Cyware Daily Threat Intelligence, February 12, 2020

Share Blog post

February 2020 Patch Tuesday is here and with it comes fixes for no fewer than 100 vulnerabilities from leading software providers. Microsoft has issued the highest number of security patches, addressing 99 security flaws found in its Windows, Edge, IE, SQL Server, Exchange Server, and Office products. On the other hand, Adobe has fixed a total of 42 vulnerabilities affecting its Framemaker, Acrobat & Reader, Flash Player, Digital Editions and Experience Manager products.

Meanwhile, Intel has released security advisories for six flaws, with one of them being rated as ‘High’ severity on the CVSS scale. The flaw affects Intel’s Converged Security and Management Engine (CSME) and can lead to privilege escalation attacks, and denial of service & information disclosure conditions.

In other developments, a security breach incident at Estée Lauder had resulted in the leak of over 400 million records. The breach had occurred due to a non-password protected database that was later taken offline by the cosmetic giant.

Top Breaches Reported in the Last 24 Hours

Estée Lauder’s data breached
Cosmetic giant Estée Lauder had leaked over 440 million records due to an unprotected database. The records contained plaintext email addresses and some middleware data - which could later be used as a secondary path for the distribution of malware. However, there was no payment data or sensitive employee information included in the records.

Generate KiwiSaver customers hit
Malicious actors have stolen photographic identification, tax department numbers, and personal data of some 26,000 Generate KiwiSaver customers. The hack had occurred between December 29, 2019, and January 27, 2020, after threat actors exploited a weakness in the online application process for becoming a member.

Japanese defense ministry attacked
The Japan Ministry of Defense has announced that its defense-related sensitive data may have been breached after the cyberattack on Mitsubishi Electric Corp. The leaked data may include information related to bidding for contracts on defense equipment research. The Ministry is still investigating the matter to find out the extent of the breach.

Altice USA Inc. affected
A data breach at Altice USA Inc. has affected the Social Security numbers, birth dates, and other personal information of all 12,000 current, and former employees. The breach had occurred in November when an unauthorized user used a phishing email to gain access to the email account credentials of employees. The firm has reported the breach to federal law enforcement agencies.  

Top Malware Reported in the Last 24 Hours

KBOT virus
KBOT is the first ‘living’ virus in spotted in the wild. The malware penetrates into a user’s computer via the web, the local network, or an infected piece of external media. Once launched, the malware gains a foothold on the system by writing itself to Startup and the Task Scheduler. The virus then performs a web injection attack to steal a user’s personal and banking data. It also makes an attempt to load additional stealer modules designed to steal a user’s logins, cryptocurrency wallet data, and other information.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 99 flaws
Microsoft has fixed 99 vulnerabilities as part of February 2020 Patch Tuesday. The flaws affect a number of products: Windows, Edge, IE, SQL Server, Exchange Server, Office and more. Five of the vulnerabilities fixed in this batch are publicly known and one (CVE-2020-0674) is under active attack.

Adobe addresses 42 flaws
Adobe’s February 2020 Patch Tuesday update has fixed a total of 42 vulnerabilities found in the company’s Framemaker, Acrobat & Reader, Flash Player, Digital Editions and Experience Manager products. The highest number of flaws, 21, has been fixed in the Windows version of the Framemaker document processor.
 
Mozilla released Firefox 73
Mozilla has released a stable version of Firefox 73 for Windows, macOS, and Linux with a fix for multiple vulnerabilities. Three out of six bugs fixed are rated ‘High’ on the CVSS scale and are tracked as memory corruption flaws and memory safety bugs.

SoundCloud patches flaws
Social audio platform SoundCloud has issued security patches for multiple vulnerabilities affecting its application programming interface (API). The vulnerabilities could allow potential attackers to take over accounts, launch denial of service attacks, and exploit the service.

Intel addresses bugs
Intel has published security advisories for six flaws, including a high-severity flaw in its Converged Security and Management Engine (CSME). The high-severity flaw tracked as CVE-2019-14598 can lead to a privilege escalation attack, denial of service, and information disclosure conditions.

Vulnerable Jenkins servers
A vulnerability discovered in over 12,000 internet-facing Jenkins servers could be abused to mount and launch reflective DDoS attacks. The vulnerability tracked as CVE-2020-2100 is caused by a network discovery service (UDP multicast/broadcast) that is enabled by default and exposed in publicly facing servers. The flaw has been fixed in Jenkins 2.219 and LTS 2.204.2.

Flawed ImageGear library fixed
Seven critical vulnerabilities affecting version 19.5.0 of the Accusoft ImageGear library have been fixed by the vendor. All the vulnerabilities are identified as out-of-bounds write flaws and exist in the igcore19d.dll library. These vulnerabilities have a CVSS score of 9.8 and can be exploited by tricking the targeted user into opening a malicious file with an affected version of the software.

Top Scams Reported in the Last 24 Hours

Amex phishing scam
A clever phishing scam is underway that targets American Express and Chase customers. The scam begins with recipients receiving emails that appear to be from American Express and Chase. The email asks users to click on the ‘Verification’ button to confirm the latest transactions made from Best Buy, TOP UP B.V., and SQC*CASH APP. Once an unsuspecting user clicks on the button, they are redirected to a phishing page that asks them to enter their personal details along with login credentials. When the victim submits the information on the page, it will be transmitted to the scammers’ server where they can collect it later and use it for identity theft, sell it on the dark web, or use it for other malicious activity.

Coronavirus threat scams
The Federal Trade Commission (FTC) has released a notice about ongoing scam campaigns that make use of the current Coronoavirus threat. The crisis is used as potential bait to lure target users in the United States. The scammers are using phishing emails, text messages, and social media to launch the scams.

 Tags

kbot virus
generate kiwisaver
altice usa inc
jenkins servers
microsoft

Posted on: February 12, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!