Cyware Daily Threat Intelligence, August 19, 2019

See All
Several new security incidents, malware strains, and vulnerabilities were reported in the last 24 hours. Researchers have detected new Android adware dubbed  AndroidOS_Hidenad.HRXH that disguises as photography and gaming apps. Over 85 such malicious apps were detected by the researchers that were available for download on Google Play Store and have been installed over 8 million times. Meanwhile, researchers have uncovered that router network isolation can be broken by direct or timing-based covert channels. 

Scammers are hacking Steam accounts via game giveaway site that claims to offer free Steam game by entering a promo code on the site. Once users enter promo codes into the fake game giveaway site, scammers hack their Steam accounts, take control over the accounts, and then target other players.

Apart from these, several security incidents were also reported. A coordinated ransomware attack infected nearly 23 local government entities in Texas. Evidence collected by the officials suggests that these attacks were conducted by a single threat actor.

Top Breaches Reported in the Last 24 Hours

Coordinated ransomware attack
Twenty-three local Texas government entities have been targeted with a coordinated ransomware attack. Upon learning the incident, the Department of Information Resources (DIR) launched an investigation into the attacks. The impacted organizations are not revealed because of security concerns. However, a majority of the impacted entities are smaller entities. Based on the collected evidence, officials suspect the attacks to be conducted by a single threat actor.

Payment card data breach
The supermarket chain Hy-Vee detected unauthorized activity on some of its PoS systems. Following this, the company hired leading cybersecurity firms and immediately launched an investigation on the incident. The incident has impacted some of its payment processing systems operating at some Hy-Vee fuel pumps and drive-thru coffee shops. Several locations of the restaurants including Market Grilles, Market Grille Expresses and the Wahlburgers, which are operated by Hy-Vee, were also impacted.

Top Malware Reported in the Last 24 Hours

Android Adware
Researchers have detected a new Android adware that disguises as photography and gaming apps. Over 85 such malicious apps were detected by the researchers that were available for download on Google Play Store and have been installed over 8 million times. Tracked as AndroidOS_Hidenad.HRXH, this adware leverages unique techniques to evade detection through user behavior and time-based triggers. Researchers shared their findings with Google following which, the adware apps were removed from Google Play.

Router network isolation broken by covert channels 
Researchers at the Ben-Gurion University of the Negev have uncovered that network isolation provided by routers can be broken by direct or timing-based covert channels. These two covert channel methods do not allow exfiltration of large amounts of data. However, it can allow attackers to break a logical network that uses the same router hardware across two segregated software networks.

Top Vulnerabilities Reported in the Last 24 Hours

Linux Kernel vulnerability
A remote code execution vulnerability has been detected in the Linux Kernel that could allow an attacker to execute arbitrary code on the targeted system by using a specially-crafted floppy disk. The vulnerability tracked as CVE-2019-14283, exists in the Linux Kernel due to an integer overflow condition & out-of-bounds read condition in a driver. The vulnerability can be exploited by an attacker by sending a request that submits malicious input to the targeted system.

Adobe patches security vulnerabilities
Adobe has released patches for security vulnerabilities in Adobe Acrobat and Reader for Windows and?macOS. The impacted products include Acrobat DC and Acrobat Reader DC Continuous, Classic 2015, and Classic 2017. The vulnerabilities could allow an attacker to perform arbitrary code execution. Therefore, Adobe recommends users to update their software to the latest versions.

Top Scams Reported in the Last 24 Hours

Free game giveaway scam
Scammers are hacking Steam accounts via fake game giveaway site that claims to offer free Steam game by entering a promo code on the site. Once users enter promo codes into the fake game giveaway site, scammers hack their Steam accounts, take control over the accounts, and then target victims’ friends by sending the URL of the scam site via messages. This leads to a repeated cycle of promotion for the scam site through compromised accounts.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 20, 2019
Next
Cyware Daily Threat Intelligence, August 16, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.