Cyware Daily Threat Intelligence, December 23, 2019

Share Blog post

With threat actors constantly looking out for opportunities to exploit vulnerable computers, servers, and other critical systems, organizations should always be on the alert to apply the security patches. Lately, Cisco has disclosed that an old denial of service vulnerability in Cisco's Appliances Adaptive Security (ASA) and Firepower is being exploited in the wild by threat actors. The vulnerability which was discovered in 2018 can allow cybercriminals to view sensitive system information without authentication. Thus, customers are urged to upgrade to a fixed Cisco ASA release to remediate the vulnerability.

In other security updates, Twitter has patched a serious vulnerability in its app for Android that could be exploited by hackers to obtain sensitive information or take control of accounts. The vulnerability does not affect the iOS version of the app. A micropatch has also been issued to fix a zero-day vulnerability in Dropbox for Windows. The flaw can allow attackers to gain permission reserved to SYSTEM, the most privileged account on the operating system.

Top Breaches Reported in the Last 24 Hours

Lyfebin data breach
Healthcare startup Lyfebin has exposed more than 93,000 medical imaging files which were stored in an unprotected Amazon Web Services storage bucket. The files were dated between September 2018 and October 2019 and were stored in the DICOM format. The exposed files were X-rays, MRI, and ultrasound scans.

Restaurant chain affected
Champagne Bakery Cafe and Burger chain Islands restaurants have fallen victim to payment card breaches. In both cases, attackers used PoS malware to capture card data such as cardholder name, card number, expiration date, and internal verification code. The malware was active between February 18, 2019, and September 27, 2019.

MinDef and SAF personnel’s data affected
The Ministry of Defence (Mindef) and Singapore Armed Forces (SAF) have experienced data breaches due to malware attacks on two of its vendors, HMI Institute of Health Sciences and ST Logistics. The incident has affected the full names and NRIC numbers, contact numbers, emails and residential addresses of about 2,400 Mindef and SAF personnel.

Top Malware Reported in the Last 24 Hours

PayPal users targeted
An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins. The phishers are attempting to trick users into handing over their access credentials to the payment services. The phishers scare the potential victims that their accounts are limited and they need to secure it by confirming their identity. After the target lands on the PayPal phishing site, the phishers remind them that they need to prevent unauthorized access to secure their accounts by entering a CAPTCHA code displayed on the page.

Royal Bank of Canada targeted
A new phishing campaign impersonating the Royal Bank of Canada (RBC) has been noticed by security researchers. The attack starts by sending legitimate-looking emails containing a PDF attachment to multiple organizations and individuals in Canada. The purpose of the campaign is to harvest victims’ credentials.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerability in the Twitter app
A vulnerability discovered in the Twitter application for Android could have been exploited by hackers to obtain sensitive information or take control of accounts. The information can include messages, protected tweets and location data of users. Twitter has patched the security flaw and at the same time announced that it does not affect the iOS version of the app.

Cisco’s DoS bug exploited in the wild
A critical vulnerability in Cisco’s Appliance Adaptive Security (ASA) and Firepower is being widely exploited by attackers. The vulnerability is tracked as CVE-2018-0296 and can be exploited to view sensitive system information without authentication.

A zero-day vulnerability in Dropbox
A zero-day vulnerability exists in Dropbox for Windows that allows attackers to gain permission reserved to SYSTEM, the most privileged account on the operating system. The flaw affects the standard Dropbox installations. Dropbox is yet to release a new version but a temporary solution is freely available in the form of a micro patch.

 Tags

royal bank of canada
dropbox
zero day vulnerability
lyfebin

Posted on: December 23, 2019

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!