Go to listing page

Cyware Daily Threat Intelligence, July 03, 2019

Cyware Daily Threat Intelligence, July 03, 2019

Share Blog Post

With threat actors constantly looking out for flaws in vulnerable devices, failing to apply security patches on time can put an organization or an individual at risk. Lately, the US Cyber Command has issued an alert about the exploitation of a known vulnerability in Microsoft's Outlook. The vulnerability tracked as CVE-2017-11774 is being used by cybercriminals to plant malware on government networks. 

The FBI has disclosed two cyber attacks on two government departments in the U.S. Virgin Islands in the past 24 hours. The affected ones are the Police Department and Water & Power Utility Authority. While the former suffered a ransomware attack, the latter has lost a sum of $2.3 million in a BEC scam. In a major security lapse incident, Pardee UNC Health Care has disclosed that it might have suffered a potential data breach due to 590 Federal Drug Testing Custody and Control forms, that were left unprotected. 

The past 24 hours also witnessed the emergence of a new version of WannaLocker malware. A mobile derivative of WannaCry ransomware, this new version includes the capabilities of spyware, a RAT and a banking trojan. It was found targeting four Brazilian banks.  

Top Breaches Reported in the Last 24 Hours

Body Group Income Fund attacked
Body Group Income Fund has revealed it had detected a ransomware infection on a subset of its information technology systems. The firm has found no evidence of any data loss and has taken countermeasures to prevent further infection.

Vulnerable Nexus Repository
Two critical issues in Nexus Repository had left many companies and government agencies vulnerable. The issues had left thousands of private artifacts unprotected. They existed in default settings of the Repository. Upon discovery, the flaws were rectified by the firm.

Pardee UNC Health Care data breach
Pardee UNC Health Care is notifying its community about a possible data breach. Attackers broke into the basement of Pardee UNC and stole the electronic equipment from the premises. The stolen equipment did not contain any hard drive. However, an internal investigation has found out that a pile of 590 Federal Drug Testing Custody and Control forms from 2003 and 2004 might have been viewed during the break-in.

US Virgin Islands’ government authorities attacked
The US Virgin Police Department, as well as the Water& Power Authority, have reported losses due to a ransomware attack and a BEC scam respectively. While the ransomware attack at V.I. Police Department encrypted all the files stored in the department servers, the BEC scam at Water and Power utility caused the department to lose $2.3 million.  

Top Malware Reported in the Last 24 Hours

WannaLocker ransomware evolves
A new variant of WannaLocker ransomware has been found recently. The variant includes the capabilities of a spyware, a RAT and a banking trojan. This new variant was found targeting four Brazilian banks and their customers.

AVLay is a Brazilian Remote Access Trojan (RAT) that is being used to commit online bank frauds. These attacks usually leverage malicious images or browser windows on the victim’s screen while enabling the RAT to gain control of the devices. The malware is comprised of two parts - a legitimate executable and a malicious DLL. 

Trickbot trojan evolves
A new Cookie Grabber module has been added to the Trickbot trojan recently. The module’s purpose is to steal cookies saved in the browser. This new variant of Trickbot targets the cookie storage databases of all major web browsers like Chrome, Firefox, Internet Explorer and Microsoft Edge. 

Top Vulnerabilities Reported in the Last 24 Hours

Outlook vulnerability exploited
The US Cyber Command has issued an alert about the latest campaign that involves the exploitation of an old vulnerability in Microsoft’s Outlook. Termed as CVE-2017-11774, the vulnerability is being abused to deploy malware on government networks. Researchers have pointed out that APT33 threat actor had exploited the same vulnerability to infamous data-wiping Shamoon malware in 2018. The vulnerability can be addressed by applying a security patch that was released in October 2017.

IBM patches seven flaws
IBM has patched seven security issues that ranged from low to high-severity. These flaws affected its Spectrum Protect tool. The most severe of these flaws - tracked as CVE-2019-4087 - could cause a remote attacker to execute arbitrary code on impacted systems. 
Arlo Technologies’ camera flaw
Two high-severity vulnerabilities impacting Arlo Technologies’ wireless home security camera gear have been patched recently. The impacted models are VMB3010, VMB4000, VMB3500, VMB4500 and VMB5000. The flaws can cause an adversary to take complete control of affected base station models and eventually any connected cameras. 

Top Scams Reported in the Last 24 Hours

Loan scam
Hackers are leveraging real estate agent email accounts to trick users into transferring money. They are sending targets new wiring instructions shortly before the transaction. They ask the victims to send the money to bank accounts which are located outside the country. According to FBI, victims have lost over $149 million due to real estate scams in 2018. Officials recommend users to be wary of such emails talking about last-minute changes. They should also verify the URL before transferring any money.


avlay rat
wannacry ransomware
wannalocker ransomware
pardee unc health care
trickbot trojan

Posted on: July 03, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.