Cyware Daily Threat Intelligence February 16, 2018

Jenkins miner
XMRig miner running on various versions of Windows has now targeted Jenkins CI server. Here, hackers send two subsequent requests to the CLI interface to exploit the CVE-2017-1000353 flaw in the Jenkins Java deserialization implementation. This allows any serialized object to be accepted.

SamSam ransomware
A new ransomware campaign, SamSam, has been found infecting transport, hospitals, education facilities and other networks. The ransomware is associated with the GOLD LOWELL threat group and uses scan-and-exploit techniques to gain network access. It's main infiltration method is via Remote Desktop Protocol (RDP) services. Multiple bugs in Isilon OneFS
Dell EMC’s Isilon OneFS, versions ranging from 7.1.1.11 to 8.0.1.2, is found to be afflicted by multiple vulnerabilities. Discovered vulnerabilities include cross-site request forgery (CVE-2018-1213), which allows attackers to create a new user with root privileges; and a privilege escalation via remote support scripts, dubbed CVE-2018-1204.

SAP patches vulnerabilities
SAP released security patches for a total of 11 vulnerabilities in three security updates. Three XSS flaws, two directory traversal issues, two missing authorization checks, two information disclosure bugs, and one unrestricted file upload were among the addressed issues.

Vulnerability in Oracle WebLogic server
Hackers are exploiting a security issue, CVE-2017-10271, in Oracle WebLogic Server to deliver cryptocurrency miners. Organizations across United States, Australia, Hong Kong, United Kingdom, India, Malaysia, and Spain are impacted by this campaign. FedEx data exposed
Sensitive information of thousands of FedEx customers was leaked after an Amazon S3 storage server was left without a password. The server stored more than 119,000 scanned documents from U.S. and international citizens, such as passports, driving licenses, and security identification. Users who availed the services of Bongo International between 2009 and 2012 are at risk of having their documents available online.

US govt database raided
Former chief counsel of the OPLA, Raphael A. Sanchez, was found guilty of wire fraud and aggravated identity theft. Sanchez misused ICE's database and paper immigration A-files to forge identification documents and use them to open credit card accounts and bank accounts in victims' names.