Cyware Daily Threat Intelligence, August 12, 2019

See All
Security flaws in software can open a door to cyberattacks if they are not patched on time. Lately, security experts have discovered privilege escalation vulnerabilities in Windows kernel that impact 40 hard drives manufactured by 20 vendors. The impacted vendors are AMD, Intel, NVIDIA, Realtek Semiconductor, and Toshiba among others. The vulnerabilities can allow a hacker to deploy backdoor on systems. 

In other developments, two security issues were uncovered in Apple’s Contacts and FaceID apps at DefCon and Black Hat events respectively. While the Contacts app can be used to run malicious code on the device by exploiting SQLite database format, the bug in FaceID app can enable attackers to bypass biometric authentication of an iPhone in less than 12 seconds.

The past 24 hours also saw the discovery of new Clicker trojan variants which have over 1 billion downloads worldwide. The malware variants are distributed via malicious apps related to dictionaries, online maps, audio players, barcode scanners and other software.

Top Breaches Reported in the Last 24 Hours

FDNY suffers a data breach
The Fire Department of New York has notified 10,253 patients about a data breach that occurred due to the loss of a personal hard drive. The department became aware of the loss on March 4, 2019. The lost hard drive included personal and health information of patients who were treated or transported by FDNY EMS between 2011 and 2018.

Leadership for Educational Equity leaks data
Leadership for Educational Equity has leaked 5.2 million documents belonging to 3.6 million individuals. The exposed information includes names, home addresses, salesforce, ID, gender and ethnicity of customers. The database also included IP addresses ports, pathways, and storage info that cybercriminals can exploit to access deeper into the network.
 
Top Malware Reported in the Last 24 Hours

Clicker trojan variants
Two new variants of Clicker trojan have been observed by researchers. The variants are named as Android.Click.312.origin and Android.Click.313.origin. They are distributed via malicious apps that have over 1 billion downloads worldwide. Android.Click.312.origin trojan, once launched, send device information to the C2 server handled by attackers. 

Decryptor for JSWorm 4.0
Emsisoft has released a new decryptor tool for JSWorm 4.0 ransomware. The malware uses a modified version of the AES-256 algorithm to encrypt files. The malicious code adds the extension .[ID-][].JSWRM to the filenames of encrypted files. After encrypting all of the data, it drops the ransom note “JSWRM-DECRYPT.hta” on victims’ machines.  

New Ursnif variant
A new version of Ursnif trojan has been found using infected Word documents for propagation. The document contains malicious VBA code which in turn downloads the malware. To evade detection, the malware’s command-and-control server contains a reference list of security companies such as Microsoft and Avast. 

Top Vulnerabilities Reported in the Last 24 Hours

40 vulnerable hard drives
A total of 40 hard drives manufactured by 20 different vendors are open to cyberattacks due to several flaws in Windows kernel. The vulnerabilities affect all versions of Microsoft Windows. The flaws can be exploited to deploy backdoor on systems. The impacted vendors are Intel, NVIDIA, Realtek Semiconductor, and Toshiba among others. Some of the vendors have released security updates to fix the issue.  

Vulnerable Canon DSLR camera
Six flaws in the implementation of the Picture Transfer Protocol (PTP) can be exploited to infect Canon EOS 80D DSLR cameras with ransomware. Five vulnerabilities are buffer overflow flaws in SendObjectInfo, NotifyBtStatus, BLERequest, SendHostInfo, and SetAdapterBatteryReport. On the other hand, the sixth vulnerability is related to a silent malicious firmware update. Canon has published an advisory to mitigate the flaws. 

Flaws in iPhone
Two security issues that impact Apple’s Contacts and FaceID apps have been explored by researchers. While the numbers in Contacts app can be manipulated by exploiting SQLite database format, the FaceID user authentication can be bypassed in less than 120 seconds.   

Bugs in ZTE 4G hotspots
A bunch of vulnerabilities affecting ZTE 4G hotspots has been uncovered by security researchers. The bugs can allow a potential hacker to redirect traffic from the hotspot to other malicious websites. To exploit the vulnerabilities, an attacker only needs the victim to visit a malicious website using one of ZTE's hotspots. 

Top Scams Reported in the Last 24 Hours

Email scam
Users are being lured into sharing their Microsoft login credentials in a new phishing campaign. The scammers are pretending to be employees from Microsoft and are sending emails to alert users about unusual activities in their Microsoft accounts. The email includes a link, which if opened, redirects users to a fake Microsoft login page. The emails are sent by a sender ‘‘account-security-noreply@accountprotection[.]microsoft[.]com’ under the subject line of ‘Microsoft account unusual sign-in activity’.    




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 13, 2019
Next
Cyware Daily Threat Intelligence, August 09, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.