Cyware Daily Threat Intelligence January 25, 2019

Top Breaches Reported in the Last 24 Hours

Valley Hope Association breach
Valley Hope Association addiction treatment centers are notifying its patients about a breach that may have resulted in the compromise of their personal data. The incident occurred between October 9 and 10, 2018. The data compromised includes patients names, Social Security numbers, birth dates, health insurance information and medical record numbers. The breach affected 16 facilities across Kansas, Missouri, Nebraska, Arizona, Oklahoma, Texas and Colorado.

Ransomware attack
Two municipalities suffered a ransomware attack resulting in the shut down of large portions of computer networks. The affected entities are the City of Sammamish, Wash., and the Salisbury, Md. Police Department. The City of Sammamish was hit with the ransomware on January 23, while the attack on Salisbury, Md. Police Department had occurred on January 9.

Top Malware Reported in the Last 24 Hours

Anatova ransomware
New ransomware dubbed as Anatova has been found infecting a large number of individuals in the US. It evades detection by masquerading as a free game or software downloads. It targets files that 1MB in size or smaller to make the encryption process quick. The ransomware uses a pair of RSA keys to lock the files.

PDF exploit uses steganography
A recently discovered PDF exploit is using steganography technique to hide malicious JavaScript inside images which come embedded in PDF. This technique enables the attackers to bypass detection from antivirus solutions.

Razy trojan
Razy trojan serves multiple purposes for hackers. It is specially used for the theft of cryptocurrency. Its main tool is the script main.js which is capable of searching for addresses of cryptocurrency wallets, spoofing images of QR codes, spoofing Google and Yandex search results.

Top Vulnerabilities Reported in the Last 24 Hours

OwnDigo vulnerability
A critical vulnerability named OwnDigo has been discovered in firewall maker Check Point's anti-virus software, Zone Alarm. The vulnerability, if exploited, can allow a bad actor to gain low privilege access to SYSTEM level. Attackers can exploit the bug when the anti-virus is enabled. 

Microsoft Exchange vulnerable
Microsoft Exchange is vulnerable to privilege escalation attack. This can allow any user with a mailbox to become a domain admin and modify the domain privileges. The attack relies on two Python-based tools: privexchange.py and ntlmrelayx.py.

Bug in NumPy
A severe flaw dubbed as CVE-2019-6446 has been discovered in the 'pickle' module of NumPy. The flaw can allow an attacker to perform remote code execution. The flaw has been assigned a severity rating of 9.8 out of 10.

Top Scams Reported in the Last 24 Hours

Voicemail phishing campaign
A new phishing campaign pretending to be a voicemail notification from RingCentral has been discovered recently. The campaign is used by scammers to trick users into entering their passwords twice and confirm that they are providing the correct login credentials. The phishing campaign is propagated via emails that have subject lines such as 'Voice: Message', 'Voice Delivery Report', or 'PBX Message', 'New Voicemail message from (EXT 61)'. The phishing email contains an EML attachment and a link for listening and saving audio recordings. Users are advised not to open such emails. In case if anyone has opened the attachment, check the address in the browser's address bar to whether it is legitimate. 


 Tags

pdf exploit
razy trojan
remote code execution
anatova ransomware
voicemail phishing campaign

Posted on: January 28, 2019



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.