Cyware Daily Threat Intelligence February 21, 2019

Top Breaches Reported in the Last 24 Hours

Memorial Hospital breach
Mississippi's Memorial Hospital is notifying about 30,000 patients about a data breach that occurred in December 2018. The breach was the result of a phishing attack. The information disclosed in the breach includes patients' names, dates of birth, health insurance information and medical services. Some Social Security numbers were also possibly exposed as a result of the attack.

50 Arizona businesses breached
A January data breach has affected around 50 Arizona businesses, according to North County Business Products. It is feared that the incident might have resulted in the compromise of credit card information of shoppers who shopped at the infected shops and restaurants. The shops that are affected by the breach include the names of Dunn Brothers Coffee, Tacos Trompo in Fargo, the West Fargo VFW Post 7546 and Vinyl Taco in Grand Forks. To execute the attack, the hackers had deployed an info-stealing malware at some of the restaurants that are in partnership with North County.

Top Malware Reported in the Last 24 Hours

New Separ variant
A new variant of Separ info-stealer malware has been found targeting hundreds of businesses located mainly in Southeast Asia, the Middle East, and North America. The malware uses the 'Live Off the Land' attack technique to evade detection. It uses a combination of short scripts or batch files and legitimate executables to bypass the security check. 

Monero cryptocurrency-miner
Researchers have discovered a variant of Monero cryptocurrency mining malware that leverages RADMIN and MIMIKATZ tool kits for propagation. The active tool kits scan for vulnerable machines on the open port 445. Systems that are vulnerable to Windows SMB Server vulnerability MS17-010 are searched to perform the infection process. The attack is carried out against companies in China, Taiwan, Italy, and Hong Kong. 

NoRelationship attack
Researchers have discovered a new phishing attack that is able to bypass Microsoft EOP (Exchange Online Protection) URL filters. Dubbed as 'NoRelationship', the attack uses a malicious link that parses weakness in email scanning products. The attack emails include a .docx attachment containing a malicious link that leads to a credential harvesting login page.

Top Vulnerabilities Reported in the Last 24 Hours

Uber fixes a bug
Uber has addressed a bug that was spitting back client secrets and server tokens for app authorized by the Uber account owner. Client secrets and server tokens are considered highly sensitive bits of information for developers. The bug, if exploited, could enable attackers to obtain trip receipts and invoices. 

RCE bug
Security researchers have discovered a critical remote code execution vulnerability that affects all previous versions of WordPress content management software released in the past 6 years. The bug can be exploited using a combination of two separate vulnerabilities - Path Traversal and Local File Inclusion - that reside in the WordPress core. In order to stay safe, the users are urged to update their WordPress to versions 5.0.1 and 4.9.9. 

Password manager vulnerability
Security researchers have discovered a critical flaw in four popular password managers for Windows 10. The flaw can enable attackers to extract the master password even when the password manager is locked and steal users' login credentials. The four password managers in question are 1Password, Dashlane, KeePass and LastPass. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence February 22, 2019
Next
Cyware Daily Threat Intelligence February 20, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.