Cyware Daily Threat Intelligence, January 15, 2020

Share Blog post

With threat actors constantly looking out for opportunities to exploit vulnerable computers, servers, and other critical systems, organizations should always be on the alert to apply the recent security patches. As part of January 2020 Patch Tuesday, two software giants - Oracle and Microsoft - have released a huge number of security patches to fix more than 350 vulnerabilities found across its products. While Oracle has issued patches for 334 security bugs, Microsoft has fixed 49 flaws affecting its Internet Explorer, the .NET Framework, Windows Server 2016, and Windows Server 2012.

Security experts have also uncovered serious vulnerabilities affecting two WordPress plugins - InfiniteWP Client and WP Time Capsule. These flaws can expose an estimated 320,000 websites to attacks. Thus, WordPress site owners are urged to use the latest versions of the plugins.

Talking about malware attacks, more than 800 computers of a medical firm have been compromised since October 2019. The attackers had exploited the WAV files to hide malware modules and later propagated it to vulnerable Windows 7 machines through the EternalBlue exploit kit. The purpose of the infection was to mine cryptocurrencies.

Top Breaches Reported in the Last 24 Hours

49 million records on sale
A hacker is currently selling a huge database of 49 million business contacts on an underground hacking forum. The hacker claims the data belongs to LimeLeads. The hacker has managed to steal records as the firm failed to set up a password for an internal server.

Fresh Film Productions leaks data
The UK-based Fresh Film Productions has exposed sensitive personal data of participants in Dove’s ‘real people’ campaign. The exposed details, which include bank details and passport scans, were stored on an unsecured Amazon Web Services S3 bucket.

British users’ data leaked
Sensitive details including passports of thousands of British users have been left exposed for years due to an unsecured Amazon S3 bucket. The exposed data also includes tax documents, job applications, proofs of address, criminal records and more. While the owner of the database is not clear, experts believe that it belongs to CHS Consulting.

Top Malware Reported in the Last 24 Hours

Wav audio file format exploited
More than 800 computers of a medical firm have been compromised starting October 14, 2019. Threat actors had exploited the WAV audio files to hide the malware modules and later distributed it to vulnerable Windows 7 machines via EternalBlue. The purpose of the infection was to mine cryptocurrencies.

Emotet affects US users
It was previously noted that Emotet trojan has returned in a new spam campaign affecting over eight countries which also includes the U.S. Now, it has been found that the trojan is being spread to people at the United Nations in the form of an email that is disguised to be from the Permanent Mission of Norway. The email states that the representatives of Norway found a problem with a signed agreement and that the recipient should review it to learn the issue.

5ss5c ransomware
Operators behind Satan ransomware have come up with new ransomware called 5ss5c. They have been working on it since at least November 2019. The ransomware leverages Eternal Blue and Mimikatz tools for propagation.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle patches 334 bugs
Oracle has patched 334 vulnerabilities across all of its product families. Out of these, 43 are critical flaws carrying CVSS scores of 9.1 and above. The affected products include Oracle’s Database Server, Communication Applications, Enterprise Manager, Fusion Middleware, MySQL, and E-Business Suite.

Microsoft fixes 49 vulnerabilities
Microsoft has issued security patches for 49 vulnerabilities, out of which 7 are classified as ‘Critical’ and 41 as ‘Important’ and 1 as ‘Moderate’. One of these vulnerabilities was discovered by the NSA and could allow attackers to spoof digital certificates to perform MITM attacks. The flaw is termed as CryptoAPI Spoofing flaw.

Intel patches a flaw in VTune
Intel has patched six security vulnerabilities as a part of January 2020 Patch Tuesday. These include fixes for a high severity vulnerability in VTune and a bug affecting the Intel Processor Graphics drivers for Windows and Linux. These flaws could allow unauthenticated users to potentially trigger denial-of-service states and escalate privileges via local access.

Buggy InfiniteWP Client and WP Time Capsule plugin
Two WordPress plugins, InfiniteWP Client and WP Time Capsule are vulnerable to security vulnerabilities. InfiniteWP Client is vulnerable to authentication bypass vulnerability. The flaw can allow anyone to log in as an administrator user on WordPress sites. The issue has been addressed in the latest InfiniteWP Client 1.9.4.5 version.

Adobe issues security patches
Adobe’s security updates fix several vulnerabilities found Illustrator and Experience Manager products. A total of five vulnerabilities affect the Illustrator CC 2019 for Windows. On the other hand, four security flaws have been found affecting Adobe’s Experience Manager.

SAP releases six security notes
SAP has published six security notes and one updated note as part of its January 2020 Patch Tuesday. The most important of these is the Cross-Site Scripting flaw in the Rest Adapter of SAP Process Integration. The vulnerability is tracked as CVE-2020-6305 and is rated as 6.1 on the CVSS scale.

Google details iMessage vulnerability
Google Project Zero security researchers have published technical details on the critical iMessage vulnerability addressed last year. The flaw could be exploited remotely to achieve arbitrary code execution. The flaw, tracked as CVE-2019-8641, resides in the NSKeyedUnarchiver component.

Top Scams Reported in the Last 24 Hours

Sextortion scam
Scammers are targeting people with Google Nest security camera footage as part of a widespread ‘sextortion campaign’. The scam which started in early January has affected 1700 people. A sextortion email scam occurs when perpetrators claim to have compromising footage of the victim. The email threatens the victim to pay the perpetrators to prevent their inappropriate video from being shared with their friends. In this case, the victims are given login details to an email account which includes a link to a site. This site hosts genuine footage downloaded from the Google Nest site. However, the footage does not contain videos from the victim’s camera.

 Tags

infinitewp client
wav audio file
imessage vulnerability
5ss5c ransomware
wp time capsule

Posted on: January 15, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!