Go to listing page

Cyware Daily Threat Intelligence, August 23, 2019

Cyware Daily Threat Intelligence, August 23, 2019

Share Blog Post

The operators of Emotet trojan who took a break at the beginning of June, appear to have resumed their malicious activities. This comes to light after security researchers noticed that C2 servers associated with the trojan began delivering responses to POST requests. Most of the IP addresses are from the U.S., Hungary, France, Germany, India, Belgium, Poland, Mexico, Argentina, and Australia. 

The past 24 hours also saw a first-of-its-kind spyware app that came with an in-built cyberespionage tool called AhMyth. The spyware was distributed as Radio Balouch or RB Music app on the Google Play Store before it was removed.

In a major security update, Cisco has fixed 17 critical and high-severity vulnerabilities affecting the Unified Computing System (UCS). The flaws could allow unauthenticated attackers to gain elevated privileges, including administrator permissions, on the targeted system.

Top Breaches Reported in the Last 24 Hours

Hy-Vee customers data on sale
New details reveal that information stolen from the Hy-Vee supermarket chain has been put for sale on the Joker’s Stash dark web forum. Around 5.3 million cardholders’ account details are on sale on the forum. The firm suffered a data breach after malware was inserted at PoS systems used at the fuel pumps, coffee shops, and restaurants including Market Grilles, Market Grille Expresses, and Wahlburgers.

Fanatec data breach
Gaming peripheral manufacturer, Fanatec disclosed that it has suffered a data breach. The  company’s website was compromised by a cyberattack on August 16, 2019, and this caused unauthorized third-parties to gain access to parts of its customer database.

Astro data breach
Astro Malaysia Holdings Bhd has suffered a data breach exposing customers’ MyKad data. The data breach affected less than 0.2% of its customer base. Hackers gained unauthorized access to subscribers' MyKad data such as their names, identity card numbers, date of birth, gender, race, and address.

Top Malware Reported in the Last 24 Hours

Emotet is back
Command and control servers associated with Emotet trojan appears to have resumed their activities. This comes after being inert since the beginning of June. According to the analysis, the servers include IP addresses from the U.S., Hungary, France, Germany, India, Belgium, Poland, Mexico, Argentina, and Australia.

New Asruex backdoor variant
Security researchers have discovered a new variant of Asruex backdoor named Virus.Win32.ASRUEX.A.orig. The malware variant is distributed by exploiting old vulnerabilities in Adobe and Microsoft Office software. It is disguised as PDF files and Word documents to drop and execute its activities. 

Rogue spyware
Security experts had uncovered first-of-its-kind rogue spyware that is built with the open-source espionage tool called AhMyth. The rogue spyware was distributed as Radio Balouch or RB Music app through the Google Play Store. The app attaches itself to other apps and was involved in stealing users’ personal data. The app has been installed by not more than 100 people before being removed from the Google Play Store.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco fixes 17 security issues
Cisco has released security updates to address 17 critical and high-severity vulnerabilities affecting the Unified Computing System (UCS). The critical flaws impacting the UCS are  CVE-2019-1937, CVE-2019-1974, CVE-2019-1935, and CVE-2019-1938. The tech giant has also released security advisories for three vulnerabilities in its Small Business 220 Series Smart Switches.

Unpatched Squid servers
Multiple versions of the Squid web proxy cache server are vulnerable to a series of flaws that can lead to code execution and denial-of-service attacks. The vulnerability affects Squid version 4.0.23 to 4.7. The flaws have been patched in the latest version 4.8 of Squid.

Vulnerable Aspose APIs
Several vulnerabilities have been discovered in various Aspose APIs. The flaws are tracked as CVE-2019-5032, CVE-2019-5033, and CVE-2019-5041. They can allow a remote attacker to execute code on affected machines.

Flaw in BitDefender antivirus
BitDefender has patched a vulnerability in its Free antivirus for 2020. The flaw could allow an attacker to load and execute malicious payloads using an unsigned code. The root causes behind the vulnerability are the lack of safe DLL loading. 

Vulnerable Fortinet products
Several vulnerabilities in products from Fortinet and Pulse Secure have been exploited in the wild. The security holes are CVE-2018-13379 and CVE-2019-11510. Both vulnerabilities allow remote, unauthenticated attackers to access arbitrary files on the targeted systems. 

Top Scams Reported in the Last 24 Hours

80 people indicted in the global scam
The U.S. Department of Justice recently indicted 80 people for their alleged involvement in different email scams. The cybercriminals defrauded victims out of at least $6 million and attempted to steal another $40 million. They were engaged in various online fraud schemes such as BEC frauds and romance scams.

Bitcoin sextortion schemes
Security researchers have discovered several Bitcoin sextortion schemes being implemented in the wild. There are many variations of the email spam content, but they all follow a similar template wherein the hackers blackmail the recipients. The scammers use different Bitcoin addresses for multiple transactions.


cisco small business switches
asruex backdoor
bitcoin sextortion

Posted on: August 23, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.