Cyware Daily Threat Intelligence, August 05, 2020

Share Blog Post

Malicious extensions, involved in cookie-stuffing and ad fraud, continue to breed day by day. Researchers have detected a total of 295 malicious extensions being used to insert unwanted ads inside Google and Bing search results. These extensions pose as ad-blockers, weather forecast widgets, and screenshot capturing utilities to trick users.

Meanwhile, WastedLocker ransomware operators have now gone the extra mile to avoid detection by security software. The malware has now been found abusing a Windows memory management feature as part of its anti-analysis techniques.

In other developments, Google has released patches for over 50 vulnerabilities in this month’s security updates. Nearly 40 of these flaws affect the AMLogic, Kernel, MediaTek, and Qualcomm components of Android.

Top Breaches Reported in the Last 24 Hours

Pulse Secure VPNs compromised
A hacker has published a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. Security researchers noted that all the compromised VPN servers were running a firmware version affected by the CVE-2019-11510 vulnerability. This is how the hacker gained access to the systems.

UberEats data leaked
Login credentials of 579 customers and details of 100 delivery drivers associated with UberEats have been leaked on the dark web. Among the exposed information are full names, contact numbers, trip details, bank card details, and account creation dates of users.

LockBit ransomware attacks
According to an Interpol report, medium-sized companies based in America are being actively targeted by the LockBit ransomware. The operators use the publicly available CrackMap Exec penetration testing tool to move laterally across a victim’s network.

Beaumont Health data breach
Beaumont Health has warned around 6000 patients about a phishing-related data breach that occurred between January 3, 2020, and January 29, 2020. The compromised data includes names, dates of birth, diagnosis codes, and medical record numbers of patients.

BDA affected
The British Dental Association (BDA) revealed that it was breached on July 30 and could have possibly exposed information about its members. The BDA’s website has been offline since the attack.

Top Malware Reported in the Last 24 Hours

295 malicious extensions
Around 295 malicious Chrome extensions posing as ad-blockers, weather forecast widgets, and screenshot capture utilities have been found inserting unwanted ads inside Google and Bing search results. All these extensions loaded malicious code from the fly-analytic[.]com domain and are still available on the official Chrome Web Store.

WastedLocker ransomware evolves
WastedLocker ransomware is now abusing a Windows memory management feature to evade detection by security software. Additionally, the ransomware also includes a routine that opens a file, reads it into the Windows Cache Manager, and then closes the original file as part of its anti-evasion techniques.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable WOWZA system
Four new vulnerabilities discovered in WOWZA Streaming Engine, manufactured between the end of 2019 and July 2020, have been fixed by WOWZA Media Systems. The vulnerabilities, tracked as CVE-2019-19454, CVE-2019-19455, CVE-2019-19453, and CVE-2019-19456 are an “Arbitrary File Download”, “Path traversal,” and two “Cross-site Scripting” flaws (the first two with High Severity and the others with Medium one), respectively.

Vulnerable SoftPerfect RAM Disk
Two vulnerabilities discovered in SoftPerfect RAM Disk v4.1 can allow attackers to delete files and disclose sensitive information. The flaws are tracked as CVE-2020-13522 and CVE-2020-13523. The issues have been patched in with the release of new versions.

Google patches over 50 flaws
Google patches for a total of more than 50 vulnerabilities were released as part of the August 2020 security updates. Around 40 of these flaws affect the AMLogic, Kernel, MediaTek, and Qualcomm components of Android and another 14 other vulnerabilities affect the Framework, Media Framework, and System components.

Facebook plugin bug
A high severity flaw found in Facebook’s official chat plugin for WordPress sites could allow attackers to intercept messages sent by visitors to any site running the vulnerable plugins. The flaw, described as Authentication Option Change, scores 7.4 on the CVSS scale.

Top Scams Reported in the Last 24 Hours

Fake Zoom meeting scam
Scammers are using fake Zoom meeting invitations in a new phishing scam in a bid to harvest Microsoft credentials. The invitation is sent via phishing emails with a variety of messages, such as reviewing a meeting invitation, downloading a file attached to access details about a meeting invitation, and downloading a particular attachment to start the meeting in itself. The URLs used in the scam are zoomcommuncations[.]com and zoomvideoconfrence[.]com.

 Tags

amlogic
pulse secure vpns
ubereats
malicious extensions
mediatek
lockbit ransomware

Posted on: August 05, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!