Cyware Daily Threat Intelligence, February 19, 2020

Share Blog post

Cybercrooks are devising new ways to conceal stolen credit card details so that they can be used for fraudulent purchases. One such recent trick has been detailed by the U.S. Secret Service wherein scammers are using counterfeit club membership cards containing barcode to hide stolen card information. The payment instructions included in these fake membership cards are designed to trick cashiers into believing that these cards are payment alternatives designed for use at specific stores.

Talking about flaws, researchers have uncovered unsigned firmware in several computer peripherals that could be abused by attackers to compromise laptops and servers. The affected peripherals include wifi adapters, USB hubs, trackpads, laptop cameras, and network interface cards that are widely used in computers from Dell, HP, and Lenovo.

The past 24 hours also saw the comeback of Dharma ransomware in a spam campaign targeting Windows users in Italy. The campaign is spread through phishing emails that pretend to be an invoice.

Top Breaches Reported in the Last 24 Hours

Email misdirection error
Personal data of more than 69,000 public servants was compromised after their information was accidentally emailed to the wrong person by Public Services and Procurement Canada. The data included the employees' full names, their personal record identifier numbers, home addresses, and overpayment amounts.

Ransomware attack
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a recent ransomware attack at a natural gas compression facility. According to the alert, after infiltrating the network, the attackers had deployed a ransomware payload to encrypt the facility’s IT and OT networks. CISA has provided operational mitigation measures to minimize the risk of such attacks on the critical infrastructure sector.

DRopBoxControl
A group of Chinese hackers called DRopBoxControl (DRBControl) has been found targeting online websites of gambling companies - located in Southeast Asia - since 2019. The purpose of the hacker group is to steal the target company’s databases and source code. The attack starts with a spear-phishing link sent to targets.

Top Malware Reported in the Last 24 Hours

Dharma ransomware
Threat actors are distributing the Dharma ransomware in a new spam campaign targeting Windows users in Italy. The spam emails are sent with subject lines like ‘Fattura n. 637 del 14.01.20’ and pretend to be an invoice. The email includes a link that redirects the victim to OneDrive page hosting a file called ‘New document 2.zip’.

Abusing unsigned peripheral firmware
Multiple instances of unsigned firmware in computer peripherals that can be abused to attack laptops and servers running Windows and Linux have been uncovered by security researchers. The unsigned firmware are available in peripherals like WiFi adapters, USB hubs, trackpads, and cameras. These components are actively used in computers from Dell, HP, Lenovo, and other major manufacturers.

Top Vulnerabilities Reported in the Last 24 Hours

F-Secure patches old AV bypass flaw
F-Secure has addressed a decade-old vulnerability that could be exploited to bypass their scanning engine using malformed archives. The vulnerability was initially detailed in 2009 and arises out of an anti-virus application’s inability to scan a compressed archive. An attacker can use multiple archive formats such as ISO, ZIP, Bz2, RAR, and GZIP to evade detection by security solutions. Affected F-Secure products include Email and Server Security, Internet Gatekeeper, and Cloud Protection for Salesforce.

4G/LTE vulnerability
German researchers have uncovered a vulnerability on 4G/LTE mobile devices that could permit hackers to impersonate the phone’s owner. The flaw can allow hackers to run up customers’ identities, upload illegal files under customers’ identities, and even intercept unencrypted internet.

Top Scams Reported in the Last 24 Hours

Phony rewards cards
According to the U.S. Secret Service, crooks are concealing stolen credit card information in barcodes affixed to phony money network reward cards. The scammers then use these cards to pay for merchandise by instructing a cashier to scan the barcode first and then enter the expiration date & card security code. The instructions on the phony rewards card are designed to make the cashier believe that the card is an alternate method designed for use at specific stores such as Sam’s Club and Walmart stores.

 Tags

4glte vulnerability
dropboxcontrol drbcontrol
av bypass flaw
dharma ransomware

Posted on: February 19, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!