Cyware Daily Threat Intelligence January 25, 2019

Top Breaches Reported in the Last 24 Hours

Valley Hope Association breach
Valley Hope Association addiction treatment centers are notifying its patients about a breach that may have resulted in the compromise of their personal data. The incident occurred between October 9 and 10, 2018. The data compromised includes patients names, Social Security numbers, birth dates, health insurance information and medical record numbers. The breach affected 16 facilities across Kansas, Missouri, Nebraska, Arizona, Oklahoma, Texas and Colorado.

Ransomware attack
Two municipalities suffered a ransomware attack resulting in the shut down of large portions of computer networks. The affected entities are the City of Sammamish, Wash., and the Salisbury, Md. Police Department. The City of Sammamish was hit with the ransomware on January 23, while the attack on Salisbury, Md. Police Department had occurred on January 9.

Top Malware Reported in the Last 24 Hours

Anatova ransomware
New ransomware dubbed as Anatova has been found infecting a large number of individuals in the US. It evades detection by masquerading as a free game or software downloads. It targets files that 1MB in size or smaller to make the encryption process quick. The ransomware uses a pair of RSA keys to lock the files.

PDF exploit uses steganography
A recently discovered PDF exploit is using steganography technique to hide malicious JavaScript inside images which come embedded in PDF. This technique enables the attackers to bypass detection from antivirus solutions.

Razy trojan
Razy trojan serves multiple purposes for hackers. It is specially used for the theft of cryptocurrency. Its main tool is the script main.js which is capable of searching for addresses of cryptocurrency wallets, spoofing images of QR codes, spoofing Google and Yandex search results.

Top Vulnerabilities Reported in the Last 24 Hours

OwnDigo vulnerability
A critical vulnerability named OwnDigo has been discovered in firewall maker Check Point's anti-virus software, Zone Alarm. The vulnerability, if exploited, can allow a bad actor to gain low privilege access to SYSTEM level. Attackers can exploit the bug when the anti-virus is enabled. 

Microsoft Exchange vulnerable
Microsoft Exchange is vulnerable to privilege escalation attack. This can allow any user with a mailbox to become a domain admin and modify the domain privileges. The attack relies on two Python-based tools: privexchange.py and ntlmrelayx.py.

Bug in NumPy
A severe flaw dubbed as CVE-2019-6446 has been discovered in the 'pickle' module of NumPy. The flaw can allow an attacker to perform remote code execution. The flaw has been assigned a severity rating of 9.8 out of 10.

Top Scams Reported in the Last 24 Hours

Voicemail phishing campaign
A new phishing campaign pretending to be a voicemail notification from RingCentral has been discovered recently. The campaign is used by scammers to trick users into entering their passwords twice and confirm that they are providing the correct login credentials. The phishing campaign is propagated via emails that have subject lines such as 'Voice: Message', 'Voice Delivery Report', or 'PBX Message', 'New Voicemail message from (EXT 61)'. The phishing email contains an EML attachment and a link for listening and saving audio recordings. Users are advised not to open such emails. In case if anyone has opened the attachment, check the address in the browser's address bar to whether it is legitimate. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence January 28, 2019
Next
Cyware Daily Threat Intelligence January 24, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.