Cyware Daily Threat Intelligence, August 26, 2019

See All
With threat actors constantly looking out for opportunities to exploit vulnerable computers, servers, and other critical systems, organizations should always be on alert to apply the recent security patches. Researchers have lately uncovered that hacker groups are actively scanning the internet for recently released critical arbitrary file read vulnerability and information disclosure vulnerability to target Fortigate and Pulse Secure SSL VPNs.

The past 24 hours also witnessed the emergence of a new malware called Nemty which targets users in Russia, Belarus, Kazakhstan, Tajikistan, and Ukraine. The ransomware’s payment portal is hosted on the Tor network and demands a ransom of 0.09981 Bitcoin (around $1,000) to decrypt the encrypted files.

A new phishing scam that tricks Instagram users into handing over their login credentials has also been discovered in the past 24 hours. The victims are targeted with a phishing email that warns them about an unauthorized login access. They are then asked to verify their accounts on a fake login site using a code that looks similar to a 2FA code.

Top Breaches Reported in the Last 24 Hours

Mastercard data breach
Mastercard has disclosed a data breach that resulted in the compromise of customers’ personal details. The breach was discovered on August 19, 2019, and affects those users who are a part of the Priceless Specials loyalty program. The compromised data includes customers' names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth.

Hostinger resets passwords
Hostinger has urged its customers to reset passwords after it suffered a security breach on August 23, 2019. The incident occurred due to unauthorized third-party access and might have impacted about 14 million customers. The personal details compromised in the breach include usernames, IP addresses, first and last names, phone numbers, emails, and home addresses of customers. 

Lyons Companies suffer a breach
Lyons Companies has reported a security breach that occurred in February and March 2019. The breach came into limelight when Lyons learned of unusual activity in employee email accounts. An investigation found that two Lyons employee email accounts were accessed without authorization. One email account was subject to unauthorized access between February and March 2019, and the second account was accessed for a few hours in March.

Top Malware Reported in the Last 24 Hours

Nemty ransomware
Nemty ransomware is a newly discovered ransomware that spreads via compromised remote desktop connections. The malware, once installed, uses a code to check if the system is located in any of the five countries - Russia, Belarus, Kazakhstan, Tajikistan, and Ukraine. If the detection is successful, it sends system information such as its name, username, operating system, and computer ID to the attackers. Later it encrypts the files and appends them with .nemty extension. The attackers demand a ransom of 0.09981 Bitcoin to decrypt a victim’s encrypted files.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable VPNs targeted
Threat actors have been found scanning the internet to look for Pulse Connect Secure VPN endpoints vulnerable to CVE-2019-11510. The attackers are also attempting to exploit the CVE-2018-13379 flaw on the FortiOS SSL VPN web portal. While CVE-2019-11510 is a critical arbitrary file read vulnerability, CVE-2018-13379 is an information disclosure vulnerability in the Fortigate VPN.

Vulnerable plugins
At least five WordPress plugins have been found to vulnerable to cyberattacks. The flaws in these plugins - Components For WP Bakery Page Builder, Donations, Travel Management, Booking, and Learning Courses - are being abused to conduct website redirection attacks. The attackers behind the campaign are also leveraging flaws in Simple 301 Redirects plugin to conduct the attack.

PoC for iMessage vulnerability
A proof-of-concept for the recent iMessage vulnerability has been released. Tracked as CVE-2019-8646, the vulnerability allows an attacker to remotely read the files from an iPhone with no physical access required. The flaw has been fixed in the latest version (12.4) of iOS.

Top Scams Reported in the Last 24 Hours

Instagram users tricked
A new phishing scam has been found tricking users into handing over their Instagram login credentials. The scammers send phishing emails and alert users about suspicious login attempts. It also includes a link and a code which looks similar to the 2FA code. The scammers have designed the fake Instagram login page using a .cf domain. The interesting aspect of the scam is that the browser marks the URL as safe with a green padlock symbol. This allows the scammers to dupe more users into revealing their credentials.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 27, 2019
Next
Cyware Daily Threat Intelligence, August 23, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.