Cyware Daily Threat Intelligence, January 03, 2020

Share Blog post

Cybercriminals are continuously refining evasion techniques to go undetected in their attacks. A similar situation has been observed with credit card skimmers. Attackers have been found using steganography and WebSocket to make away with web scanners while infecting e-commerce sites and stealing payment card details from customers. The malicious card skimmers are sent hidden in image files over WebSocket protocol to provide a more covert way to exchange data.

New details regarding the recently discovered DeathRansom ransomware has also been uncovered in the past 24 hours. Security researchers have found that the ransomware is controlled by attackers that are associated with the spread of other malware families such as Vidar Stealer, AzoRult, Eviral, 1ms0rry, and Supreme miner. It is found that these attackers use Russian email service and Russian domain zone “.ru”.

Taking about security updates, D-Link has released a firmware update to address a remote command execution flaw and an information disclosure vulnerability found in its multiple products. In order to exploit the vulnerabilities, threat actors would have to get access to the LAN-side or in-home access to the device.

Top Breaches Reported in the Last 24 Hours

Roosevelt General Hospital attacked
The healthcare data of 500 patients of Roosevelt General Hospital was exposed due to a malware infection. The potentially compromised data included the patient’s name, contact information, Social Security number, date of birth, driver’s license, medical data, gender, and health insurance detail. Upon discovery, the officials had removed the malware and rebuilt the server, while recovering all impacted patient data.

Travelex attacked
London-based currency exchange Travelex has been forced to go offline and suspend some services following a malware attack launched on New Year’s eve. It is not known what form of malware has impacted the firm. The incident has also affected some of its clients like Tesco Bank.

Top Malware Reported in the Last 24 Hours

Fake online streaming sites used to spread malware
Crooks are exploiting the popularity of the Star War saga to lure users into downloading malware. In order to make this happen, cybercriminals have flooded social networks and the internet with rogue websites and files offering previews of the ‘The Rise of Skywalker’ movie and free steams. Kaspersky experts have discovered over 30 fake and infected streaming sites advertised on social networking pages.

DeathRansom ransomware
Extensive research has revealed that DeathRansom ransomware is controlled by attackers that are associated with the spread of other malware families such as Vidar Stealer, AzoRult, Eviral, 1ms0rry, and Supreme miner. It is found that these attackers use Russian email service and Russian domain zone “.ru”. The ransomware scans and encrypts files on local and network drives.

New evasion technique
Cybercriminals have found new evasion techniques to prevent their web skimmers from being detected in online retail shops. This includes the use of Steganography and WebSocket communication protocol. This makes it difficult for web crawlers and scanners to detect the malicious JavaScript code injected into the sites.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco addresses multiple flaws
Cisco has released software updates to address several critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) products. Around 12 vulnerabilities were identified in the product, with three being rated as ‘Critical’ and seven as ‘High’ severity. Some of these critical flaws could be exploited by attackers to bypass authentication and execute arbitrary actions with admin privileges on vulnerable devices.

Vulnerable D-Link routers
Experts have disclosed exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. The RCE flaw is tracked as CVE-2019-17621 and resides in the code used to manage UPnP requests. The vulnerability could be exploited by an unauthenticated attacker to take control of vulnerable devices. D-Link has issued firmware updates to address the vulnerabilities.

Vulnerable OpenCV patched
Two buffer overflow vulnerabilities have been discovered in the OpenCV libraries. An attacker could potentially exploit these bugs to cause heap corruptions and potentially code execution. A patch to address these issues has been released by the OpenCV.

 Tags

d link router
travelex
deathransom ransomware
steganography

Posted on: January 03, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!