Cyware Daily Threat Intelligence, December 17, 2019

Share Blog post

With the holiday season ‘ON’ in the U.S., Emotet trojan gangs are heavily leveraging festival-theme phishing emails to trick users. The trojan, which was seen in the recent Halloween-themed lures, is back to entice users with a Christmas invite email. The email goes with subject lines like ‘Christmas Party next week’ or ‘Christmas party’. It includes a malicious Word document which when opened results in the download of the trojan. 

A new botnet, which goes by the name of Momentum, has also been observed in the past 24 hours. The botnet targets devices running the Linux operating system. It is capable of installing a variety of backdoors such as Mirai, Kaiten and Bashlite variants. The botnet can also accept commands to launch a variety of DoS attacks. 

Talking about security updates, the popular wireless presentation system Clickshare has released a firmware update termed 1.9.1 to mitigate a set of vulnerabilities that could allow an attacker to access crucial information during presentations and also steal sensitive information such as passwords.     

Top Breaches Reported in the Last 24 Hours

LightInTheBox exposes data
Chinese e-store LightInTheBox has exposed 1.3TB of web server log entries due to an unsecured Elasticsearch database. The leaked log entries contained activities related to the site dating between August 9 and October 11, 2019. It included visitors’ email addresses, IP addresses, countries of residence and pages visited on the website.

Vimly Benefit Solutions’ phishing attack
Vimly Benefit Solutions is informing some of its customers, including Boise’s police and fire employees, about a phishing attack that may have resulted in the compromise of their personal data. The compromised data includes names, birth dates, addresses, Social Security numbers, and benefits enrollment information of individuals.  

Facebook announces a data breach
Facebook has announced a data breach after a thief stole unencrypted hard drives containing banking data of 29,000 employees. The hard drive was stolen from a car last month and contained information on US workers who were employed by Facebook in 2018. The social media giant is working with police to investigate the matter. 

Top Malware Reported in the Last 24 Hours

Emotet trojan returns
The Emotet trojan gang has started sending Christmas-themed emails with an intent to infect users. The emails impersonate a Christmas party invite and use subjects like ‘Christmas Party next week’ or ‘Christmas party’.  These invites ask the recipients to view an attached malicious Word document with names like ‘Christmas party.doc’ and ‘Party menu.doc’. The document once opened, unleashes the embedded macros that will later install the trojan in Windows.  

Momentum botnet  
A new botnet called Momentum is targeting the Linux platform on various CPU architectures such as ARM, MIPS, Intel, Motorola 68020 and more. The main purpose of the botnet is to open a backdoor and accept commands to conduct various types of DoS attacks against a given target. The backdoor being distributed by the Momentum botnet are Mirai, Kaiten, and Bashlite variants. 

Top Vulnerabilities Reported in the Last 24 Hours

WordPress patches flaws
WordPress has pushed out version 5.3.1 to patch four security issues affecting its previous version 5.3. One of the flaws is related to cross-site scripting (XSS) vulnerability and can allow an unprivileged user to make a post sticky via the REST API. 

ClickShare’s vulnerabilities fixed
The popular Barco’s ClickShare wireless presentation system is riddled with several vulnerabilities. These flaws could allow an attacker to manipulate information during presentations, steal passwords, and other sensitive data. The flaws can also be exploited to install a backdoor and other malware. The highlighted issues have been patched with the release of a new firmware update. 

Flawed KeyWe Smart Lock   
Researchers have uncovered an exploitable design flaw in KeyWe Smart Lock which allows an attacker to easily pick the device by intercepting the secret passphrase sent between the lock and KeyWe’s app. Unfortunately, there is no firmware update for the flaw and owners of the KeyWe Smart lock will either have to replace the lock or live with the risk of an attacker hacking it gain access to their home. 

 Tags

clickshare
lightinthebox
emotet trojan
keywe smart lock
momentum botnet

Posted on: December 17, 2019

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!