Cyware Daily Threat Intelligence, February 05, 2020

See All
With numerous tricks and hacking techniques in their kit, cybercriminals are always on their toes to target vulnerable online platforms. A sophisticated ongoing campaign that makes use of Bitbucket accounts to host commodity malware has been uncovered by security researchers. For this campaign, the attackers have designed cracked versions of commercial software to trick unsuspecting users. More than 500,000 business computers have been reportedly infected in the campaign, so far, that delivers malware like AZORult trojan, XMRig miner, STOP ransomware, Amadey bot, and more.

Besides a destructive attack campaign, the past 24 hours also saw major security updates from Google. The search engine giant has issued security patches for 25 vulnerabilities affecting its Android operating system. On the other hand, a stable version of Chrome 80 has been released with security fixes for 56 vulnerabilities. Ten of these flaws are rated as ‘High’ severity.

Top Breaches Reported in the Last 24 Hours

Fondren Orthopedic group affected
A malware incident at Texas-based Fondren Orthopedic Group may have affected the data of around 30,000 patients. The incident had occurred in November 2019. The damaged records include patients’ names, contact details, diagnoses, treatment information, and health insurance data. Fondren is currently reviewing data security policies and procedures to bolster its security protocols.

FBI warns about a DDoS attack
The US Federal Bureau of Investigation (FBI) has warned of a potential Distributed Denial of Service (DDoS) attack that targeted state-level voter registration and information website. However, the good news is that the website was not affected by the DDoS siege due to properly set up rate-limiting on the target’s DNS servers.

Top Malware Reported in the Last 24 Hours

‘Sleeper’ for gaining physical access
Organized crime groups are planting ‘sleepers’ in cleaning, decorating, renovating, and painting companies so that they can physically access IT infrastructure. Planting a sleeper is difficult but in order to do so, the criminals are using the good old malware-laced USB stick trick. This involves infecting a pen drive with malware and sticking an alluring note on it like ‘classified’ or ‘boss payment’.

Bitbucket accounts abused
Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats. The ongoing campaign has already claimed over 500,000 business computers across the world. The malware used in the campaign includes AZORult trojan, Predator The Thief information-stealer, XMRig miner, Amadey bot, and STOP ransomware.

Emotet returns
The operators of Emotet trojan are sending the malware in a new spam campaign that pretends to be a W-9 tax form. The subject line of the email reads, ‘Please see attached’ and it includes a fake W-9.doc attachment.

Top Vulnerabilities Reported in the Last 24 Hours

A bug in WhatsApp fixed
Facebook has fixed a bug in the desktop version of WhatsApp that could allow attackers to read files from the target computers. The flaw affected the users who used either WhatsApp’s Mac or Windows app paired with an iPhone.

Vulnerable HiSilicon chips
Technical details for four older security bugs affecting HiSilcon chips have been published. While the firm is unable to provide adequate security fixes for the flaws, researchers claim that these can be exploited by sending a series of commands over TCP port 9530 to devices that use HiSilicon chips. These commands will enable Telnet service on a vulnerable device.

Google fixes 25 flaws
This week Google released security updates for 25 vulnerabilities as part of its February bug fixes for the Android operating system. Two of these flaws have been rated as ‘Critical’ severity bugs and are patched on all devices running the 2020-02-01 security patch level. While one of them is a remote code execution vulnerability, the other is an information disclosure flaw.

Realtek fixes a severe issue
A security vulnerability affecting the Realtek HD Audio Driver package has been fixed by the firm. The DLL hijacking flaw tracked as CVE-2019-19705 could allow attackers to load and execute malicious payloads within the context of a Realtek-Semiconductor signed process on machines running an unpatched version of the HD Audio driver.

Chrome 80 released
Google Chrome 80 has been released with 56 security fixes. The new version has been released for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms. 10 out of the 56 addressed flaws scored a ‘High’ severity rating on the CVSS scale.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, February 06, 2020
Next
Cyware Daily Threat Intelligence, February 04, 2020
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.