Go to listing page

Cyware Daily Threat Intelligence, February 06, 2020

Cyware Daily Threat Intelligence, February 06, 2020

Share Blog Post

In the fast-paced world of cybersecurity, cybercriminals are always on the run, launching massive and sophisticated cyberattacks using new variants of existing malware. The last 24 hours saw threat actors using new variants of Lemon Duck and Metamorfo banking trojan to launch cyberattacks across the globe. While the new version of Lemon Duck targeted devices running Windows 7 operating system, the latest Metamorfo variant was used in a massive cyberespionage campaign targeting users of over 20 online banks.

Talking about security updates, Cisco has issued patches for five vulnerabilities found in the widely-deployed Cisco Discovery Protocol (CDP). The vulnerabilities, collectively called CDPwn, can be used as a way to escalate initial access and take over millions of enterprise devices that use CDP.

Top Breaches Reported in the Last 24 Hours

Leaky S3 bucket
An online ticketing company FutebolCard had exposed 25 GB data belonging to tens of thousands of Brazillian soccer fans. The incident occurred due to a leaky S3 bucket that contained data like names, contact details, dates of birth, marital status, social security numbers, and payment methods of customers.

Health Share’s data breached
Health Share of Oregon has confirmed a data breach that occurred due to a missing laptop. The laptop was stolen from GridWorks IC, Health Share's contracted non-emergent medical transportation vendor and included personal information of Health Share’s members. The incident has affected over 650,000 individuals.

Crew & Concierge data leak
Crew & Concierge left an Amazon Web Services S3 bucket open with data of about 17,000 people. The records contained CVs, passports, and even some drug test results of individuals. The bucket has been left exposed for around 11 months, starting in February 2019.

Top Malware Reported in the Last 24 Hours

Mailto ransomware
Mailto or Netwalker is a new ransomware that compromises enterprise networks and encrypts all Windows devices connected to it. When executed, the ransomware uses an embedded config that includes the ransom note template, ransom note file names, length of id/extension, whitelisted files, folders, and extensions, and various other configuration options.

New Lemon Duck variant
A new cyberespionage campaign that targets devices running Windows 7 has been uncovered by security researchers. The campaign leverages a new variant of Lemon duck malware that includes ‘self-spreading’ capabilities. The purpose of the campaign is to compromise devices for generating Monero coins via the XMRig mining tool.

Metamorfo banking trojan
Metamorfo banking trojan has expanded its campaign to target online banking services. The campaign targets users of over 20 online banks in different countries with a purpose to steal credit card information, finances, and other personal details.

Top Vulnerabilities Reported in the Last 24 Hours

CDPwn vulnerability
A collection of five vulnerabilities, dubbed CDPwn, has been patched by Cisco. The flaws affect the Cisco Discovery Protocol (CDP) and can allow attackers on the local network to take over tens of millions of enterprise devices.

Vulnerable Smart Light bulbs
A new high-severity vulnerability affecting Philips Hue Smart Light Bulbs can be exploited over-the-air to gain entry into a targeted WiFi network. The vulnerability is tracked as CVE-2020-6007 and it originates from the way Philips implements the Zigbee communication protocol in its smart light bulb. This leads to a heap-based buffer overflow issue.

Vulnerable LCD screens
Academics have detailed and demoed a new method for stealing data from air-gapped computers. The method relies on making small modifications to an LCD screen’s brightness settings. The modifications are imperceptible to the human eye but can be detected and extracted from video feeds using algorithm methods.

Top Scams Reported in the Last 24 Hours

Canada Post phishing scam
Scammers are impersonating Canada Post and sending phishing emails with an intention to trick individuals into sharing personal information such as credit card numbers and passwords. In some cases, the recipients are also targeted with text containing a malicious link or file. The firm has recommended its customers to delete any suspicious emails or texts to stay safe from such scams.

FNB scam
FNB is warning its customers about a scam where fraudsters pretend to from FNB phone banking to convince victims into making a transaction. The fraudsters ask victims to reverse a transaction that took place in their accounts and this is when the scam is executed. Hence, customers are advised not to share their login credentials and other personal details with anyone, even if they claim to be from FNB.


crew concierge
metamorfo banking trojan
lemon duck
cdpwn vulnerability

Posted on: February 06, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.