Cyware Daily Threat Intelligence, July 03, 2020

Share Blog post

The notorious Valak information stealer has been sighted in a massive cyberespionage campaign targeting enterprises in North America, South America, and Europe. Researchers have observed that the campaign is targeting organizations in the energy, healthcare, manufacturing, transportation, finance, and insurance sectors.

A new ransomware named ‘Try2Cry’ was also uncovered in the last 24 hours. The ransomware includes Worm-like capabilities and uses Rijndael algorithm to encrypt files. It later appends them using the .Try2Cry extension.

Top Breaches Reported in the Last 24 Hours

Dating apps leak data
Unsecured databases traced to five dating apps used in the U.S. and East Asia have leaked millions of customer records. These affected apps are CatholicSingles, Yestiki, SPYKX, Blurry, Charin, and Kyuun. The compromised information includes email addresses, passwords, user IDs, and mobile device information.

Light S.A affected
Sodinokibi operators have demanded a ransom of $14 million from Brazil-based electrical energy company Light S.A. The company has admitted to the attack. Further details on the impact are yet to be revealed.

V Shred data leak
A misconfigured AWS S3 bucket belonging to V Shred had leaked personal information of over 99,000 customers and trainers. The exposed data included names, email addresses, dates of birth, social media account details, and some social security numbers. However, V Shred denied the exposure of PII.

Trinity Metro hit
NetWalker gang claimed its attack on Trinity Metro by leaking some sensitive information stolen from the firm. The exposed data included content from  “Accounting and HR Shared,” “Daily Operations Documents,” “Planning Documents,” and “Security.”

BMW customer data on sale
A database containing records of over 300,000 BMW car owners is being offered for sale on a dark web forum. The details include full names, email addresses, vehicle numbers, dealer names, and vehicle numbers, among others.

Top Malware Reported in the Last 24 Hours

Valak info-stealer returns
Researchers have detected the return of Valak information stealer in an ongoing campaign targeted against enterprises in North America, South America, and Europe. A common feature of these attacks is the use of password-protected ZIP files as attachments, which increases the likelihood of bypassing detection systems.

New Try2Cry ransomware
A new ransomware strain, dubbed Try2Cry, which is believed to be a variant of Stupid ransomware family has been found. The ransomware includes Worm-like capabilities and uses Rijndael algorithm to encrypt files. It later appends them using the .Try2Cry extension.

LoLBins abused
Attackers can abuse LoLBins (Living-off-the-Land Binaries) to install malware and bypass security controls, such as UAC or WDAC, on Windows systems. Typically, the attack involves fileless malware and reputable cloud services.

Top Vulnerabilities Reported in the Last 24 Hours

BG_IP vulnerabilities
Two vulnerabilities, including one with a CVSS score of 10, have been patched in the F5 BIG-IP application delivery controller. The one with a score of 10 is tracked as CVE-2020-5902 and is a remote code execution vulnerability in the Traffic Management User Interface (TMUI).

Vulnerability in PDFium
The PDF rendered inside Google Chrome, known as PDFium, is vulnerable to a memory corruption vulnerability. Tracked as CVE-2020-6458, it can allow attackers to achieve arbitrary code execution inside the browser. It affects version 80.0.3987.158 of Google Chrome.

 Tags

bmw car owners
pdfium
trinity metro
valak information stealer
f5 big ip application
try2cry ransomware

Posted on: July 03, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!