Cyware Daily Threat Intelligence, August 05, 2019

See All
A newly discovered ransomware, dubbed as GermanWiper, has been found targeting users in Germany. The ransomware is known to destroy the data on victims’ computers by replacing the file content with zeros and later appends the files with a random five-character extension.
Security researchers have discovered two more Dragonblood vulnerabilities which were first discovered in the WPA3 standard in April this year. The flaws can allow attackers to leak information cryptographic operations. They can also enable attackers to brute-force a Wi-Fi network’s password. 

The past 24 hours also saw the discovery of a new exploit kit dubbed Lord. The tool kit abuses a use-after-free vulnerability in Flash Player to deliver payloads. At first, it was reported to deploy njRAT trojan. However, it was found that the threat actors are using it to distribute ERIS ransomware. 

Top Breaches Reported in the Last 24 Hours

200 million compromised accounts
Cofense Labs has published a database of over 200 million accounts that were compromised in a large sextortion scam. The scam was conducted using a botnet that was bought on rent in June 2019. The botnet primarily used sextortion emails for propagation. 

Presbyterian data breach
Presbyterian Healthcare Services has suffered a potential data breach, affecting around 183,000 patients and health plan members. The breach allowed access to names, birth dates, Social Security numbers and other types of information of patients. The incident occurred after the firm’s employees fell victim to a phishing email.

Murfreesboro city government website hacked
The payment website for the water and sewage department of Murfreesboro city has been hacked. Due to this, customers won’t be able to make online payments. The attack has been limited to the online portal page. However, no customer information was accessed in the hack.  

Misconfigured Jira servers
Organizations like Google, Yahoo, NASA, Lenovo, Zendesk as well as several governing bodies have been found leaking sensitive data due to misconfigured Jira servers. The sensitive data includes names, roles and email addresses of employees involved in various projects of an organization.  

IKEA exposes 410 email addresses
IKEA Singapore has inadvertently exposed 410 email addresses to other customers due to a human error. It has added these addresses in the ‘To’ field of delivery promotion email sent to other customers. The company has reported the issue to the Personal Data Protection Commission of Singapore (PDPC). 
    
Top Malware Reported in the Last 24 Hours

GermanWiper ransomware
GermanWiper ransomware is a newly discovered ransomware that wipes out entire content from the files of victims’ computers and asks a ransom to recover it. Apparently, the malware works more as a disk wiper rather than ransomware. In order to trick users to think that an encryption process has occurred, it appends the files with a random five-character extension such as .08kJA, .AVco3, or .Fi2Ed. 

Lord exploit kit
Lord is a newly discovered exploit kit that uses a compromised site to redirect users to a malicious landing page. It exploits a use-after-free vulnerability (CVE-2018-15982) in Flash Player to download its payloads. The initial payload was njRAT, however, the threat actors switched to distributing ERIS ransomware. 

2.1 million records held for ransom
Around 2.1 million customer records left exposed on a publicly accessible MongoDB database has been held for a ransom. The database belongs to a bookseller in Mexico named Librería Porrúa. The exposed information includes invoices, shopping cart IDs, payment card info, full names, email addresses, phone numbers, discount codes, and birth dates. 

Top Vulnerabilities Reported in the Last 24 Hours 

New Dragonblood vulnerabilities
Two new vulnerabilities have been added to the recently discovered Dragonblood vulnerabilities. The flaws allow attackers to leak information from WPA3 cryptographic operations. The flaws can also enable attackers to brute force a Wi-Fi network password. The two security issues are CVE-2019-13377 and CVE-2019-13456. While the first flaw impacts the WPA3's Dragonfly handshake when using Brainpool curves, the second one affects the EAP-pwd implementation for FreeRADIUS framework.    

Top Scams Reported in the Last 24 Hours

‘Unsubscribe request’ scam
Scammers have been found sending ‘unsubscribe’ notification emails to users. These emails are sent in different templates, with some seeming professional. While the content of the email does not include the service name which needs to be unsubscribed, it is believed that the scammers are using the tactic to check whether the email accounts are live or not. These email addresses are stored for use in other lucrative email scams such as phishing, diet pills, vitamins, and loans. The emails for this scam go with subjects like “Confirm your unsubscribe request” or “Client #980920318 To_STOP_Receiving These Emails From Us Hit reply And Let Us Know”. 

Fine payment scam
The French police are alerting users about a scam email asking victims to pay a fine through a fake government website. The website looks similar to the official government's fine payment website www.amendes.gouv.fr. However, the scammers have altered the domain of the website and replaced it with ‘gov-fr’ and ‘.net’.   




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 06, 2019
Next
Cyware Daily Threat Intelligence, August 02, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.