Cybercriminals are continuously refining evasion techniques to go undetected in their attacks. A similar situation has been observed with credit card skimmers. Attackers have been found using steganography and WebSocket to make away with web scanners while infecting e-commerce sites and stealing payment card details from customers. The malicious card skimmers are sent hidden in image files over WebSocket protocol to provide a more covert way to exchange data.
New details regarding the recently discovered DeathRansom ransomware has also been uncovered in the past 24 hours. Security researchers have found that the ransomware is controlled by attackers that are associated with the spread of other malware families such as Vidar Stealer, AzoRult, Eviral, 1ms0rry, and Supreme miner. It is found that these attackers use Russian email service and Russian domain zone “.ru”.
Taking about security updates, D-Link has released a firmware update to address a remote command execution flaw and an information disclosure vulnerability found in its multiple products. In order to exploit the vulnerabilities, threat actors would have to get access to the LAN-side or in-home access to the device.
Top Breaches Reported in the Last 24 Hours
Roosevelt General Hospital attacked
The healthcare data of 500 patients of Roosevelt General Hospital was exposed due to a malware infection. The potentially compromised data included the patient’s name, contact information, Social Security number, date of birth, driver’s license, medical data, gender, and health insurance detail. Upon discovery, the officials had removed the malware and rebuilt the server, while recovering all impacted patient data.
London-based currency exchange Travelex has been forced to go offline and suspend some services following a malware attack launched on New Year’s eve. It is not known what form of malware has impacted the firm. The incident has also affected some of its clients like Tesco Bank.
Top Malware Reported in the Last 24 Hours
Fake online streaming sites used to spread malware
Crooks are exploiting the popularity of the Star War saga to lure users into downloading malware. In order to make this happen, cybercriminals have flooded social networks and the internet with rogue websites and files offering previews of the ‘The Rise of Skywalker’ movie and free steams. Kaspersky experts have discovered over 30 fake and infected streaming sites advertised on social networking pages.
Extensive research has revealed that DeathRansom ransomware is controlled by attackers that are associated with the spread of other malware families such as Vidar Stealer, AzoRult, Eviral, 1ms0rry, and Supreme miner. It is found that these attackers use Russian email service and Russian domain zone “.ru”. The ransomware scans and encrypts files on local and network drives.
New evasion technique
Top Vulnerabilities Reported in the Last 24 Hours
Cisco addresses multiple flaws
Cisco has released software updates to address several critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) products. Around 12 vulnerabilities were identified in the product, with three being rated as ‘Critical’ and seven as ‘High’ severity. Some of these critical flaws could be exploited by attackers to bypass authentication and execute arbitrary actions with admin privileges on vulnerable devices.
Vulnerable D-Link routers
Experts have disclosed exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. The RCE flaw is tracked as CVE-2019-17621 and resides in the code used to manage UPnP requests. The vulnerability could be exploited by an unauthenticated attacker to take control of vulnerable devices. D-Link has issued firmware updates to address the vulnerabilities.
Vulnerable OpenCV patched
Two buffer overflow vulnerabilities have been discovered in the OpenCV libraries. An attacker could potentially exploit these bugs to cause heap corruptions and potentially code execution. A patch to address these issues has been released by the OpenCV.