Cyware Daily Threat Intelligence, February 13, 2020

The perks of Bluetooth technology come with several security risks and one such threat has been identified by a group of three researchers from the Singapore University of Technology and Design. The group has uncovered a dozen flaws, collectively named SweynTooth, in the implementation of the Bluetooth Low Energy (BLE) technology on multiple system-on-a-chip (SoC) circuits. The flaw affects devices running on SoCs from Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics, and Telink Semiconductor.

In addition to a new vulnerability, there has also been a discovery of two new malware in the last 24 hours. One of them is a new variant of Loda RAT that is being used to target countries in South America and Central America as well as the U.S. The main purpose of the RAT is to steal usernames, passwords, and cookies saved within browsers. On the other hand, the newly found Pierogi backdoor is being leveraged in an ongoing cyberespionage campaign targeted against Palestinian individuals and entities in the Middle East.

Top Breaches Reported in the Last 24 Hours

Puerto Rico loses over $2.6 million
Puerto Rico’s government has lost more than $2.6 million after falling victim to an email phishing scam. The incident came to light after the agency sent the money to a fraudulent account on January 17. The phishing email had asked the agency to change the bank account tied to remittance payments. It is unclear whether officials have been able to recover any of the money.

PPOC hit by a cyberattack
The Pediatric Physicians’ Organization at Children’s (PPOC) is recovering from a cyberattack that impacted over 500 primary care doctors, nurse practitioners, and physician assistants across Massachusetts. The security incident was first discovered on February 10. Currently, the impacted systems have been quarantined.

Top Malware Reported in the Last 24 Hours

A new variant of Loda RAT
Cisco Talos researchers have uncovered a new malware campaign that utilizes a new version of Loda RAT trojan. The malware variant is hosted on a website which also includes a multi-stage infection chain process. The campaign appears to target countries in South America and Central America as well as the U.S. The main purpose of the RAT is to steal usernames, passwords, and cookies saved within browsers. It also has keylogging, sound recording, and screenshotting capabilities.

Pierogi backdoor
An ongoing cyberespionage campaign that goes after Palestinian individuals and entities in the Middle East has found using a new backdoor called Pierogi. The campaign, which has been active since December 2019, uses social engineering and decoy documents related to geopolitical affairs to infect victims. The backdoor allows attackers to spy on targeted victims.

Top Vulnerabilities Reported in the Last 24 Hours

SweynTooth vulnerability
Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that are used by at least 480 devices from different vendors. Collectively named SweynTooth, the vulnerabilities can be abused by attackers within Bluetooth range to crash affected devices, force a reboot, or bypass the secure BLE pairing mode.

WebToffee fixes a critical bug
A critical cross-site scripting vulnerability found in the WordPress GDPR Cookie Consent plugin can allow potential attackers to delete and change content and inject malicious JavaScript code due to improper access controls. The flaw affects the versions prior to 1.8.2 of the plugin - that has over 70,000 installs. WebToffee, the maintainer of the plugin, has patched the issue with the release of version 1.8.3.

Disable SMBv1 protocol
Microsoft has urged administrators to disable the SMBv1 network communication protocol to protect their Exchange servers from malware threats such as Trickbot and Emotet. In 2017, the vulnerable SMBv1 was used as a channel to launch WannaCry attacks against several organizations.

IBM issues an advisory
IBM has issued an advisory for a critical vulnerability in its now unsupported ServeRAID Manager product. The flaw tracked as CVE-2011-3556 affects ServeRAID Manager Java version 1.4.2. The problem lies in the fact that ServeRAID Manager runs with system privileges on Microsoft Windows systems. It can lead to arbitrary code execution attacks.

SAP releases security notes
SAP has released three new High priority security notes and 10 Medium priority notes this month. The three High priority flaws are CVE-2020-6186, CVE-2020-6191, and CVE-2020-6192. While the first High priority flaw affects SAP Host Agent, the remaining two are found in the SAP Landscape Manager.

Siemens patches DoS flaws
Siemens’ Patch Tuesday updates for February 2020 have addressed serious denial-of-service (DoS) vulnerabilities discovered in several of the company’s products. The affected products include Siemens’ SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC. Some of these flaws can be exploited by sending specially crafted messages to the targeted system over the network.


 Tags

loda rat
sweyntooth vulnerability
smbv1 protocol
dos flaws
pierogi backdoor

Posted on: February 13, 2020



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.