Cyware Daily Threat Intelligence, August 20, 2019

See All
Business Email Compromise (BEC) attack continues to be a favourite attack vector for cybercriminals. Recently, a scammer has successfully leveraged the technique to trick the City of Saskatoon into wiring around $1.4 million to fraud accounts, mostly located in Canada. The scammer impersonated the Chief Financial Officer of Allan Construction to trick the officials of the city. 

The past 24 hours also saw the discovery of new variants of Bolik banking trojan and MyKings botnet. While the new Bolik variant, dubbed Win32.Bolik.2, is distributed via a fake NordVPN site, the latest version of MyKings botnet leverages a list of vulnerabilities to infect IoT devices. 

Coming to vulnerabilities, a security researcher at Google Project Zero has identified a new security flaw named SockPuppet that affects all iPhones and iPads that have been updated with iOS 12.4 version. The flaw can allow a hacker to take over almost any iPhone or iPad and install ransomware, spyware or any kind of piece of malicious code.

Top Breaches Reported in the Last 24 Hours

Tivoli Gardens website compromised
The website of Tivoli Gardens was compromised, allowing hackers to gain access to Tivoli products and guests’ information. The compromised guest information included names, dates of birth, email addresses, phone numbers, addresses, previous purchases, as well as credit card details. Upon discovery, Tivoli’s IT department took the necessary immediate steps and secured the website.

Macon County website hacked
Macon County in Illinois had its Circuit Clerk official website hacked on August 18, 2019. However, the county’s Information Technology department restored the webpage by 10 am on August 19. Attackers had hacked the website and defaced with a graphic of a person in a Guy Fawkes mask.

Top Malware Reported in the Last 24 Hours

Win32.Bolik.2 trojan
Malicious actors are leveraging a fake NordVPN website to distribute a new variant of Bolik banking trojan dubbed ‘Win32.Bolik.2. The variant is capable of performing web injections, intercepting traffic, and keylogging. The fake website has a valid SSL certificate issued by open certificate authority Let’s Encrypt.

New MyKings botnet variant
Researchers have uncovered a new variant of MyKings botnet that uses WMI for persistence. The variant has already attacked over 50,000 machines and mined an equivalent of US $2.3 million as of early 2018. Over the months that followed, the variant has constantly changed both its targets and its method of infection.

Beapy/PCASTLE malware
Security researchers have detected a new malware dubbed Beapy/PCASTLE which included both worm and cryptominer capabilities. The malware uses a series of exploits to move laterally and compromise victims’ machines. It is delivered via a potentially unwanted application (PUA) application.

Top Vulnerabilities Reported in the Last 24 Hours

SockPuppet flaw
A vulnerability dubbed SockPuppet has been identified in all iPhone and iPads that are updated to iOS 12.4 version. The flaw can allow a hacker to take over almost any iPhone or iPad and install ransomware, spyware or any kind of piece of malicious code.

Vulnerable Webmin
A security flaw in Webmin can allow a remote attacker with root privileges to execute malicious commands on machines. Once these machines are compromised, an attacker could then use it to launch attacks on the systems managed through Webmin. The flaw has received a vulnerability ID of CVE-2019-15107.

VLC Media Player 3.0.8 released   
VideoLan has released VLC Media Player 3.0.8 with fixes for 13 security vulnerabilities. The new version of VLC is available for Windows, Mac, and Linux. A majority of the flaws are buffer overflow vulnerabilities.

Flaws in Nest Cam IQ indoor camera
Eight vulnerabilities that impact Google’s Nest Cam IQ indoor security cameras have been identified by security researchers. The vulnerabilities would allow attackers to sniff out network information and execute code on devices. Three of these vulnerabilities are DoS bugs; two could allow code execution and the other three could be used for information disclosure.

Top Scams Reported in the Last 24 Hours

Sextortion scam
Pilfering money through sextortion scam has become the latest trend for cybercriminals. Here, the scammers send emails to targeted users and blackmail them of releasing their inappropriate videos or images to their contacts. These types of emails end with a demand for payment in the form of Bitcoin. Such scams are carried out via botnets such as Necurs or Cutwail.

City of Saskatoon tricked 
A scammer has tricked the officials of City of Saskatoon in a massive BEC scam. The scam has caused the City to lose a sum little over $1 million. The scammer impersonated the Chief Financial Officer of Allan Construction and sent an email asking to make the payment around August 7 or 8. The city became aware of the scam on August 12 and traced the money to accounts used by the scammer.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 21, 2019
Next
Cyware Daily Threat Intelligence, August 19, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.