Cyware Daily Threat Intelligence, August 14, 2019

See All
Security patches are crucial as they tend to make vulnerable devices and software more secure and resilient against cyber attacks. In the latest release of Patch Tuesday update, Microsoft and Adobe have rolled out a series of security updates to fix over 200 vulnerabilities. The security updates include fixes for 119 & 93 flaws in different products from Adobe and Microsoft respectively.

Talking about malware, new variants of Neko, Mirai and Bashlite botnets were also observed in the past 24 hours. The variants of Neko botnet are Backdoor.Linux.NEKO.AB and Backdoor.Linux.NEKO.AC. On the other hand, the new variants of Mirai and Bashlite are Asher and Ayedz respectively. All these botnet variants include multiple exploits to infect various router models and are capable of launching DDoS attacks.

Security researchers have also discovered a new phishing campaign that was used to deliver Ursnif trojan. The attackers behind the campaign had used a malicious Excel spreadsheet - designed to appear like a DHL invoice - to trick users and deliver the malware into their systems. 

Top Breaches Reported in the Last 24 Hours

Choice Hotels’ records stolen
Choice Hotels has suffered a data breach due to an unprotected MongoDB database. Cybercriminals have reportedly stolen 700,000 guest records from the leaky database and left behind a ransom note, demanding a ransom of 0.4 Bitcoin. The compromised data includes names, physical addresses, email addresses, phone numbers, consent status of customers. 

Over 1 million people affected
A publicly accessible database belonging to Suprema’s Biostar 2 security platform has leaked biometric data of over 1 million people. The exposed data includes fingerprints, facial recognition information, and unencrypted usernames and passwords. Apart from these, the database also included information regarding admin panels, logs of facility access and personal details of staff.   

Vulnerable BA system
A security bug discovered in British Airways’ e-ticketing system can expose passenger’s data, including their flight booking details. This can allow attackers to gain access to passengers’ booking reference numbers, phone numbers, email addresses and more. It is estimated nearly 2.5 million connections were made to the system over the past six months.  

Top Malware Reported in the Last 24 Hours

New variant of botnets
Security researchers have uncovered new variants of Neko, Mirai, and Bashlite botnets. These new variants are Backdoor.Linux.NEKO.AB, Backdoor.Linux.NEKO.AC, Asher and Ayedz. They include multiple exploits to infect different router models and are capable of launching DDoS attacks.
 
Ursnif trojan returns
A phishing campaign that leveraged fake DHL invoices as an infection vector was used to deliver the infamous Ursnif trojan. The targets were sent an Excel Spreadsheet, designed to look like a DHL invoice, through emails. Once this Spreadsheet was opened, it enabled the VBA macro which resulted in the download of the malware. 

PsiXBot evolves
A new version of PsiXBot has been observed in the wild. It is being distributed via malicious spam campaigns or as a payload for the Spelevo & RIG exploit kits. The malware variant comes with several new capabilities such as stealing cookies from browsers, harvesting passwords, recording keystrokes, executing malicious commands, and mining cryptocurrencies. 

Top Vulnerabilities Reported in the Last 24 Hours

Intel releases a firmware update
Intel has released a firmware update for multiple NUC Kit models to patch a high-severity issue. Tracked as CVE-2019-11140, the flaw could be exploited to achieve privilege escalation, cause a denial-of-service condition or information disclosure. 

Microsoft patches 93 flaws
Microsoft has issued security patches to fix a total of 93 security flaws found across its products. The patches include fixes for 21 zero-day and four remote code execution (RCE) vulnerabilities. Out of the four RCE flaws, two falls under the ‘wormable’ category and are tracked as CVE-2019-1181 and CVE-2019-1182. 

Adobe patches 119 flaws
Adobe’s Patch Tuesday for August 2019 has addressed 119 flaws in its several products. The affected products are After Effects, Character Animator, Premiere Pro, Prelude, Creative Cloud, Acrobat and Reader, Experience Manager, and Photoshop. Most of the vulnerabilities affect Acrobat and Reader for Windows and macOS systems. 

KNOB flaw
A new Bluetooth vulnerability called ‘KNOB’ has been disclosed by security researchers, The flaw, assigned with CVE-2019-9506, can allow attackers to easily brute force the encryption key used during pairing of two devices. Once the key is extracted by attackers, they can monitor and manipulate the data being sent between the devices. 

Vulnerable HTTP/2 protocol 
A set of eight vulnerabilities have been disclosed in HTTP/2 network protocol. The flaws can allow attackers to launch DoS attacks on unpatched servers. The flaws affect the most popular web server software including Apache, Microsoft’s IIS and NGINX.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 16, 2019
Next
Cyware Daily Threat Intelligence, August 13, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.