Go to listing page

Cyware Daily Threat Intelligence, December 09, 2019

Cyware Daily Threat Intelligence, December 09, 2019

Share Blog Post

A flaw, especially a critical one, in Android devices can impact a massive number of people across the world. Google has released an update for a critical Android flaw that can allow attackers to trigger the state of permanent denial of service. This fix is a part of its December 2019 security release that also addresses several other vulnerabilities.

Over the weekend, it was reported that a ransomware infection on the Complete Technology Solutions (CTS), an IT provider, hit the operations of over 100 dental practices. This attack is said to have been performed by compromising a remote administration tool used by the firm.

Meanwhile, Ukranian officials are being targeted by the Gamaredon hacking group, which is also known as Primitive Bear. This campaign is currently ongoing and has been reportedly active since mid-October this year.

Top Breaches Reported in the Last 24 Hours

Ransomware attack on IT provider impacts several dental practices
Colorado-based IT provider Complete Technology Solutions fell victim to a ransomware attack that impacted the operations of more than 100 dental practices. It has been reported that the attack began on November 25, 2019, and many dental offices are still turning away patients as a consequence of the outages.

Report claims that BMW and Hyundai network were hacked
According to a report, the networks of BMW and Hyundai car manufacturers have been breached by the Ocean Lotus or APT32 hacker group. The attackers are said to have used a penetration testing toolkit called Cobalt Strike as a backdoor to the compromised networks. Neither BMW nor Hyundai have commented on this report.

Data belonging to 300 million users exposed
The data belonging to 300 million customers is said to have been exposed because of a security vulnerability in an app by Airtel, a popular telecom network in South Asia. Potentially exposed information includes name, address, email, date of birth, and network information among others. The company says that the flaw has been fixed now.

Top Malware Reported in the Last 24 Hours

Hacking group goes after Ukranian officials with a new campaign
The Gamaredon hacking group is said to be targeting Ukranian officials since October 2019. The group, that has a history of targeting individuals associated with the Ukranian government, used weaponized documents with malicious code as the initial infection vector in this campaign. According to security researchers, this campaign is still ongoing.

Top Vulnerabilities Reported in the Last 24 Hours

Google’s December 2019 security update addresses critical DoS flaw
Google fixed a security flaw that could potentially be exploited to result in permanent denial of service (DoS) in Android. This flaw is tracked as CVE-2019-2232. Apart from this, more than 40 vulnerabilities have been patched in this security update.

Vulnerabilities in Weidmuller industrial switches patched
The Germany-based Weidmueller has patched critical vulnerabilities in its industrial Ethernet switches. The most serious flaws have a CVSS score of 9.8 and are said to be because of the use of predictable authentication information in a cookie, absence of brute-force protection for the authentication mechanism, and transmission of credentials in cleartext.

NVIDIA fixes high severity vulnerabilities
NVIDIA has released security updates for six high severity vulnerabilities impacting chips used in various devices such as Mercedes infotainment system, Mercedes Infotainment System, and Android tablets. The flaws are said to potentially provide attackers with a number of privileges to trigger denial-of-service (DoS) states, execute arbitrary code, escalate privileges, and launch information disclosure attacks.

Top Scams Reported in the Last 24 Hours

Phishing scam threatens gamers with immediate account ban
A phishing scam targeting players of Elder Scrolls Online game has been reported. The scam involves sending a message via Playstation messaging, asking the targeted users for login details to verify the authenticity of ownership. The phishing message asks for these details to be sent in 15 minutes to avoid an immediate account ban.

Another phishing scam, but with a local login form
Security experts have spotted a new phishing scam that uses a self-contained webpage to steal credentials. This reduces the chances of targets figuring out that it is a phishing campaign as well as the chances of the landing page being detected and removed.


primitive bear

Posted on: December 09, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.