. The flaws are related to a reflected Cross-Site Scripting (XSS) and a PHP Object Injection vulnerability.

Top Scams Reported in the Last 24 Hours

Online shopping fraud
The FBI has warned about a new wave of online shopping fraud that arises from fake e-commerce websites. These websites are advertised on social media platforms that take orders for a wide range of products and then never deliver. These websites use top-level domains such as ‘.club’, ‘.top’ and have been registered within the last six months.

 Tags

mitsubishi heavy industries ltd
zello
blacklist alliance
xerox
maze ransomware
taidoor malware

Posted on: August 04, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!