Cyware Daily Threat Intelligence, August 12, 2020

Share Blog post

August 2020 Patch Tuesday is here with fixes for many ‘Critical’ and ‘High’ severity flaws. Microsoft topped the list by releasing patches for around 120 flaws affecting its 13 products, from Edge to Windows and from SQL Server to the .NET Framework. Adobe and Intel, too, mitigated several security flaws in their products by releasing 26 and 20 security updates respectively.

The growing notoriety of financially-motivated threat actors has also come to light in the last 24 hours. It has been found that a group that works with different affiliates such as FXMSP, bcorp33, Drumrlu, and Marlon_Brando has made over $1.5 million by selling unauthorized access to corporate networks.

Top Breaches Reported in the Last 24 Hours

Selling access to networks
A non-hacker gang that collaborates with different hacking groups is estimated to have made over $1.5 million by selling access to corporate networks. Several affiliates such as FXMSP, bcorp33, Drumrlu, and Marlon_Brando are associated with the group. Some of the affected companies include PepsiCo, as well as government organizations in Taiwan and Peru.

SANS Institute affected
The SANS Institute has fallen victim to a phishing attack that compromised nearly 30,000 user records. The incident occurred after 513 of emails from an internal account were inadvertently forwarded to an unknown third party.

Leaky AWS S3 bucket
An unsecured AWS S3 bucket had exposed over 5.5 million files and 343 GB of data belonging to universities, an insurance firm, and public limited firms. The leaky database belonged to the U.S.-based project management company, InMotionNow, and was secured in February 2020.

SPIE group targeted
Nefilim ransomware operators claim to have hacked Europe’s leading multi-technical services provider, the SPIE group. Following the attack, the gang has released the first batch of files (around 11 GB) stolen from the firm and has threatened to leak other documents if the ransom is denied.

Top Malware Reported in the Last 24 Hours

Script-based malware
Researchers have detected sophisticated script-based malware that infect Windows OS users through the Internet Explorer (IE) browser. While the first is a JScript RAT that ensures persistence on the targeted network, the second is an AutoIT downloader that uses network connection and script functions to download and execute malware, such as ransomware and spyware. The script-based malware are propagated by abusing vulnerabilities in IE, one of them being CVE-2019-0752.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 120 bugs
Microsoft has rolled out patches for 120 vulnerabilities across 13 different products, ranging from Edge, Windows, and SQL Server to the .NET Framework. Seventeen of these flaws are classified ‘Critical’. Moreover, there are two zero-day vulnerabilities (CVE-2020-1464 and CVE-2020-1380) that have been exploited by hackers.

SAP releases updates
SAP has released security updates for 15 vulnerabilities as part of the August 2020 Patch Tuesday. The most important of these is a cross-site scripting (XSS) flaw in the Knowledge Management component of NetWeaver. Other high-severity flaws patched include a code injection vulnerability, a missing authentication bug, and an unrestricted file upload flaw in NetWeaver and ABAP platform.

Intel patches flaws
Intel has fixed over 20 flaws affecting its Server Boards, Server Systems, and Computer Modules. Among these, CVE-2020-8708 is the most serious security flaw that is related to a critical improper authentication issue. Ten other flaws that are classified as ‘High’ severity can be exploited for privilege escalation.

Adobe’s patch Tuesday
For the August edition of Patch Tuesday, Adobe has released fixes for 26 vulnerabilities in Acrobat and Reader. Eleven of these flaws are critical, with nine resulting in arbitrary code execution. The remaining two are caused by out-of-bounds write conditions (CVE-2020-9693, CVE-2020-9694).

Vulnerable HDL products
Vulnerabilities in HDL smart automation products can be abused to take over user accounts and remotely control devices, as demonstrated by researchers at DEF CON. In addition to account takeover issues, researchers have also identified SQL injection vulnerabilities in the HDL server, which can be exploited to steal sensitive information from the affected systems.

Citrix flaws
Citrix has issued patches for multiple security flaws affecting its Citrix Endpoint Management (CEM). A total of five vulnerabilities affect on-premise instances of the CEM servers used to manage all apps, devices, or platforms from one central location.

 Tags

spie group
sans institute
bcorp33
fxmsp
net framework
sql server

Posted on: August 12, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!